diff options
author | Fernando Lemos <fernandotcl@pfsense.org> | 2006-06-02 13:38:21 +0000 |
---|---|---|
committer | Fernando Lemos <fernandotcl@pfsense.org> | 2006-06-02 13:38:21 +0000 |
commit | 341ff9436ee8b6eb2c89365d3b05a00408eb0eb3 (patch) | |
tree | 73e53337ad545c6ab0db3853811b782f448a69a2 /packages/viralator.inc | |
parent | f2d35e26a6f9ba2cbce67a1d3692fe4e881f4491 (diff) | |
download | pfsense-packages-341ff9436ee8b6eb2c89365d3b05a00408eb0eb3.tar.gz pfsense-packages-341ff9436ee8b6eb2c89365d3b05a00408eb0eb3.tar.bz2 pfsense-packages-341ff9436ee8b6eb2c89365d3b05a00408eb0eb3.zip |
A custom version of Viralator, with some minor bug fixes and some customizations to fit our needs better. Can be improved, but it'll prolly be deprecated if HAVP for FreeBSD becomes stable enough and once it's integrated with the ClamAV package.
Diffstat (limited to 'packages/viralator.inc')
-rw-r--r-- | packages/viralator.inc | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/packages/viralator.inc b/packages/viralator.inc new file mode 100644 index 00000000..dc4e6041 --- /dev/null +++ b/packages/viralator.inc @@ -0,0 +1,86 @@ +<?php +require_once('config.inc'); + +define('VIRALATOR_DOWNLOADDIR', '/usr/local/www/viralator'); +define('SQUIRM_CONF', '/usr/local/etc/squirm/squirm.conf'); +define('SQUIRM_PATTERNS', '/usr/local/etc/squirm/squirm.patterns'); +define('FORBIDDEN_EXTS', 'html htm css php pl js vbs jpg jpeg gif png'); + +function viralator_install_command() { + if (!is_dir(VIRALATOR_DOWNLOADDIR)) mkdir(VIRALATOR_DOWNLOADDIR); + + if (!is_file(SQUIRM_CONF)) { + $conf = <<<EOD +begin +network 0.0.0.0/0 +pattern squirm.patterns get +end + +EOD; + file_put_contents(SQUIRM_CONF, $conf); + } + + if (!is_dir(VIRALATOR_DOWNLOADDIR)) + make_dirs(VIRALATOR_DOWNLOADDIR); +} + +function viralator_validate_input($post, $input_errors) { + if (trim($post['http_otherexts'])) { + foreach (explode(',', $post['http_otherexts']) as $ext) { + $ext = trim($ext); + if (in_array($ext, explode(' ', FORBIDDEN_EXTS))) + $input_errors[] = "The HTTP virus scanner can't scan *.$ext files."; + else if (!preg_match('/\w+/', $ext)) + $input_errors[] = "*.ext is not a valid file extension."; + } + } +} + +function viralator_get_real_lan_ip() { + global $config; + + $lan_if = $config['interfaces']['lan']['if']; + $line = trim(shell_exec("ifconfig $lan_if | grep inet | grep -v inet6")); + list($dummy, $ip) = explode(' ', $line); + + return $ip; +} + +function viralator_escape_dots($value) { + return preg_replace('/\./', '\\.', $value); +} + +function viralator_resync() { + global $config; + $settings = $config['installedpackages']['clamav']['config'][0]; + + $exts = (empty($settings['http_exts']) ? array() : explode(',', $settings['http_exts'])); + + if (trim($settings['http_otherexts'])) { + foreach (explode(',', $settings['http_otherexts']) as $ext) + $exts[] = trim($ext); + } + + $towrite = ''; + + // TODO: Escape any interface Squid listens on + $lan_ip = viralator_get_real_lan_ip(); + if (is_ipaddr($lan_ip)) { + $escaped = viralator_escape_dots($lan_ip); + $towrite .= "abort regexi (^http://$escaped/.*)\n"; + } + + foreach (explode(' ', FORBIDDEN_EXTS) as $ext) + $towrite .= "abort .$ext\n"; + + foreach ($exts as $ext) + $towrite .= "regexi (^.*\\.$ext\$) http://$lan_ip/viralator.pl?url=\\1\n"; + + file_put_contents(SQUIRM_PATTERNS, $towrite); + + if (is_package_installed('squid')) { + require_once('squid.inc'); + squid_resync(); + } +} +?> |