A custom version of Viralator, with some minor bug fixes and some customizations to fit our needs better. Can be improved, but it'll prolly be deprecated if HAVP for FreeBSD becomes stable enough and once it's integrated with the ClamAV package.

2 files changed, 99 insertions, 0 deletions

diff --git a/packages/viralator.inc b/packages/viralator.inc
new file mode 100644
index 00000000..dc4e6041
--- /dev/null
+++ b/packages/viralator.inc
@@ -0,0 +1,86 @@
+<?php
+require_once('config.inc');
+
+define('VIRALATOR_DOWNLOADDIR', '/usr/local/www/viralator');
+define('SQUIRM_CONF', '/usr/local/etc/squirm/squirm.conf');
+define('SQUIRM_PATTERNS', '/usr/local/etc/squirm/squirm.patterns');
+define('FORBIDDEN_EXTS', 'html htm css php pl js vbs jpg jpeg gif png');
+
+function viralator_install_command() {
+	if (!is_dir(VIRALATOR_DOWNLOADDIR)) mkdir(VIRALATOR_DOWNLOADDIR);
+
+	if (!is_file(SQUIRM_CONF)) {
+		$conf = <<<EOD
+begin
+network 0.0.0.0/0
+pattern squirm.patterns get
+end
+
+EOD;
+		file_put_contents(SQUIRM_CONF, $conf);
+	}
+
+	if (!is_dir(VIRALATOR_DOWNLOADDIR))
+		make_dirs(VIRALATOR_DOWNLOADDIR);
+}
+
+function viralator_validate_input($post, $input_errors) {
+	if (trim($post['http_otherexts'])) {
+		foreach (explode(',', $post['http_otherexts']) as $ext) {
+			$ext = trim($ext);
+			if (in_array($ext, explode(' ', FORBIDDEN_EXTS)))
+				$input_errors[] = "The HTTP virus scanner can't scan *.$ext files.";
+			else if (!preg_match('/\w+/', $ext))
+				$input_errors[] = "*.ext is not a valid file extension.";
+		}
+	}
+}
+
+function viralator_get_real_lan_ip() {
+	global $config;
+
+	$lan_if = $config['interfaces']['lan']['if'];
+	$line = trim(shell_exec("ifconfig $lan_if | grep inet | grep -v inet6"));
+	list($dummy, $ip) = explode(' ', $line);
+
+	return $ip;
+}
+
+function viralator_escape_dots($value) {
+	return preg_replace('/\./', '\\.', $value);
+}
+
+function viralator_resync() {
+	global $config;
+	$settings = $config['installedpackages']['clamav']['config'][0];
+
+	$exts = (empty($settings['http_exts']) ? array() : explode(',', $settings['http_exts']));
+
+	if (trim($settings['http_otherexts'])) {
+		foreach (explode(',', $settings['http_otherexts']) as $ext)
+			$exts[] = trim($ext);
+	}
+
+	$towrite = '';
+
+	// TODO: Escape any interface Squid listens on
+	$lan_ip = viralator_get_real_lan_ip();
+	if (is_ipaddr($lan_ip)) {
+		$escaped = viralator_escape_dots($lan_ip);
+		$towrite .= "abort regexi (^http://$escaped/.*)\n";
+	}
+
+	foreach (explode(' ', FORBIDDEN_EXTS) as $ext)
+		$towrite .= "abort .$ext\n";
+
+	foreach ($exts as $ext)
+		$towrite .= "regexi (^.*\\.$ext\$) http://$lan_ip/viralator.pl?url=\\1\n";
+
+	file_put_contents(SQUIRM_PATTERNS, $towrite);
+
+	if (is_package_installed('squid')) {
+		require_once('squid.inc');
+		squid_resync();
+	}
+}
+?>
diff --git a/packages/viralator.xml b/packages/viralator.xml
new file mode 100644
index 00000000..915e936b
--- /dev/null
+++ b/packages/viralator.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<packagegui>
+	<include_file>viralator.inc</include_file>
+	<additional_files_needed>
+		<item>http://www.pfsense.org/packages/config/viralator.inc</item>
+	</additional_files_needed>
+	<additional_files_needed>
+		<item>http://www.pfsense.org/packages/All/viralator.tgz</item>
+	</additional_files_needed>
+	<custom_php_install_command>
+		viralator_install_command();
+	</custom_php_install_command>
+</packagegui>