diff options
-rw-r--r-- | config/havp/havp.inc | 287 | ||||
-rw-r--r-- | config/havp/havp.xml | 13 | ||||
-rwxr-xr-x | pkg_config.7.xml | 2 | ||||
-rwxr-xr-x | pkg_config.8.xml | 2 |
4 files changed, 171 insertions, 133 deletions
diff --git a/config/havp/havp.inc b/config/havp/havp.inc index e51f0a9b..14e75484 100644 --- a/config/havp/havp.inc +++ b/config/havp/havp.inc @@ -75,30 +75,33 @@ define('HVDEF_MAXARCSCANSIZE', '5000000'); # [bytes] ! do not enter 0 o define('HVDEF_PID_FILE', '/var/run/havp.pid'); define('HVDEF_WORK_DIR', '/usr/local/etc/havp'); define('HVDEF_LOG_DIR', '/var/log/havp'); -define('HVDEF_AVLOG_DIR', '/var/log/clamav'); define('HVDEF_TEMP_DIR', '/var/tmp'); -define('HVDEF_HAVPTEMP_DIR', HVDEF_TEMP_DIR . '/havp'); -define('HVDEF_RAMTEMP_DIR', HVDEF_TEMP_DIR . '/havpRAM'); +define('HVDEF_HAVPTEMP_DIR', HVDEF_TEMP_DIR.'/havp'); +define('HVDEF_RAMTEMP_DIR', HVDEF_TEMP_DIR.'/havpRAM'); define('HVDEF_SCANTEMPFILE', '/havp-XXXXXX'); define('HVDEF_TEMPLATES', '/usr/local/share/examples/havp/templates'); define('HVDEF_TEMPLATES_EX', HVDEF_TEMPLATES . '_ex'); -define('HVDEF_FRESHCLAM_CONF', '/usr/local/etc/freshclam.conf'); define('HVDEF_FILTER_RULES', '/tmp/rules.havp'); -define('HVDEF_HAVP_CONFIG', HVDEF_WORK_DIR . '/havp.config'); -define('HVDEF_HAVP_XMLCONF', HVDEF_WORK_DIR . '/havp_conf.xml'); -define('HVDEF_HAVP_WHITELIST', HVDEF_WORK_DIR . '/whitelist'); -define('HVDEF_HAVP_BLACKLIST', HVDEF_WORK_DIR . '/blacklist'); -define('HVDEF_HAVP_ACCESSLOG', HVDEF_LOG_DIR . '/access.log'); -define('HVDEF_HAVP_ERRORLOG', HVDEF_LOG_DIR . '/havp.log'); +define('HVDEF_HAVP_CONFIG', HVDEF_WORK_DIR.'/havp.config'); +define('HVDEF_HAVP_XMLCONF', HVDEF_WORK_DIR.'/havp_conf.xml'); +define('HVDEF_HAVP_WHITELIST', HVDEF_WORK_DIR.'/whitelist'); +define('HVDEF_HAVP_BLACKLIST', HVDEF_WORK_DIR.'/blacklist'); +define('HVDEF_HAVP_ACCESSLOG', HVDEF_LOG_DIR .'/access.log'); +define('HVDEF_HAVP_ERRORLOG', HVDEF_LOG_DIR .'/havp.log'); define('HVDEF_HAVP_MINSRV', '10'); define('HVDEF_HAVP_MAXSRV', '100'); # Clam define('HVDEF_CLAM_RUNDIR', '/var/run/clamav'); +define('HVDEF_AVLOG_DIR', '/var/log/clamav'); define('HVDEF_CLAM_SOCKET', HVDEF_CLAM_RUNDIR.'/clamd.sock'); define('HVDEF_CLAM_PID', HVDEF_CLAM_RUNDIR.'/clamd.pid'); +define('HVDEF_CLAM_LOG', HVDEF_AVLOG_DIR . '/clamd.log'); define('HVDEF_CLAM_WORKDIR', '/usr/local/etc'); define('HVDEF_CLAM_CONFIG', '/usr/local/etc/clamd.conf'); define('HVDEF_CLAM_TCPSOCKET', '3310'); +define('HVDEF_FRESHCLAM_CONF', '/usr/local/etc/freshclam.conf'); +define('HVDEF_FRESHCLAM_LOG', HVDEF_AVLOG_DIR . '/freshclam.log'); +define('HVDEF_CLAMSCAN_LOG', '/var/log/clamscan.log'); # script's define('HVDEF_SCRIPT_DIR', '/usr/local/etc/rc.d'); define('HVDEF_AVCRON_SCRIPT', '/clamav-freshclam'); @@ -139,6 +142,7 @@ define('F_FAILSCANERROR', 'failscanerror'); define('F_SCANMAXSIZE', 'scanmaxsize'); define('F_SCANIMG', 'scanimg'); define('F_SCANARC', 'scanarc'); +define('F_SCANSTREAM', 'scanstream'); define('F_SCANARCMAXSIZE', 'scanarcmaxsize'); # antivirus options define('F_HAVPUPDATE', 'havpavupdate'); @@ -173,6 +177,7 @@ havp_convert_pfxml_xml(); # ============================================================================== function havp_install() { + havp_fix(); havp_check_system(); } # ------------------------------------------------------------------------------ @@ -358,24 +363,17 @@ function havp_check_system() havp_set_file_access(HVDEF_FRESHCLAM_CONF, HVDEF_AVUSER, '0664'); # log files exists ? - if (!file_exists(HVDEF_AVLOG_DIR . '/clamd.log')) file_put_contents(HVDEF_AVLOG_DIR . '/clamd.log', ''); - if (!file_exists(HVDEF_AVLOG_DIR . '/freshclam.log')) file_put_contents(HVDEF_AVLOG_DIR . '/freshclam.log', ''); + if (!file_exists(HVDEF_CLAM_LOG)) file_put_contents(HVDEF_CLAM_LOG, ''); + if (!file_exists(HVDEF_FRESHCLAM_LOG)) file_put_contents(HVDEF_FRESHCLAM_LOG, ''); # log dir permissions havp_set_file_access(HVDEF_AVLOG_DIR, HVDEF_USER, '0777'); - # checking dir's and permissions - # "DatabaseDirectory /var/db/clamav"; - # "UpdateLogFile /var/log/clamav/freshclam.log"; - - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - # ClamAV - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # =-= ClamAV =-= # catalog for Pid and Socket files if (!file_exists(HVDEF_CLAM_RUNDIR)) mwexec("mkdir -p " . HVDEF_CLAM_RUNDIR); havp_set_file_access(HVDEF_CLAM_RUNDIR, HVDEF_USER, '0774'); - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AV update script file_put_contents(HVDEF_AVUPD_SCRIPT, havp_AVupdate_script()); havp_set_file_access(HVDEF_AVUPD_SCRIPT, HVDEF_AVUSER, '0755'); @@ -460,10 +458,9 @@ function havp_convert_pfxml_xml() $havp_config[F_RANGE] = ( $pfconf[F_RANGE] === 'on' ? 'true' : 'false' ); $havp_config[F_ENABLERAMDISK] = ( $pfconf[F_ENABLERAMDISK] === 'on' ? 'true' : 'false' ); - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - # Temp RAMDisk - # use RAMDisk if only capacity > calculated [MAXSCANSIZE * 50 connections] - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # =-= Temp RAMDisk =-= + # use RAMDisk if only capacity > calculated [MAXSCANSIZE * 50 connections] + # =-= # before config manage Temp Dir = RAMDisk|Hard Disk $havp_config[HV_SCANTEMPFILE] = HVDEF_HAVPTEMP_DIR . HVDEF_SCANTEMPFILE; if ($havp_config[F_ENABLERAMDISK] === 'true') { @@ -483,8 +480,9 @@ function havp_convert_pfxml_xml() # scanner $havp_config[F_FAILSCANERROR] = ( $pfconf[F_FAILSCANERROR] === 'on' ? 'true' : 'false' ); $havp_config[F_SCANMAXSIZE] = ( is_numeric($pfconf[F_SCANMAXSIZE]) ? $pfconf[F_SCANMAXSIZE] : HVDEF_MAXSCANSIZE ) * 1024; # KB -> Byte - $havp_config[F_SCANIMG] = ( $pfconf[F_SCANIMG] === 'on' ? 'true' : 'false' ); - $havp_config[F_SCANARC] = ( $pfconf[F_SCANARC] === 'on' ? 'true' : 'false' ); + $havp_config[F_SCANIMG] = ( $pfconf[F_SCANIMG] === 'on' ? 'true' : 'false' ); + $havp_config[F_SCANARC] = ( $pfconf[F_SCANARC] === 'on' ? 'true' : 'false' ); + $havp_config[F_SCANSTREAM] = ( $pfconf[F_SCANSTREAM] === 'on' ? 'true' : 'false' ); $havp_config[F_SCANARCMAXSIZE] = ( is_numeric($pfconf[F_SCANARCMAXSIZE]) ? $pfconf[F_SCANARCMAXSIZE] : HVDEF_MAXARCSCANSIZE ); # log $havp_config[F_SYSLOG] = ( $pfconf[F_SYSLOG] === 'on' ? 'true' : 'false' ); @@ -492,22 +490,21 @@ function havp_convert_pfxml_xml() $havp_config[F_AVSETSYSLOG] = ( $pfconf[F_AVSETSYSLOG] === 'on' ? 'true' : 'false' ); $havp_config[F_AVSETLOG] = ( $pfconf[F_AVSETLOG] === 'on' ? 'true' : 'false' ); # - # === Internal variables === + # =-= Internal variables =-= # proxy $havp_config[F_PROXYBINDIFACE] = 'localhost'; # language template files path $havp_config[F_TEMPLATEPATH] = ( file_exists(HVDEF_TEMPLATES_EX) ? HVDEF_TEMPLATES_EX : HVDEF_TEMPLATES ); $havp_config[F_TEMPLATEPATH] .= ( !empty($havp_config[F_LANGUAGE]) ? "/{$havp_config[F_LANGUAGE]}" : "/en" ); - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - # HVFORM_AVSET - av settings - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # + # =-= HVFORM_AVSET =-= + # av settings $pf_avset_conf = $config['installedpackages'][HVFORM_AVSET]['config'][0]; $havp_config[F_HAVPUPDATE] = $pf_avset_conf[F_HAVPUPDATE]; $havp_config[F_DBREGION] = $pf_avset_conf[F_DBREGION]; $havp_config[F_AVUPDATESERVER] = $pf_avset_conf[F_AVUPDATESERVER]; - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # # store havp config cache - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $cfg_xml = dump_xml_config($havp_config, 'havp'); file_put_contents(HVDEF_HAVP_XMLCONF, $cfg_xml); @@ -551,7 +548,7 @@ function havp_config_havp() # $conf[] = "\n# Level of HAVP logging\n# 0 = Only serious errors and information\n# 1 = Less interesting information is included"; $conf[] = "LOG_OKS " . ( HV_DEBUG === 'true' ? "true" : "false" ); # true - for debug, false - for work - $conf[] = "LOGLEVEL " . ( HV_DEBUG === 'true' ? "1" : "0" ); # 0 - work level, 1 - debug level + $conf[] = "LOGLEVEL 1"; # . ( HV_DEBUG === 'true' ? "1" : "0" ); # 0 - work level, 1 - debug level # temp $conf[] = "\n# temp "; $conf[] = "SCANTEMPFILE " . $havp_config[HV_SCANTEMPFILE]; @@ -590,20 +587,32 @@ function havp_config_havp() # $conf[] = "\n# scanner "; $conf[] = "SCANNERTIMEOUT 10"; - $conf[] = "RANGE {$havp_config[F_SCANIMG]}"; # - $conf[] = "\n# stream"; - $conf[] = "STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS"; - $conf[] = "STREAMSCANSIZE 20000"; + if ($havp_config[F_SCANSTREAM] === 'true') { + # + $conf[] = "\n# always allow range, if stream scan enabled"; + $conf[] = "RANGE true"; + $conf[] = "\n# stream scan enabled"; + $conf[] = "STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS"; + $conf[] = "STREAMSCANSIZE 2000"; + } + else { + # renew downloads ? + $conf[] = "RANGE {$havp_config[F_RANGE]}"; + $conf[] = "\n# stream scan disabled"; + $conf[] = "STREAMSCANSIZE 0"; + } + # scan options - $conf[] = "SCANIMAGES {$havp_config[F_SCANIMG]}"; - $conf[] = "MAXSCANSIZE {$havp_config[F_SCANMAXSIZE]}"; + $conf[] = "SCANIMAGES {$havp_config[F_SCANIMG]}"; + $conf[] = "MAXSCANSIZE {$havp_config[F_SCANMAXSIZE]}"; # - $conf[] = "KEEPBACKBUFFER 200000"; - $conf[] = "KEEPBACKTIME 5"; + $conf[] = "KEEPBACKBUFFER 200000"; + $conf[] = "KEEPBACKTIME 5"; # $conf[] = "# After Trickling Time (seconds), some bytes are sent to browser to keep the connection alive"; - $conf[] = "TRICKLING 5"; + $conf[] = "TRICKLING 10"; + $conf[] = "TRICKLINGBYTES 1"; # $conf[] = "# Downloads larger than MAXDOWNLOADSIZE will be blocked."; $conf[] = "MAXDOWNLOADSIZE {$havp_config[F_MAXDOWNLOADSIZE]}"; @@ -616,8 +625,8 @@ function havp_config_havp() $conf[] = "ENABLECLAMD true"; # clamd socket if (HV_CLAMD_TCPSOCKET === 'true') { - $conf[] = "CLAMDSERVER 127.0.0.1"; - $conf[] = "CLAMDPORT " . HVDEF_CLAM_TCPSOCKET; + $conf[] = "CLAMDSERVER 127.0.0.1"; + $conf[] = "CLAMDPORT " . HVDEF_CLAM_TCPSOCKET; } else $conf[] = "CLAMDSOCKET " . HVDEF_CLAM_SOCKET; } @@ -641,7 +650,7 @@ function havp_config_clam() # ============================================================================== "; $conf[] = "# log"; - $conf[] = "LogFile /var/log/clamav/clamd.log"; + $conf[] = "LogFile " . HVDEF_CLAM_LOG; $conf[] = "LogFileUnlock yes"; $conf[] = "LogFileMaxSize 1M"; $conf[] = "LogTime yes"; @@ -675,7 +684,7 @@ function havp_config_clam() $conf[] = "# perform a database check.(sec) [3600 sec = 60 min]"; $conf[] = "SelfCheck 3600"; $conf[] = "# detect possibly unwanted applications."; - $conf[] = "DetectPUA yes"; + $conf[] = "DetectPUA no"; # possible unwanted applications $conf[] = "AlgorithmicDetection yes"; $conf[] = "# executable"; $conf[] = "ScanPE yes"; @@ -729,14 +738,9 @@ function havp_config_freshclam() # ============================================================================== "; $conf[] = "DatabaseDirectory /var/db/clamav"; -# -- -# disable log to file while error not solved: -# "ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log)." -# -- -# $conf[] = "UpdateLogFile /var/log/clamav/freshclam.log"; # log - $conf[] = "UpdateLogFile /var/tmp/freshclam.log"; + $conf[] = "UpdateLogFile " . HVDEF_FRESHCLAM_LOG; $conf[] = "LogFileMaxSize 10M"; $conf[] = "LogTime yes"; $conf[] = "LogVerbose yes"; @@ -870,13 +874,18 @@ function havp_configure_squid() if (!isset($config['installedpackages']['squid']['config'][0]['custom_options'])) return; - if ($on_configure === true) - $new_opt[] = "cache_peer 127.0.0.1 parent {$havp_config[F_PROXYPORT]} 0 name=havp proxy-only no-query no-digest no-netdb-exchange default"; + if ($on_configure === true) { + $new_opt[] = "never_direct allow all"; + $new_opt[] = "cache_peer 127.0.0.1 parent {$havp_config[F_PROXYPORT]} 0 name=havp no-query no-digest no-netdb-exchange default"; + } # copy options, but not 'cache_peer' option $cust_opt = explode(";", $config['installedpackages']['squid']['config'][0]['custom_options']); - foreach($cust_opt as $key => $val) - if (strpos($val, "cache_peer 127.0.0.1 parent") === false) $new_opt[] = $val; + foreach($cust_opt as $key => $val) { + if (strpos($val, "never_direct") !== false) continue; + if (strpos($val, "cache_peer 127.0.0.1 parent") !== false) continue; + $new_opt[] = $val; + } $new_opt = implode(";", $new_opt); if (/*is_package_installed('squid') && */file_exists('/usr/local/pkg/squid.inc')) { @@ -976,85 +985,85 @@ function check_bw_domain($_dm) # function havp_setup_cron($task_name, $options, $on_off) { - global $config; - $cron_item = array(); - - # $on_off = TRUE/FALSE - install/deinstall cron task: - # prepare new cron item - if (is_array($options)) { - $cron_item['task_name'] = $task_name; - $cron_item['minute'] = $options[0]; - $cron_item['hour'] = $options[1]; - $cron_item['mday'] = $options[2]; - $cron_item['month'] = $options[3]; - $cron_item['wday'] = $options[4]; - $cron_item['who'] = ($options[5]) ? $options[5] : 'nobody'; - $cron_item['command'] = $options[6]; - } - - # unset old cron task with $task_name - if (!empty($task_name)) { - $flag_cron_upd = false; - # delete old cron task if exists - foreach($config['cron']['item'] as $key => $val) { - if ($config['cron']['item'][$key]['task_name'] === $task_name) { - unset($config['cron']['item'][$key]); - $flag_cron_upd = true; - break; - } - } + global $config; + $cron_item = array(); + + # $on_off = TRUE/FALSE - install/deinstall cron task: + # prepare new cron item + if (is_array($options)) { + $cron_item['task_name'] = $task_name; + $cron_item['minute'] = $options[0]; + $cron_item['hour'] = $options[1]; + $cron_item['mday'] = $options[2]; + $cron_item['month'] = $options[3]; + $cron_item['wday'] = $options[4]; + $cron_item['who'] = ($options[5]) ? $options[5] : 'nobody'; + $cron_item['command'] = $options[6]; + } - # set new cron task - if (($on_off === true) and !empty($cron_item)) { - $config['cron']['item'][] = $cron_item; + # unset old cron task with $task_name + if (!empty($task_name)) { + $flag_cron_upd = false; + # delete old cron task if exists + foreach($config['cron']['item'] as $key => $val) { + if ($config['cron']['item'][$key]['task_name'] === $task_name) { + unset($config['cron']['item'][$key]); $flag_cron_upd = true; + break; } + } - # write config and configure cron only if cron task modified - if ($flag_cron_upd === true) { - write_config("Installed cron task '$task_name' for 'havp' package"); - configure_cron(); - } + # set new cron task + if (($on_off === true) and !empty($cron_item)) { + $config['cron']['item'][] = $cron_item; + $flag_cron_upd = true; } - else { - # ! error $name ! - return; + + # write config and configure cron only if cron task modified + if ($flag_cron_upd === true) { + write_config("Installed cron task '$task_name' for 'havp' package"); + configure_cron(); } + } + else { + # ! error $name ! + return; + } } # ------------------------------------------------------------------------------ # filter rules # ------------------------------------------------------------------------------ function havp_generate_rules($type = 'filter') { - # 'nat' 'filter' + # 'nat' 'filter' global $config, $havp_config; $rules = array(); - # nothing if havp not running - if (!is_service_running('havp')) { - if (HV_DEBUG === 'true') + # nothing if havp not running + if (!is_service_running('havp')) { + if (HV_DEBUG === 'true') log_error("havp: Havp is installed but not started. Filter rules not created."); return; - } + } - $proxymode = $havp_config[F_PROXYMODE]; - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - # HAVP always listen 127.0.0.1:port - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - # Proxy mode: - # Standard - Filter: Rdr ifaces:port => 127.0.0.1:port - # Parent for Squid - Filter: No - # Transparent - Filter: Rdr ifaces:port => 127.0.0.1:port; - # Rdr Any Http => 127.0.0.1:port + Allow Http traffic via iface - # If Squid transparent, then as Standard. - # Internal - Filter: No - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + $proxymode = $havp_config[F_PROXYMODE]; + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # =-= HAVP always listen 127.0.0.1:port =-= + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # Proxy mode: + # Standard - Filter: Rdr ifaces:port => 127.0.0.1:port + # Parent for Squid - Filter: No + # Transparent - Filter: Rdr ifaces:port => 127.0.0.1:port; + # Rdr Any Http => 127.0.0.1:port + Allow Http traffic via iface + # If Squid transparent, then as Standard. + # Internal - Filter: No + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - $proxybindiface = 'lo0'; # 127.0.0.1 - $ifaces = array_map('convert_friendly_interface_to_real_interface_name', explode(',', $havp_config[F_PROXYINTERFACE])); - $proxyport = ( $havp_config[F_PROXYPORT] ? $havp_config[F_PROXYPORT] : HVDEF_PROXYPORT ); + $proxybindiface = 'lo0'; # 127.0.0.1 + $ifaces = array_map('convert_friendly_interface_to_real_interface_name', explode(',', $havp_config[F_PROXYINTERFACE])); + $proxyport = ( $havp_config[F_PROXYPORT] ? $havp_config[F_PROXYPORT] : HVDEF_PROXYPORT ); - # squid already transparent + # squid already transparent $squid_transparent_proxy = ($config['installedpackages']['squid']['config'][0]['transparent_proxy'] == 'on'); if (($proxymode === 'transparent') && $squid_transparent_proxy) { $proxymode = 'standard'; @@ -1270,12 +1279,10 @@ function mountRAMdisk($free_and_mount = true) return; } - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - # Temp RAMDisk - # note: use 1/4 of system memory capacity - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # =-= Temp RAMDisk =-= + # note: use 1/4 of system memory capacity $ramdisk_capacity = get_memory(); - $ramdisk_capacity = intval($ramdisk_capacity[0]) / 4; # [Mb] + $ramdisk_capacity = intval($ramdisk_capacity[0]) / 4; # [Mb] # check RAMDisk for exists and capacity if (file_exists($mnt_flag_file)) { @@ -1288,15 +1295,18 @@ function mountRAMdisk($free_and_mount = true) umountRAMDisk(); # create and mount a swap backed file system on /var/tmp/havp by /dev/md10: - mwexec("mdconfig -a -t swap -s {$ramdisk_capacity}M -u 10"); - mwexec("newfs -U /dev/md10"); - mwexec("mount /dev/md10 $mnt_point"); +# SWAP +# mwexec("mdconfig -a -t swap -s {$ramdisk_capacity}M -u 10"); +# mwexec("newfs -U /dev/md10"); +# mwexec("mount /dev/md10 $mnt_point"); +# RAM - more quickly, used physical RAM + mwexec("/sbin/mdmfs -s {$ramdisk_capacity}M md10 $mnt_point"); mwexec("chmod 1777 $mnt_point"); # create flag file file_put_contents($mnt_flag_file, "$ramdisk_capacity"); # syslog - if (HV_DEBUG === 'true') + if (HV_DEBUG === 'true') log_error("havp: Create RAMDisk {$ramdisk_capacity}Mb."); } # ------------------------------------------------------------------------------ @@ -1335,7 +1345,7 @@ function start_antivirus_scanner($filename) $param[] = "-i"; # Only print infected files $param[] = "--tempdir=" . HVDEF_TEMP_DIR; # Create temporary files in DIRECTORY # $param[] = "-d FILE/DIR"; # Load virus database from FILE or load all .cvd and .db[2] files from DIR - $param[] = "-l /var/log/clamscan.log"; # Save scan report to FILE + $param[] = "-l " . HVDEF_CLAMSCAN_LOG; # Save scan report to FILE $param[] = "-r"; # Scan subdirectories recursively $param[] = "--remove"; # Remove infected files. Be careful! # $param[] = "--move=DIRECTORY"; # Move infected files into DIRECTORY @@ -1343,7 +1353,7 @@ function start_antivirus_scanner($filename) # $param[] = "--exclude-dir=PATT"; # Don't scan directories containing PATT # $param[] = "--include=PATT"; # Only scan file names containing PATT # $param[] = "--include-dir=PATT"; # Only scan directories containing PATT - $param[] = "--detect-pua"; # Detect Possibly Unwanted Applications +# $param[] = "--detect-pua"; # Detect Possibly Unwanted Applications $param[] = "--detect-broken"; # Try to detect broken executable files $param[] = "--max-filesize=10000000"; # Files larger than this will be skipped and assumed clean $param[] = "--max-scansize=5000000"; # The maximum amount of data to scan for each container file (*) @@ -1369,11 +1379,11 @@ function start_antivirus_scanner($filename) if (HV_DEBUG === 'true') file_put_contents("/tmp/clamscan.cmd", $param); if (file_exists($filename)) { - log_error("Antivirus: Starting file '$filename' scanner. Log file is '/var/log/clamscan.log'. Wait 5-10 minutes."); + log_error("Antivirus: Starting file '$filename' scanner. Log file is '" . HVDEF_CLAMSCAN_LOG . "'. Wait 5-10 minutes."); # put to log scanning file $cont="Starting scan file {$filename}\n"; - file_put_contents("/var/log/clamscan.log", $cont); + file_put_contents(HVDEF_CLAMSCAN_LOG, $cont); mwexec_bg("$param"); } @@ -1386,6 +1396,7 @@ function start_antivirus_scanner($filename) function havp_fscan_html() { global $g; + $clamscan_log = HVDEF_CLAMSCAN_LOG; return <<<EOD <hr> @@ -1408,9 +1419,25 @@ function havp_fscan_html() </span> <hr> <input name='submit' type='submit' value='Start_scan'><br> -Press button for start antivirus scanner now. After 5-10 minutes look log file '/var/log/clamscan.log' -(Diagnostics: Execute Shell command: <b>'cat /var/log/clamscan.log'</b>) +Press button for start antivirus scanner now. After 5-10 minutes look log file '{$clamscan_log}'.<br> +(Diagnostics: Execute Shell command: <b>'cat {$clamscan_log}'</b>) EOD; } +# ------------------------------------------------------------------------------ +# Fix +function havp_fix() +{ + global $config; + # unset old menu item + if (isset($config['installedpackages']['menu'])) { + foreach($config['installedpackages']['menu'] as $mkey => $mval) { + if ($mval['name'] === 'HTTP Antivirus') { + unset($config['installedpackages']['menu'][$key]); + write_config('Fix HAVP menu.'); + break; + } + } + } +} ?> diff --git a/config/havp/havp.xml b/config/havp/havp.xml index f2e07c91..de9e6e2c 100644 --- a/config/havp/havp.xml +++ b/config/havp/havp.xml @@ -256,7 +256,16 @@ <field> <fielddescr>Scan images</fielddescr> <fieldname>scanimg</fieldname> - <description>Check this for scan image files.</description> + <description> + Check this for scan image files. + This option allows you to increase reliability, but also slows down the scanning process. + </description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Scan media stream</fielddescr> + <fieldname>scanstream</fieldname> + <description>Check this for scan media (audio/video) stream. Use this for additional scan exploits for players.</description> <type>checkbox</type> </field> <field> @@ -283,7 +292,9 @@ havp_resync(); </custom_php_resync_config_command> <custom_php_install_command> + havp_install(); </custom_php_install_command> <custom_php_deinstall_command> + havp_deinstall(); </custom_php_deinstall_command> </packagegui>
\ No newline at end of file diff --git a/pkg_config.7.xml b/pkg_config.7.xml index 692c43e0..96684080 100755 --- a/pkg_config.7.xml +++ b/pkg_config.7.xml @@ -638,7 +638,7 @@ <category>Network Management</category> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <depends_on_package>havp-0.88.tbz</depends_on_package> - <version>0.88_03</version> + <version>0.88_04</version> <status>ALPHA</status> <required_version>1.2.2</required_version> <config_file>http://www.pfsense.com/packages/config/havp/havp.xml</config_file> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index b862edcb..b620e25e 100755 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -638,7 +638,7 @@ <category>Network Management</category> <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <depends_on_package>havp-0.88.tbz</depends_on_package> - <version>0.88_03</version> + <version>0.88_04</version> <status>ALPHA</status> <required_version>1.2.2</required_version> <config_file>http://www.pfsense.com/packages/config/havp/havp.xml</config_file> |