aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/havp/havp.inc287
-rw-r--r--config/havp/havp.xml13
-rwxr-xr-xpkg_config.7.xml2
-rwxr-xr-xpkg_config.8.xml2
4 files changed, 171 insertions, 133 deletions
diff --git a/config/havp/havp.inc b/config/havp/havp.inc
index e51f0a9b..14e75484 100644
--- a/config/havp/havp.inc
+++ b/config/havp/havp.inc
@@ -75,30 +75,33 @@ define('HVDEF_MAXARCSCANSIZE', '5000000'); # [bytes] ! do not enter 0 o
define('HVDEF_PID_FILE', '/var/run/havp.pid');
define('HVDEF_WORK_DIR', '/usr/local/etc/havp');
define('HVDEF_LOG_DIR', '/var/log/havp');
-define('HVDEF_AVLOG_DIR', '/var/log/clamav');
define('HVDEF_TEMP_DIR', '/var/tmp');
-define('HVDEF_HAVPTEMP_DIR', HVDEF_TEMP_DIR . '/havp');
-define('HVDEF_RAMTEMP_DIR', HVDEF_TEMP_DIR . '/havpRAM');
+define('HVDEF_HAVPTEMP_DIR', HVDEF_TEMP_DIR.'/havp');
+define('HVDEF_RAMTEMP_DIR', HVDEF_TEMP_DIR.'/havpRAM');
define('HVDEF_SCANTEMPFILE', '/havp-XXXXXX');
define('HVDEF_TEMPLATES', '/usr/local/share/examples/havp/templates');
define('HVDEF_TEMPLATES_EX', HVDEF_TEMPLATES . '_ex');
-define('HVDEF_FRESHCLAM_CONF', '/usr/local/etc/freshclam.conf');
define('HVDEF_FILTER_RULES', '/tmp/rules.havp');
-define('HVDEF_HAVP_CONFIG', HVDEF_WORK_DIR . '/havp.config');
-define('HVDEF_HAVP_XMLCONF', HVDEF_WORK_DIR . '/havp_conf.xml');
-define('HVDEF_HAVP_WHITELIST', HVDEF_WORK_DIR . '/whitelist');
-define('HVDEF_HAVP_BLACKLIST', HVDEF_WORK_DIR . '/blacklist');
-define('HVDEF_HAVP_ACCESSLOG', HVDEF_LOG_DIR . '/access.log');
-define('HVDEF_HAVP_ERRORLOG', HVDEF_LOG_DIR . '/havp.log');
+define('HVDEF_HAVP_CONFIG', HVDEF_WORK_DIR.'/havp.config');
+define('HVDEF_HAVP_XMLCONF', HVDEF_WORK_DIR.'/havp_conf.xml');
+define('HVDEF_HAVP_WHITELIST', HVDEF_WORK_DIR.'/whitelist');
+define('HVDEF_HAVP_BLACKLIST', HVDEF_WORK_DIR.'/blacklist');
+define('HVDEF_HAVP_ACCESSLOG', HVDEF_LOG_DIR .'/access.log');
+define('HVDEF_HAVP_ERRORLOG', HVDEF_LOG_DIR .'/havp.log');
define('HVDEF_HAVP_MINSRV', '10');
define('HVDEF_HAVP_MAXSRV', '100');
# Clam
define('HVDEF_CLAM_RUNDIR', '/var/run/clamav');
+define('HVDEF_AVLOG_DIR', '/var/log/clamav');
define('HVDEF_CLAM_SOCKET', HVDEF_CLAM_RUNDIR.'/clamd.sock');
define('HVDEF_CLAM_PID', HVDEF_CLAM_RUNDIR.'/clamd.pid');
+define('HVDEF_CLAM_LOG', HVDEF_AVLOG_DIR . '/clamd.log');
define('HVDEF_CLAM_WORKDIR', '/usr/local/etc');
define('HVDEF_CLAM_CONFIG', '/usr/local/etc/clamd.conf');
define('HVDEF_CLAM_TCPSOCKET', '3310');
+define('HVDEF_FRESHCLAM_CONF', '/usr/local/etc/freshclam.conf');
+define('HVDEF_FRESHCLAM_LOG', HVDEF_AVLOG_DIR . '/freshclam.log');
+define('HVDEF_CLAMSCAN_LOG', '/var/log/clamscan.log');
# script's
define('HVDEF_SCRIPT_DIR', '/usr/local/etc/rc.d');
define('HVDEF_AVCRON_SCRIPT', '/clamav-freshclam');
@@ -139,6 +142,7 @@ define('F_FAILSCANERROR', 'failscanerror');
define('F_SCANMAXSIZE', 'scanmaxsize');
define('F_SCANIMG', 'scanimg');
define('F_SCANARC', 'scanarc');
+define('F_SCANSTREAM', 'scanstream');
define('F_SCANARCMAXSIZE', 'scanarcmaxsize');
# antivirus options
define('F_HAVPUPDATE', 'havpavupdate');
@@ -173,6 +177,7 @@ havp_convert_pfxml_xml();
# ==============================================================================
function havp_install()
{
+ havp_fix();
havp_check_system();
}
# ------------------------------------------------------------------------------
@@ -358,24 +363,17 @@ function havp_check_system()
havp_set_file_access(HVDEF_FRESHCLAM_CONF, HVDEF_AVUSER, '0664');
# log files exists ?
- if (!file_exists(HVDEF_AVLOG_DIR . '/clamd.log')) file_put_contents(HVDEF_AVLOG_DIR . '/clamd.log', '');
- if (!file_exists(HVDEF_AVLOG_DIR . '/freshclam.log')) file_put_contents(HVDEF_AVLOG_DIR . '/freshclam.log', '');
+ if (!file_exists(HVDEF_CLAM_LOG)) file_put_contents(HVDEF_CLAM_LOG, '');
+ if (!file_exists(HVDEF_FRESHCLAM_LOG)) file_put_contents(HVDEF_FRESHCLAM_LOG, '');
# log dir permissions
havp_set_file_access(HVDEF_AVLOG_DIR, HVDEF_USER, '0777');
- # checking dir's and permissions
- # "DatabaseDirectory /var/db/clamav";
- # "UpdateLogFile /var/log/clamav/freshclam.log";
-
- # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- # ClamAV
- # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ # =-= ClamAV =-=
# catalog for Pid and Socket files
if (!file_exists(HVDEF_CLAM_RUNDIR))
mwexec("mkdir -p " . HVDEF_CLAM_RUNDIR);
havp_set_file_access(HVDEF_CLAM_RUNDIR, HVDEF_USER, '0774');
- # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AV update script
file_put_contents(HVDEF_AVUPD_SCRIPT, havp_AVupdate_script());
havp_set_file_access(HVDEF_AVUPD_SCRIPT, HVDEF_AVUSER, '0755');
@@ -460,10 +458,9 @@ function havp_convert_pfxml_xml()
$havp_config[F_RANGE] = ( $pfconf[F_RANGE] === 'on' ? 'true' : 'false' );
$havp_config[F_ENABLERAMDISK] = ( $pfconf[F_ENABLERAMDISK] === 'on' ? 'true' : 'false' );
- # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- # Temp RAMDisk
- # use RAMDisk if only capacity > calculated [MAXSCANSIZE * 50 connections]
- # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ # =-= Temp RAMDisk =-=
+ # use RAMDisk if only capacity > calculated [MAXSCANSIZE * 50 connections]
+ # =-=
# before config manage Temp Dir = RAMDisk|Hard Disk
$havp_config[HV_SCANTEMPFILE] = HVDEF_HAVPTEMP_DIR . HVDEF_SCANTEMPFILE;
if ($havp_config[F_ENABLERAMDISK] === 'true') {
@@ -483,8 +480,9 @@ function havp_convert_pfxml_xml()
# scanner
$havp_config[F_FAILSCANERROR] = ( $pfconf[F_FAILSCANERROR] === 'on' ? 'true' : 'false' );
$havp_config[F_SCANMAXSIZE] = ( is_numeric($pfconf[F_SCANMAXSIZE]) ? $pfconf[F_SCANMAXSIZE] : HVDEF_MAXSCANSIZE ) * 1024; # KB -> Byte
- $havp_config[F_SCANIMG] = ( $pfconf[F_SCANIMG] === 'on' ? 'true' : 'false' );
- $havp_config[F_SCANARC] = ( $pfconf[F_SCANARC] === 'on' ? 'true' : 'false' );
+ $havp_config[F_SCANIMG] = ( $pfconf[F_SCANIMG] === 'on' ? 'true' : 'false' );
+ $havp_config[F_SCANARC] = ( $pfconf[F_SCANARC] === 'on' ? 'true' : 'false' );
+ $havp_config[F_SCANSTREAM] = ( $pfconf[F_SCANSTREAM] === 'on' ? 'true' : 'false' );
$havp_config[F_SCANARCMAXSIZE] = ( is_numeric($pfconf[F_SCANARCMAXSIZE]) ? $pfconf[F_SCANARCMAXSIZE] : HVDEF_MAXARCSCANSIZE );
# log
$havp_config[F_SYSLOG] = ( $pfconf[F_SYSLOG] === 'on' ? 'true' : 'false' );
@@ -492,22 +490,21 @@ function havp_convert_pfxml_xml()
$havp_config[F_AVSETSYSLOG] = ( $pfconf[F_AVSETSYSLOG] === 'on' ? 'true' : 'false' );
$havp_config[F_AVSETLOG] = ( $pfconf[F_AVSETLOG] === 'on' ? 'true' : 'false' );
#
- # === Internal variables ===
+ # =-= Internal variables =-=
# proxy
$havp_config[F_PROXYBINDIFACE] = 'localhost';
# language template files path
$havp_config[F_TEMPLATEPATH] = ( file_exists(HVDEF_TEMPLATES_EX) ? HVDEF_TEMPLATES_EX : HVDEF_TEMPLATES );
$havp_config[F_TEMPLATEPATH] .= ( !empty($havp_config[F_LANGUAGE]) ? "/{$havp_config[F_LANGUAGE]}" : "/en" );
- # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- # HVFORM_AVSET - av settings
- # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ #
+ # =-= HVFORM_AVSET =-=
+ # av settings
$pf_avset_conf = $config['installedpackages'][HVFORM_AVSET]['config'][0];
$havp_config[F_HAVPUPDATE] = $pf_avset_conf[F_HAVPUPDATE];
$havp_config[F_DBREGION] = $pf_avset_conf[F_DBREGION];
$havp_config[F_AVUPDATESERVER] = $pf_avset_conf[F_AVUPDATESERVER];
- # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ #
# store havp config cache
- # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$cfg_xml = dump_xml_config($havp_config, 'havp');
file_put_contents(HVDEF_HAVP_XMLCONF, $cfg_xml);
@@ -551,7 +548,7 @@ function havp_config_havp()
#
$conf[] = "\n# Level of HAVP logging\n# 0 = Only serious errors and information\n# 1 = Less interesting information is included";
$conf[] = "LOG_OKS " . ( HV_DEBUG === 'true' ? "true" : "false" ); # true - for debug, false - for work
- $conf[] = "LOGLEVEL " . ( HV_DEBUG === 'true' ? "1" : "0" ); # 0 - work level, 1 - debug level
+ $conf[] = "LOGLEVEL 1"; # . ( HV_DEBUG === 'true' ? "1" : "0" ); # 0 - work level, 1 - debug level
# temp
$conf[] = "\n# temp ";
$conf[] = "SCANTEMPFILE " . $havp_config[HV_SCANTEMPFILE];
@@ -590,20 +587,32 @@ function havp_config_havp()
#
$conf[] = "\n# scanner ";
$conf[] = "SCANNERTIMEOUT 10";
- $conf[] = "RANGE {$havp_config[F_SCANIMG]}";
#
- $conf[] = "\n# stream";
- $conf[] = "STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS";
- $conf[] = "STREAMSCANSIZE 20000";
+ if ($havp_config[F_SCANSTREAM] === 'true') {
+ #
+ $conf[] = "\n# always allow range, if stream scan enabled";
+ $conf[] = "RANGE true";
+ $conf[] = "\n# stream scan enabled";
+ $conf[] = "STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS";
+ $conf[] = "STREAMSCANSIZE 2000";
+ }
+ else {
+ # renew downloads ?
+ $conf[] = "RANGE {$havp_config[F_RANGE]}";
+ $conf[] = "\n# stream scan disabled";
+ $conf[] = "STREAMSCANSIZE 0";
+ }
+
# scan options
- $conf[] = "SCANIMAGES {$havp_config[F_SCANIMG]}";
- $conf[] = "MAXSCANSIZE {$havp_config[F_SCANMAXSIZE]}";
+ $conf[] = "SCANIMAGES {$havp_config[F_SCANIMG]}";
+ $conf[] = "MAXSCANSIZE {$havp_config[F_SCANMAXSIZE]}";
#
- $conf[] = "KEEPBACKBUFFER 200000";
- $conf[] = "KEEPBACKTIME 5";
+ $conf[] = "KEEPBACKBUFFER 200000";
+ $conf[] = "KEEPBACKTIME 5";
#
$conf[] = "# After Trickling Time (seconds), some bytes are sent to browser to keep the connection alive";
- $conf[] = "TRICKLING 5";
+ $conf[] = "TRICKLING 10";
+ $conf[] = "TRICKLINGBYTES 1";
#
$conf[] = "# Downloads larger than MAXDOWNLOADSIZE will be blocked.";
$conf[] = "MAXDOWNLOADSIZE {$havp_config[F_MAXDOWNLOADSIZE]}";
@@ -616,8 +625,8 @@ function havp_config_havp()
$conf[] = "ENABLECLAMD true";
# clamd socket
if (HV_CLAMD_TCPSOCKET === 'true') {
- $conf[] = "CLAMDSERVER 127.0.0.1";
- $conf[] = "CLAMDPORT " . HVDEF_CLAM_TCPSOCKET;
+ $conf[] = "CLAMDSERVER 127.0.0.1";
+ $conf[] = "CLAMDPORT " . HVDEF_CLAM_TCPSOCKET;
}
else $conf[] = "CLAMDSOCKET " . HVDEF_CLAM_SOCKET;
}
@@ -641,7 +650,7 @@ function havp_config_clam()
# ==============================================================================
";
$conf[] = "# log";
- $conf[] = "LogFile /var/log/clamav/clamd.log";
+ $conf[] = "LogFile " . HVDEF_CLAM_LOG;
$conf[] = "LogFileUnlock yes";
$conf[] = "LogFileMaxSize 1M";
$conf[] = "LogTime yes";
@@ -675,7 +684,7 @@ function havp_config_clam()
$conf[] = "# perform a database check.(sec) [3600 sec = 60 min]";
$conf[] = "SelfCheck 3600";
$conf[] = "# detect possibly unwanted applications.";
- $conf[] = "DetectPUA yes";
+ $conf[] = "DetectPUA no"; # possible unwanted applications
$conf[] = "AlgorithmicDetection yes";
$conf[] = "# executable";
$conf[] = "ScanPE yes";
@@ -729,14 +738,9 @@ function havp_config_freshclam()
# ==============================================================================
";
$conf[] = "DatabaseDirectory /var/db/clamav";
-# --
-# disable log to file while error not solved:
-# "ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log)."
-# --
-# $conf[] = "UpdateLogFile /var/log/clamav/freshclam.log";
# log
- $conf[] = "UpdateLogFile /var/tmp/freshclam.log";
+ $conf[] = "UpdateLogFile " . HVDEF_FRESHCLAM_LOG;
$conf[] = "LogFileMaxSize 10M";
$conf[] = "LogTime yes";
$conf[] = "LogVerbose yes";
@@ -870,13 +874,18 @@ function havp_configure_squid()
if (!isset($config['installedpackages']['squid']['config'][0]['custom_options'])) return;
- if ($on_configure === true)
- $new_opt[] = "cache_peer 127.0.0.1 parent {$havp_config[F_PROXYPORT]} 0 name=havp proxy-only no-query no-digest no-netdb-exchange default";
+ if ($on_configure === true) {
+ $new_opt[] = "never_direct allow all";
+ $new_opt[] = "cache_peer 127.0.0.1 parent {$havp_config[F_PROXYPORT]} 0 name=havp no-query no-digest no-netdb-exchange default";
+ }
# copy options, but not 'cache_peer' option
$cust_opt = explode(";", $config['installedpackages']['squid']['config'][0]['custom_options']);
- foreach($cust_opt as $key => $val)
- if (strpos($val, "cache_peer 127.0.0.1 parent") === false) $new_opt[] = $val;
+ foreach($cust_opt as $key => $val) {
+ if (strpos($val, "never_direct") !== false) continue;
+ if (strpos($val, "cache_peer 127.0.0.1 parent") !== false) continue;
+ $new_opt[] = $val;
+ }
$new_opt = implode(";", $new_opt);
if (/*is_package_installed('squid') && */file_exists('/usr/local/pkg/squid.inc')) {
@@ -976,85 +985,85 @@ function check_bw_domain($_dm)
#
function havp_setup_cron($task_name, $options, $on_off)
{
- global $config;
- $cron_item = array();
-
- # $on_off = TRUE/FALSE - install/deinstall cron task:
- # prepare new cron item
- if (is_array($options)) {
- $cron_item['task_name'] = $task_name;
- $cron_item['minute'] = $options[0];
- $cron_item['hour'] = $options[1];
- $cron_item['mday'] = $options[2];
- $cron_item['month'] = $options[3];
- $cron_item['wday'] = $options[4];
- $cron_item['who'] = ($options[5]) ? $options[5] : 'nobody';
- $cron_item['command'] = $options[6];
- }
-
- # unset old cron task with $task_name
- if (!empty($task_name)) {
- $flag_cron_upd = false;
- # delete old cron task if exists
- foreach($config['cron']['item'] as $key => $val) {
- if ($config['cron']['item'][$key]['task_name'] === $task_name) {
- unset($config['cron']['item'][$key]);
- $flag_cron_upd = true;
- break;
- }
- }
+ global $config;
+ $cron_item = array();
+
+ # $on_off = TRUE/FALSE - install/deinstall cron task:
+ # prepare new cron item
+ if (is_array($options)) {
+ $cron_item['task_name'] = $task_name;
+ $cron_item['minute'] = $options[0];
+ $cron_item['hour'] = $options[1];
+ $cron_item['mday'] = $options[2];
+ $cron_item['month'] = $options[3];
+ $cron_item['wday'] = $options[4];
+ $cron_item['who'] = ($options[5]) ? $options[5] : 'nobody';
+ $cron_item['command'] = $options[6];
+ }
- # set new cron task
- if (($on_off === true) and !empty($cron_item)) {
- $config['cron']['item'][] = $cron_item;
+ # unset old cron task with $task_name
+ if (!empty($task_name)) {
+ $flag_cron_upd = false;
+ # delete old cron task if exists
+ foreach($config['cron']['item'] as $key => $val) {
+ if ($config['cron']['item'][$key]['task_name'] === $task_name) {
+ unset($config['cron']['item'][$key]);
$flag_cron_upd = true;
+ break;
}
+ }
- # write config and configure cron only if cron task modified
- if ($flag_cron_upd === true) {
- write_config("Installed cron task '$task_name' for 'havp' package");
- configure_cron();
- }
+ # set new cron task
+ if (($on_off === true) and !empty($cron_item)) {
+ $config['cron']['item'][] = $cron_item;
+ $flag_cron_upd = true;
}
- else {
- # ! error $name !
- return;
+
+ # write config and configure cron only if cron task modified
+ if ($flag_cron_upd === true) {
+ write_config("Installed cron task '$task_name' for 'havp' package");
+ configure_cron();
}
+ }
+ else {
+ # ! error $name !
+ return;
+ }
}
# ------------------------------------------------------------------------------
# filter rules
# ------------------------------------------------------------------------------
function havp_generate_rules($type = 'filter')
{
- # 'nat' 'filter'
+ # 'nat' 'filter'
global $config, $havp_config;
$rules = array();
- # nothing if havp not running
- if (!is_service_running('havp')) {
- if (HV_DEBUG === 'true')
+ # nothing if havp not running
+ if (!is_service_running('havp')) {
+ if (HV_DEBUG === 'true')
log_error("havp: Havp is installed but not started. Filter rules not created.");
return;
- }
+ }
- $proxymode = $havp_config[F_PROXYMODE];
- # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- # HAVP always listen 127.0.0.1:port
- # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- # Proxy mode:
- # Standard - Filter: Rdr ifaces:port => 127.0.0.1:port
- # Parent for Squid - Filter: No
- # Transparent - Filter: Rdr ifaces:port => 127.0.0.1:port;
- # Rdr Any Http => 127.0.0.1:port + Allow Http traffic via iface
- # If Squid transparent, then as Standard.
- # Internal - Filter: No
- # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ $proxymode = $havp_config[F_PROXYMODE];
+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ # =-= HAVP always listen 127.0.0.1:port =-=
+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ # Proxy mode:
+ # Standard - Filter: Rdr ifaces:port => 127.0.0.1:port
+ # Parent for Squid - Filter: No
+ # Transparent - Filter: Rdr ifaces:port => 127.0.0.1:port;
+ # Rdr Any Http => 127.0.0.1:port + Allow Http traffic via iface
+ # If Squid transparent, then as Standard.
+ # Internal - Filter: No
+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- $proxybindiface = 'lo0'; # 127.0.0.1
- $ifaces = array_map('convert_friendly_interface_to_real_interface_name', explode(',', $havp_config[F_PROXYINTERFACE]));
- $proxyport = ( $havp_config[F_PROXYPORT] ? $havp_config[F_PROXYPORT] : HVDEF_PROXYPORT );
+ $proxybindiface = 'lo0'; # 127.0.0.1
+ $ifaces = array_map('convert_friendly_interface_to_real_interface_name', explode(',', $havp_config[F_PROXYINTERFACE]));
+ $proxyport = ( $havp_config[F_PROXYPORT] ? $havp_config[F_PROXYPORT] : HVDEF_PROXYPORT );
- # squid already transparent
+ # squid already transparent
$squid_transparent_proxy = ($config['installedpackages']['squid']['config'][0]['transparent_proxy'] == 'on');
if (($proxymode === 'transparent') && $squid_transparent_proxy) {
$proxymode = 'standard';
@@ -1270,12 +1279,10 @@ function mountRAMdisk($free_and_mount = true)
return;
}
- # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- # Temp RAMDisk
- # note: use 1/4 of system memory capacity
- # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ # =-= Temp RAMDisk =-=
+ # note: use 1/4 of system memory capacity
$ramdisk_capacity = get_memory();
- $ramdisk_capacity = intval($ramdisk_capacity[0]) / 4; # [Mb]
+ $ramdisk_capacity = intval($ramdisk_capacity[0]) / 4; # [Mb]
# check RAMDisk for exists and capacity
if (file_exists($mnt_flag_file)) {
@@ -1288,15 +1295,18 @@ function mountRAMdisk($free_and_mount = true)
umountRAMDisk();
# create and mount a swap backed file system on /var/tmp/havp by /dev/md10:
- mwexec("mdconfig -a -t swap -s {$ramdisk_capacity}M -u 10");
- mwexec("newfs -U /dev/md10");
- mwexec("mount /dev/md10 $mnt_point");
+# SWAP
+# mwexec("mdconfig -a -t swap -s {$ramdisk_capacity}M -u 10");
+# mwexec("newfs -U /dev/md10");
+# mwexec("mount /dev/md10 $mnt_point");
+# RAM - more quickly, used physical RAM
+ mwexec("/sbin/mdmfs -s {$ramdisk_capacity}M md10 $mnt_point");
mwexec("chmod 1777 $mnt_point");
# create flag file
file_put_contents($mnt_flag_file, "$ramdisk_capacity");
# syslog
- if (HV_DEBUG === 'true')
+ if (HV_DEBUG === 'true')
log_error("havp: Create RAMDisk {$ramdisk_capacity}Mb.");
}
# ------------------------------------------------------------------------------
@@ -1335,7 +1345,7 @@ function start_antivirus_scanner($filename)
$param[] = "-i"; # Only print infected files
$param[] = "--tempdir=" . HVDEF_TEMP_DIR; # Create temporary files in DIRECTORY
# $param[] = "-d FILE/DIR"; # Load virus database from FILE or load all .cvd and .db[2] files from DIR
- $param[] = "-l /var/log/clamscan.log"; # Save scan report to FILE
+ $param[] = "-l " . HVDEF_CLAMSCAN_LOG; # Save scan report to FILE
$param[] = "-r"; # Scan subdirectories recursively
$param[] = "--remove"; # Remove infected files. Be careful!
# $param[] = "--move=DIRECTORY"; # Move infected files into DIRECTORY
@@ -1343,7 +1353,7 @@ function start_antivirus_scanner($filename)
# $param[] = "--exclude-dir=PATT"; # Don't scan directories containing PATT
# $param[] = "--include=PATT"; # Only scan file names containing PATT
# $param[] = "--include-dir=PATT"; # Only scan directories containing PATT
- $param[] = "--detect-pua"; # Detect Possibly Unwanted Applications
+# $param[] = "--detect-pua"; # Detect Possibly Unwanted Applications
$param[] = "--detect-broken"; # Try to detect broken executable files
$param[] = "--max-filesize=10000000"; # Files larger than this will be skipped and assumed clean
$param[] = "--max-scansize=5000000"; # The maximum amount of data to scan for each container file (*)
@@ -1369,11 +1379,11 @@ function start_antivirus_scanner($filename)
if (HV_DEBUG === 'true') file_put_contents("/tmp/clamscan.cmd", $param);
if (file_exists($filename)) {
- log_error("Antivirus: Starting file '$filename' scanner. Log file is '/var/log/clamscan.log'. Wait 5-10 minutes.");
+ log_error("Antivirus: Starting file '$filename' scanner. Log file is '" . HVDEF_CLAMSCAN_LOG . "'. Wait 5-10 minutes.");
# put to log scanning file
$cont="Starting scan file {$filename}\n";
- file_put_contents("/var/log/clamscan.log", $cont);
+ file_put_contents(HVDEF_CLAMSCAN_LOG, $cont);
mwexec_bg("$param");
}
@@ -1386,6 +1396,7 @@ function start_antivirus_scanner($filename)
function havp_fscan_html()
{
global $g;
+ $clamscan_log = HVDEF_CLAMSCAN_LOG;
return <<<EOD
<hr>
@@ -1408,9 +1419,25 @@ function havp_fscan_html()
</span>
<hr>
<input name='submit' type='submit' value='Start_scan'><br>
-Press button for start antivirus scanner now. After 5-10 minutes look log file '/var/log/clamscan.log'
-(Diagnostics: Execute Shell command: <b>'cat /var/log/clamscan.log'</b>)
+Press button for start antivirus scanner now. After 5-10 minutes look log file '{$clamscan_log}'.<br>
+(Diagnostics: Execute Shell command: <b>'cat {$clamscan_log}'</b>)
EOD;
}
+# ------------------------------------------------------------------------------
+# Fix
+function havp_fix()
+{
+ global $config;
+ # unset old menu item
+ if (isset($config['installedpackages']['menu'])) {
+ foreach($config['installedpackages']['menu'] as $mkey => $mval) {
+ if ($mval['name'] === 'HTTP Antivirus') {
+ unset($config['installedpackages']['menu'][$key]);
+ write_config('Fix HAVP menu.');
+ break;
+ }
+ }
+ }
+}
?>
diff --git a/config/havp/havp.xml b/config/havp/havp.xml
index f2e07c91..de9e6e2c 100644
--- a/config/havp/havp.xml
+++ b/config/havp/havp.xml
@@ -256,7 +256,16 @@
<field>
<fielddescr>Scan images</fielddescr>
<fieldname>scanimg</fieldname>
- <description>Check this for scan image files.</description>
+ <description>
+ Check this for scan image files.
+ This option allows you to increase reliability, but also slows down the scanning process.
+ </description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>Scan media stream</fielddescr>
+ <fieldname>scanstream</fieldname>
+ <description>Check this for scan media (audio/video) stream. Use this for additional scan exploits for players.</description>
<type>checkbox</type>
</field>
<field>
@@ -283,7 +292,9 @@
havp_resync();
</custom_php_resync_config_command>
<custom_php_install_command>
+ havp_install();
</custom_php_install_command>
<custom_php_deinstall_command>
+ havp_deinstall();
</custom_php_deinstall_command>
</packagegui> \ No newline at end of file
diff --git a/pkg_config.7.xml b/pkg_config.7.xml
index 692c43e0..96684080 100755
--- a/pkg_config.7.xml
+++ b/pkg_config.7.xml
@@ -638,7 +638,7 @@
<category>Network Management</category>
<depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url>
<depends_on_package>havp-0.88.tbz</depends_on_package>
- <version>0.88_03</version>
+ <version>0.88_04</version>
<status>ALPHA</status>
<required_version>1.2.2</required_version>
<config_file>http://www.pfsense.com/packages/config/havp/havp.xml</config_file>
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index b862edcb..b620e25e 100755
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -638,7 +638,7 @@
<category>Network Management</category>
<depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url>
<depends_on_package>havp-0.88.tbz</depends_on_package>
- <version>0.88_03</version>
+ <version>0.88_04</version>
<status>ALPHA</status>
<required_version>1.2.2</required_version>
<config_file>http://www.pfsense.com/packages/config/havp/havp.xml</config_file>