7 files changed, 51 insertions, 8 deletions
diff --git a/config/autoconfigbackup/autoconfigbackup.inc b/config/autoconfigbackup/autoconfigbackup.inc
index abfe1a28..704fd165 100644
--- a/config/autoconfigbackup/autoconfigbackup.inc
+++ b/config/autoconfigbackup/autoconfigbackup.inc
@@ -139,6 +139,12 @@ function test_connection($post) {
 	$curl_session = curl_init();
 	curl_setopt($curl_session, CURLOPT_URL, $get_url);
 	curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
+	if ($pf_version < 2.2) {
+		// pre-2.2 doesn't have ca-root-nss
+		curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);
+	} else {
+		curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 1);
+	}
 	curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);
 	curl_setopt($curl_session, CURLOPT_POST, 1);
 	curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);
diff --git a/config/squid3/34/squid_antivirus.inc b/config/squid3/34/squid_antivirus.inc
index e22ae039..4bf9ea59 100644
--- a/config/squid3/34/squid_antivirus.inc
+++ b/config/squid3/34/squid_antivirus.inc
@@ -348,6 +348,28 @@ EOF;
 				if (!file_put_contents("{$cf}", preg_replace($squidclamav_m, $squidclamav_r, $sample_file), LOCK_EX)) {
 					log_error("[squid] Could not save generated {$cf} file!");
 				}
+				if ($antivirus_config['clamav_disable_stream_scanning'] == "on") {
+					$stream_exclude = <<< EOF
+# Do not scan (streamed) videos and audios
+abort ^.*\.(flv|f4f|mp(3|4))(\?.*)?$
+abort ^.*\.(m3u|pls|wmx|aac|mpeg)(\?.*)?$
+abortcontent ^video\/x-flv$
+abortcontent ^video\/mp4$
+abortcontent ^audio\/mp4$
+abortcontent ^.*audio\/mp4.*$
+abortcontent ^video\/webm$
+abortcontent ^audio\/webm$
+abortcontent ^video\/MP2T$
+abortcontent ^audio\/wmx$
+abortcontent ^audio\/mpeg$
+abortcontent ^audio\/aac$
+abortcontent ^.*application\/x-mms-framed.*$
+
+EOF;
+					if (!file_put_contents("{$cf}", "{$stream_exclude}", FILE_APPEND | LOCK_EX)) {
+						log_error("[squid] Could not add streaming exclusions to {$cf} file!");
+					}
+				}
 			} else {
 				log_error("[squid] Template not found; could not generate '{$cf}' file!");
 			}
@@ -468,6 +490,8 @@ function squid_antivirus_install_config_files() {
 		} else {
 			$squidclamav_r[2] = "{$config['system']['webgui']['protocol']}://{$config['system']['hostname']}.{$config['system']['domain']}:{$port}/squid_clwarn.php";
 		}
+		$squidclamav_m[3] = "@dnslookup\s1@";
+		$squidclamav_r[3] = "dnslookup 0";
 		if (!file_put_contents("{$cf}.pfsense", preg_replace($squidclamav_m, $squidclamav_r, $sample_file), LOCK_EX)) {
 			log_error("[squid] Could not save patched '{$cf}.pfsense' template file!");
 		}
diff --git a/config/squid3/34/squid_antivirus.xml b/config/squid3/34/squid_antivirus.xml
index 495ef342..e70acf55 100755
--- a/config/squid3/34/squid_antivirus.xml
+++ b/config/squid3/34/squid_antivirus.xml
@@ -42,7 +42,7 @@
 	]]>
 	</copyright>
 	<name>squidantivirus</name>
-	<version>0.4.1</version>
+	<version>0.4.6</version>
 	<title>Proxy Server: Antivirus</title>
 	<include_file>/usr/local/pkg/squid.inc</include_file>
 	<tabs>
@@ -165,6 +165,16 @@
 			<type>checkbox</type>
 		</field>
 		<field>
+			<fielddescr>Exclude Audio/Video Streams</fielddescr>
+			<fieldname>clamav_disable_stream_scanning</fieldname>
+			<description>
+				<![CDATA[
+				This option disables antivirus scanning of streamed video and audio.
+				]]>
+			</description>
+			<type>checkbox</type>
+		</field>
+		<field>
 			<fielddescr>ClamAV Database Update</fielddescr>
 			<fieldname>clamav_update</fieldname>
 			<description>
diff --git a/config/squid3/34/squid_js.inc b/config/squid3/34/squid_js.inc
index 59b75e60..33f1923d 100644
--- a/config/squid3/34/squid_js.inc
+++ b/config/squid3/34/squid_js.inc
@@ -215,11 +215,10 @@ function on_antivirus_advanced_config_changed() {
 	if (enable_advanced === 'disabled') {
 		document.iform['clamav_url'].disabled = 0;
 		document.iform['clamav_safebrowsing'].disabled = 0;
+		document.iform['clamav_disable_stream_scanning'].disabled = 0;
 		document.iform['clamav_update'].disabled = 0;
 		document.iform['clamav_dbregion'].disabled = 0;
 		document.iform['clamav_dbservers'].disabled = 0;
-		document.iform['clamav_dbservers'].disabled = 0;
-		document.iform['clamav_dbservers'].disabled = 0;
 		document.getElementById("load_advanced").disabled = 1;
 		document.iform['raw_squidclamav_conf'].disabled = 1;
 		document.iform['raw_squidclamav_conf'].value = '';
@@ -235,6 +234,8 @@ function on_antivirus_advanced_config_changed() {
 		document.iform['clamav_url'].disabled = 1;
 		document.iform['clamav_safebrowsing'].disabled = 1;
 		document.getElementById('clamav_safebrowsing').checked = 0;
+		document.iform['clamav_disable_stream_scanning'].disabled = 1;
+		document.getElementById('clamav_disable_stream_scanning').checked = 0;
 		document.iform['clamav_update'].disabled = 0;
 		document.iform['clamav_dbregion'].disabled = 1;
 		document.getElementById("clamav_dbregion").value = '';
diff --git a/pkg_config.10.xml b/pkg_config.10.xml
index 1e21c95c..eec3985f 100644
--- a/pkg_config.10.xml
+++ b/pkg_config.10.xml
@@ -772,7 +772,7 @@
 		</descr>
 		<website>https://portal.pfsense.org</website>
 		<category>Services</category>
-		<version>1.32</version>
+		<version>1.33</version>
 		<status>RELEASE</status>
 		<required_version>2.2</required_version>
 		<pkginfolink>https://doc.pfsense.org/index.php/AutoConfigBackup</pkginfolink>
@@ -1089,8 +1089,8 @@
 		<pkginfolink>https://forum.pfsense.org/index.php?topic=100167.0</pkginfolink>
 		<website>http://www.squid-cache.org/</website>
 		<category>Services</category>
-		<version>0.4.5</version>
-		<status>BETA</status>
+		<version>0.4.6</version>
+		<status>RC</status>
 		<required_version>2.2</required_version>
 		<maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer>
 		<run_depends>sbin/squid:www/squid libexec/squid/squid_radius_auth:www/squid_radius_auth lib/c_icap/virus_scan.so:www/c-icap-modules lib/c_icap/squidclamav.so:www/squidclamav</run_depends>
@@ -1237,6 +1237,8 @@
 		<required_version>2.2</required_version>
 		<config_file>https://packages.pfsense.org/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file>
 		<configurationfile>openvpn-client-export.xml</configurationfile>
+		<!-- Skip auto sync to 2.3 format -->
+		<maximum_version>2.2.999</maximum_version>
 	</package>
 	<package>
 		<name>HAVP antivirus</name>
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 1040190f..1115a2be 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -814,7 +814,7 @@
 		<descr>Automatically backs up your pfSense configuration.  All contents are encrypted before being sent to the server.  Requires Gold Subscription from https://portal.pfsense.org</descr>
 		<website>https://portal.pfsense.org</website>
 		<category>Services</category>
-		<version>1.32</version>
+		<version>1.33</version>
 		<status>Stable</status>
 		<required_version>1.2</required_version>
 		<pkginfolink>https://doc.pfsense.org/index.php/AutoConfigBackup</pkginfolink>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index d6d9b6dd..c8a2d1c3 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -801,7 +801,7 @@
 		<descr>Automatically backs up your pfSense configuration.  All contents are encrypted before being sent to the server.  Requires Gold Subscription from https://portal.pfsense.org</descr>
 		<website>https://portal.pfsense.org</website>
 		<category>Services</category>
-		<version>1.32</version>
+		<version>1.33</version>
 		<status>Stable</status>
 		<required_version>1.2</required_version>
 		<pkginfolink>https://doc.pfsense.org/index.php/AutoConfigBackup</pkginfolink>