4 files changed, 36 insertions, 13 deletions

diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc
index ae2b3264..3077eddb 100755
--- a/config/dansguardian/dansguardian.inc
+++ b/config/dansguardian/dansguardian.inc
@@ -301,14 +301,14 @@ function sync_package_dansguardian($via_rpc=false,$install_process=false) {
 			exec("/usr/bin/openssl x509 -hash -noout -in /etc/ssl/demoCA/cacert.pem",$cert_hash);
 			file_put_contents("/usr/local/share/certs/".$cert_hash[0].".0",base64_decode($ca_cert['crt']));
 			$ca_pem = "cacertificatepath = '/etc/ssl/demoCA/cacert.pem'";
-		$generatedcertpath= "generatedcertpath = '/etc/ssl/demoCA/certs/'";
+		$generatedcertpath= "generatedcertpath = '".$dansguardian_dir."/ssl/generatedcerts'";
 		#generatedcertpath = ".$dansguardian_dir . "/ssl/generatedcerts";
 		$generatedlinkpath= "generatedlinkpath = '".$dansguardian_dir . "/ssl/generatedlinks'";
 			}
 		$svr_cert = lookup_cert($dansguardian_config["dcert"]);
 		if ($svr_cert != false) {
 			if(base64_decode($svr_cert['prv'])) {
-				file_put_contents("/etc/ssl/demoCA/private/serverkey.pem",base64_decode($svr_cert['prv']));
+				file_put_contents("/etc/ssl/demoCA/private/serverkey.pem",base64_decode($svr_cert['prv']).base64_decode($svr_cert['crt']));
 				$cert_key = "certprivatekeypath = '/etc/ssl/demoCA/private/serverkey.pem' ";
 			}
 		}
@@ -721,7 +721,7 @@ function sync_package_dansguardian($via_rpc=false,$install_process=false) {
 																				'mode'=> "1",
 																				'report_level'=>"global");
 
-	$groups=array("scancleancache","hexdecodecontent","blockdownloads","enablepics","deepurlanalysis","infectionbypasserrorsonly","disablecontentscan","sslcertcheck","sslmitm");
+	$groups=array("scancleancache","hexdecodecontent","blockdownloads","enablepics","deepurlanalysis","infectionbypasserrorsonly","disablecontentscan","sslcheckcert","sslmitm");
 	#loop on array
 	$count=1;
 	$user_xml="";
@@ -737,7 +737,7 @@ function sync_package_dansguardian($via_rpc=false,$install_process=false) {
 		$dansguardian_groups['embeddedurlweight']=($dansguardian_groups['embeddedurlweight']?$dansguardian_groups['embeddedurlweight']:"0");
 		$dansguardian_groups['bypass']=($dansguardian_groups['bypass']?$dansguardian_groups['bypass']:"0");
 		$dansguardian_groups['infectionbypass']=($dansguardian_groups['infectionbypass']?$dansguardian_groups['infectionbypass']:"0");
-		$dansguardian_groups['mitmkey']=($dansguardian_groups['mitmkey']?$dansguardian_groups['mitmkey']:"dgs3dD3da");
+		$dansguardian_groups['maxuploadsize']=($dansguardian_groups['maxuploadsize']?$dansguardian_groups['maxuploadsize']:$maxuploadsize);
 		switch ($dansguardian_groups['reportinglevel']){
 			case "1":
 			case "2":
@@ -761,8 +761,10 @@ function sync_package_dansguardian($via_rpc=false,$install_process=false) {
 				$groupaccessdeniedaddress="";
 		}
 
-		foreach ($groups as $group)
+		foreach ($groups as $group){
 			$dansguardian_groups[$group]=(preg_match("/$group/",$dansguardian_groups['group_options'])?"on":"off");
+		}
+		
 		#create group list files
 		$lists=array("phraseacl"   => array("bannedphrase","weightedphrase","exceptionphrase"),
 					 "siteacl"     => array("bannedsite","greysite","exceptionsite","exceptionfilesite","logsite"),
@@ -939,6 +941,7 @@ EOF;
 	$cconf= DANSGUARDIAN_DIR. "/etc/clamd.conf";
 	$cconf_file=file_get_contents($cconf);
 	if (preg_match("/User (\w+)/",$cconf_file,$matches)){
+		mwexec("/usr/sbin/pw user show {$matches[1]} || /usr/sbin/pw user add -n {$matches[1]} -s /usr/sbin/nologin");
 		$daemonuser = $matches[1];
 		$daemongroup = 'nobody';
 	}
@@ -1103,8 +1106,8 @@ EOF;
 			
 		if (!(file_exists('/var/db/clamav/main.cvd')||file_exists('/var/db/clamav/main.cld'))){
 			file_notice("Dansguardian - No antivirus database found for clamav, running freshclam in background.","");
-			log_error('No antivirus database found for clamav, running freshclam in background.');
-			mwexec_bg(DANSGUARDIAN_DIR.'/bin/freshclam');
+			log_error('No antivirus database found for clamav, running freshclam in background. Content-scanner may not work until freshclam finishes.');
+			mwexec_bg(DANSGUARDIAN_DIR.'/bin/freshclam && /usr/local/etc/rc.d/clamav-clamd');
 			}
 				
 			$match=array();
@@ -1130,12 +1133,16 @@ EOF;
 				foreach ($script_file as $script_line){
 					if(preg_match("/command=/",$script_line)){
 						$new_clamav_startup.= 'if [ ! -d /var/run/clamav ];then /bin/mkdir /var/run/clamav;fi'."\n";
+						$new_clamav_startup.= 'if [ ! -d /var/db/clamav ];then /bin/mkdir /var/db/clamav;fi'."\n";
+						$new_clamav_startup.= 'if [ ! -d /var/log/clamav ];then /bin/mkdir -p /var/log/clamav;fi'."\n";
 						$new_clamav_startup.= "chown -R ".$matches[1]." /var/run/clamav\n";
+						$new_clamav_startup.= "chown -R ".$matches[1]." /var/db/clamav\n";
 						$new_clamav_startup.= "chown -R ".$matches[1]." /var/log/clamav\n";
 						$new_clamav_startup.=$script_line;
 						}
 					elseif(!preg_match("/(mkdir|chown|sleep|mailscanner)/",$script_line)) {
 						$new_clamav_startup.=preg_replace("/NO/","YES",$script_line);
+						$new_clamav_startup.=preg_replace("@/usr/local@",DANSGUARDIAN_DIR,$script_line);
 						}
 					}
 				file_put_contents($script, $new_clamav_startup, LOCK_EX);
diff --git a/config/dansguardian/dansguardian_groups.xml b/config/dansguardian/dansguardian_groups.xml
index 031ae88b..4fee3d50 100755
--- a/config/dansguardian/dansguardian_groups.xml
+++ b/config/dansguardian/dansguardian_groups.xml
@@ -150,11 +150,11 @@
  				<option><name>Enable Deep URL Analysis (off)</name><value>deepurlanalysis</value></option>
  				<option><name>Infection/Scan Error Bypass on Scan Errors Only (on)</name><value>infectionbypasserrorsonly</value></option>
  				<option><name>Disable content scanning (off)</name><value>disablecontentscan</value></option>
- 				<option><name>Check servers ssl certificates (off)</name><value>sslcertcheck</value></option>
+ 				<option><name>Check Server SSLCertificates (off)</name><value>sslcheckcert</value></option>
  				<option><name>Filter ssl sites forging SSL Certificates (off)</name><value>sslmitm</value></option>
  				</options>
  				<multiple/>
- 				<size>10</size>
+ 				<size>9</size>
 		</field>
 		<field>
 			<fielddescr>Pics</fielddescr>
@@ -298,7 +298,7 @@
  				</options>
 		</field>
 		<field>
-			<fielddescr>Naughtiness limite</fielddescr>
+			<fielddescr>Naughtiness limit</fielddescr>
 			<fieldname>naughtynesslimit</fieldname>
 			<description><![CDATA[This the limit over which the page will be blocked.  Each weighted phrase is given a value either positive or negative and the values added up.<br>
 					Phrases to do with good subjects will have negative values, and bad subjects will have positive values.<br>
@@ -318,6 +318,17 @@
 			<size>10</size>
 		</field>
 		<field>
+			<fielddescr>Max upload size</fielddescr>
+			<fieldname>maxuploadsize</fieldname>
+			<type>input</type>
+			<size>10</size>
+			<description><![CDATA[POST protection (web upload and forms) does not block forms without any file upload, i.e. this is just for blocking or limiting uploads measured in kibibytes after MIME encoding and header bumph<br>
+					use 0 for a complete block<br>
+					use higher (e.g. 512 = 512Kbytes) for limiting<br>
+					use -1 for no blocking(default)<br>
+					Leave empty to use global Max upload size limit value.]]></description>
+		</field>
+		<field>
 			<fielddescr>Category display threshold</fielddescr>
 			<fieldname>categorydisplaythreshold</fieldname>
 			<description><![CDATA[This option only applies to pages blocked by weighted phrase filtering.<br>
diff --git a/config/dansguardian/dansguardian_ldap.php b/config/dansguardian/dansguardian_ldap.php
index d44f3de4..beb57ee0 100644
--- a/config/dansguardian/dansguardian_ldap.php
+++ b/config/dansguardian/dansguardian_ldap.php
@@ -129,7 +129,11 @@ if (is_array($config['installedpackages']['dansguardiangroups']['config']))
 		   					}
 		   			}
 	   			}
-		   	if (!empty($members)){
+		   	if (empty($members)){
+		   		$config['installedpackages']['dansguardianusers']['config'][0][strtolower($group['name'])] = NULL;
+		   	 	$apply_config++;
+		   		}
+		   	else{
 		   	$import_users = explode("\n", $members);
 			asort($import_users);
 			$members=base64_encode(implode("\n", $import_users));
diff --git a/config/dansguardian/dansguardianfx.conf.template b/config/dansguardian/dansguardianfx.conf.template
index f5296622..96b2b1b9 100644
--- a/config/dansguardian/dansguardianfx.conf.template
+++ b/config/dansguardian/dansguardianfx.conf.template
@@ -198,6 +198,7 @@ categorydisplaythreshold = {$dansguardian_groups['categorydisplaythreshold']}
 # WARNING: This option is highly CPU intensive!
 embeddedurlweight = {$dansguardian_groups['embeddedurlweight']}
 
+maxuploadsize = {$dansguardian_groups['maxuploadsize']}
 # Enable PICS rating support
 #
 # Defaults to disabled
@@ -370,13 +371,13 @@ deepurlanalysis = {$dansguardian_groups['deepurlanalysis']}
 #SSL certificate checking
 # Check that ssl certificates for servers on https connections are valid
 # and signed by a ca in the configured path
-sslcertcheck = {$dansguardian_groups['sslcertcheck']}
+sslcheckcert = {$dansguardian_groups['sslcheckcert']}
 
 #SSL man in the middle
 # Forge ssl certificates for all sites, decrypt the data then re encrypt it
 # using a different private key. Used to filter ssl sites
 sslmitm = {$dansguardian_groups['sslmitm']}
-#mitmkey = '{$dansguardian_groups['mitmkey']}'
+{$dansguardian_groups['mitmkey']}
 
 EOF;