5 files changed, 37 insertions, 14 deletions

diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc
index ae2b3264..3077eddb 100755
--- a/config/dansguardian/dansguardian.inc
+++ b/config/dansguardian/dansguardian.inc
@@ -301,14 +301,14 @@ function sync_package_dansguardian($via_rpc=false,$install_process=false) {
 			exec("/usr/bin/openssl x509 -hash -noout -in /etc/ssl/demoCA/cacert.pem",$cert_hash);
 			file_put_contents("/usr/local/share/certs/".$cert_hash[0].".0",base64_decode($ca_cert['crt']));
 			$ca_pem = "cacertificatepath = '/etc/ssl/demoCA/cacert.pem'";
-		$generatedcertpath= "generatedcertpath = '/etc/ssl/demoCA/certs/'";
+		$generatedcertpath= "generatedcertpath = '".$dansguardian_dir."/ssl/generatedcerts'";
 		#generatedcertpath = ".$dansguardian_dir . "/ssl/generatedcerts";
 		$generatedlinkpath= "generatedlinkpath = '".$dansguardian_dir . "/ssl/generatedlinks'";
 			}
 		$svr_cert = lookup_cert($dansguardian_config["dcert"]);
 		if ($svr_cert != false) {
 			if(base64_decode($svr_cert['prv'])) {
-				file_put_contents("/etc/ssl/demoCA/private/serverkey.pem",base64_decode($svr_cert['prv']));
+				file_put_contents("/etc/ssl/demoCA/private/serverkey.pem",base64_decode($svr_cert['prv']).base64_decode($svr_cert['crt']));
 				$cert_key = "certprivatekeypath = '/etc/ssl/demoCA/private/serverkey.pem' ";
 			}
 		}
@@ -721,7 +721,7 @@ function sync_package_dansguardian($via_rpc=false,$install_process=false) {
 																				'mode'=> "1",
 																				'report_level'=>"global");
 
-	$groups=array("scancleancache","hexdecodecontent","blockdownloads","enablepics","deepurlanalysis","infectionbypasserrorsonly","disablecontentscan","sslcertcheck","sslmitm");
+	$groups=array("scancleancache","hexdecodecontent","blockdownloads","enablepics","deepurlanalysis","infectionbypasserrorsonly","disablecontentscan","sslcheckcert","sslmitm");
 	#loop on array
 	$count=1;
 	$user_xml="";
@@ -737,7 +737,7 @@ function sync_package_dansguardian($via_rpc=false,$install_process=false) {
 		$dansguardian_groups['embeddedurlweight']=($dansguardian_groups['embeddedurlweight']?$dansguardian_groups['embeddedurlweight']:"0");
 		$dansguardian_groups['bypass']=($dansguardian_groups['bypass']?$dansguardian_groups['bypass']:"0");
 		$dansguardian_groups['infectionbypass']=($dansguardian_groups['infectionbypass']?$dansguardian_groups['infectionbypass']:"0");
-		$dansguardian_groups['mitmkey']=($dansguardian_groups['mitmkey']?$dansguardian_groups['mitmkey']:"dgs3dD3da");
+		$dansguardian_groups['maxuploadsize']=($dansguardian_groups['maxuploadsize']?$dansguardian_groups['maxuploadsize']:$maxuploadsize);
 		switch ($dansguardian_groups['reportinglevel']){
 			case "1":
 			case "2":
@@ -761,8 +761,10 @@ function sync_package_dansguardian($via_rpc=false,$install_process=false) {
 				$groupaccessdeniedaddress="";
 		}
 
-		foreach ($groups as $group)
+		foreach ($groups as $group){
 			$dansguardian_groups[$group]=(preg_match("/$group/",$dansguardian_groups['group_options'])?"on":"off");
+		}
+		
 		#create group list files
 		$lists=array("phraseacl"   => array("bannedphrase","weightedphrase","exceptionphrase"),
 					 "siteacl"     => array("bannedsite","greysite","exceptionsite","exceptionfilesite","logsite"),
@@ -939,6 +941,7 @@ EOF;
 	$cconf= DANSGUARDIAN_DIR. "/etc/clamd.conf";
 	$cconf_file=file_get_contents($cconf);
 	if (preg_match("/User (\w+)/",$cconf_file,$matches)){
+		mwexec("/usr/sbin/pw user show {$matches[1]} || /usr/sbin/pw user add -n {$matches[1]} -s /usr/sbin/nologin");
 		$daemonuser = $matches[1];
 		$daemongroup = 'nobody';
 	}
@@ -1103,8 +1106,8 @@ EOF;
 			
 		if (!(file_exists('/var/db/clamav/main.cvd')||file_exists('/var/db/clamav/main.cld'))){
 			file_notice("Dansguardian - No antivirus database found for clamav, running freshclam in background.","");
-			log_error('No antivirus database found for clamav, running freshclam in background.');
-			mwexec_bg(DANSGUARDIAN_DIR.'/bin/freshclam');
+			log_error('No antivirus database found for clamav, running freshclam in background. Content-scanner may not work until freshclam finishes.');
+			mwexec_bg(DANSGUARDIAN_DIR.'/bin/freshclam && /usr/local/etc/rc.d/clamav-clamd');
 			}
 				
 			$match=array();
@@ -1130,12 +1133,16 @@ EOF;
 				foreach ($script_file as $script_line){
 					if(preg_match("/command=/",$script_line)){
 						$new_clamav_startup.= 'if [ ! -d /var/run/clamav ];then /bin/mkdir /var/run/clamav;fi'."\n";
+						$new_clamav_startup.= 'if [ ! -d /var/db/clamav ];then /bin/mkdir /var/db/clamav;fi'."\n";
+						$new_clamav_startup.= 'if [ ! -d /var/log/clamav ];then /bin/mkdir -p /var/log/clamav;fi'."\n";
 						$new_clamav_startup.= "chown -R ".$matches[1]." /var/run/clamav\n";
+						$new_clamav_startup.= "chown -R ".$matches[1]." /var/db/clamav\n";
 						$new_clamav_startup.= "chown -R ".$matches[1]." /var/log/clamav\n";
 						$new_clamav_startup.=$script_line;
 						}
 					elseif(!preg_match("/(mkdir|chown|sleep|mailscanner)/",$script_line)) {
 						$new_clamav_startup.=preg_replace("/NO/","YES",$script_line);
+						$new_clamav_startup.=preg_replace("@/usr/local@",DANSGUARDIAN_DIR,$script_line);
 						}
 					}
 				file_put_contents($script, $new_clamav_startup, LOCK_EX);
diff --git a/config/dansguardian/dansguardian_groups.xml b/config/dansguardian/dansguardian_groups.xml
index 031ae88b..fc9ff8a8 100755
--- a/config/dansguardian/dansguardian_groups.xml
+++ b/config/dansguardian/dansguardian_groups.xml
@@ -150,11 +150,11 @@
  				<option><name>Enable Deep URL Analysis (off)</name><value>deepurlanalysis</value></option>
  				<option><name>Infection/Scan Error Bypass on Scan Errors Only (on)</name><value>infectionbypasserrorsonly</value></option>
  				<option><name>Disable content scanning (off)</name><value>disablecontentscan</value></option>
- 				<option><name>Check servers ssl certificates (off)</name><value>sslcertcheck</value></option>
+ 				<option><name>Check Server SSLCertificates (off)</name><value>sslcheckcert</value></option>
  				<option><name>Filter ssl sites forging SSL Certificates (off)</name><value>sslmitm</value></option>
  				</options>
  				<multiple/>
- 				<size>10</size>
+ 				<size>9</size>
 		</field>
 		<field>
 			<fielddescr>Pics</fielddescr>
@@ -298,7 +298,7 @@
  				</options>
 		</field>
 		<field>
-			<fielddescr>Naughtiness limite</fielddescr>
+			<fielddescr>Naughtiness limit</fielddescr>
 			<fieldname>naughtynesslimit</fieldname>
 			<description><![CDATA[This the limit over which the page will be blocked.  Each weighted phrase is given a value either positive or negative and the values added up.<br>
 					Phrases to do with good subjects will have negative values, and bad subjects will have positive values.<br>
@@ -318,6 +318,17 @@
 			<size>10</size>
 		</field>
 		<field>
+			<fielddescr>Max upload size</fielddescr>
+			<fieldname>maxuploadsize</fieldname>
+			<type>input</type>
+			<size>10</size>
+			<description><![CDATA[POST protection (web upload and forms) does not block forms without any file upload, i.e. this is just for blocking or limiting uploads measured in kilobytes after MIME encoding and header bump<br>
+					use 0 for a complete block<br>
+					use higher (e.g. 512 = 512Kbytes) for limiting<br>
+					use -1 for no blocking(default)<br>
+					Leave empty to use global Max upload size limit value.]]></description>
+		</field>
+		<field>
 			<fielddescr>Category display threshold</fielddescr>
 			<fieldname>categorydisplaythreshold</fieldname>
 			<description><![CDATA[This option only applies to pages blocked by weighted phrase filtering.<br>
diff --git a/config/dansguardian/dansguardian_ldap.php b/config/dansguardian/dansguardian_ldap.php
index d44f3de4..beb57ee0 100644
--- a/config/dansguardian/dansguardian_ldap.php
+++ b/config/dansguardian/dansguardian_ldap.php
@@ -129,7 +129,11 @@ if (is_array($config['installedpackages']['dansguardiangroups']['config']))
 		   					}
 		   			}
 	   			}
-		   	if (!empty($members)){
+		   	if (empty($members)){
+		   		$config['installedpackages']['dansguardianusers']['config'][0][strtolower($group['name'])] = NULL;
+		   	 	$apply_config++;
+		   		}
+		   	else{
 		   	$import_users = explode("\n", $members);
 			asort($import_users);
 			$members=base64_encode(implode("\n", $import_users));
diff --git a/config/dansguardian/dansguardian_limits.xml b/config/dansguardian/dansguardian_limits.xml
index c8011357..2c147f1b 100644
--- a/config/dansguardian/dansguardian_limits.xml
+++ b/config/dansguardian/dansguardian_limits.xml
@@ -107,7 +107,7 @@
 			<fieldname>maxuploadsize</fieldname>
 			<type>input</type>
 			<size>10</size>
-			<description><![CDATA[POST protection (web upload and forms) does not block forms without any file upload, i.e. this is just for blocking or limiting uploads measured in kibibytes after MIME encoding and header bumph<br>
+			<description><![CDATA[POST protection (web upload and forms) does not block forms without any file upload, i.e. this is just for blocking or limiting uploads measured in kilobytes after MIME encoding and header bump<br>
 					use 0 for a complete block<br>
 					use higher (e.g. 512 = 512Kbytes) for limiting<br>
 					use -1 for no blocking(default)]]></description>
diff --git a/config/dansguardian/dansguardianfx.conf.template b/config/dansguardian/dansguardianfx.conf.template
index f5296622..96b2b1b9 100644
--- a/config/dansguardian/dansguardianfx.conf.template
+++ b/config/dansguardian/dansguardianfx.conf.template
@@ -198,6 +198,7 @@ categorydisplaythreshold = {$dansguardian_groups['categorydisplaythreshold']}
 # WARNING: This option is highly CPU intensive!
 embeddedurlweight = {$dansguardian_groups['embeddedurlweight']}
 
+maxuploadsize = {$dansguardian_groups['maxuploadsize']}
 # Enable PICS rating support
 #
 # Defaults to disabled
@@ -370,13 +371,13 @@ deepurlanalysis = {$dansguardian_groups['deepurlanalysis']}
 #SSL certificate checking
 # Check that ssl certificates for servers on https connections are valid
 # and signed by a ca in the configured path
-sslcertcheck = {$dansguardian_groups['sslcertcheck']}
+sslcheckcert = {$dansguardian_groups['sslcheckcert']}
 
 #SSL man in the middle
 # Forge ssl certificates for all sites, decrypt the data then re encrypt it
 # using a different private key. Used to filter ssl sites
 sslmitm = {$dansguardian_groups['sslmitm']}
-#mitmkey = '{$dansguardian_groups['mitmkey']}'
+{$dansguardian_groups['mitmkey']}
 
 EOF;