diff options
Diffstat (limited to 'config/havp')
| -rw-r--r-- | config/havp/havp.inc | 35 | ||||
| -rw-r--r-- | config/havp/havp.xml | 22 |
2 files changed, 40 insertions, 17 deletions
diff --git a/config/havp/havp.inc b/config/havp/havp.inc index 7b4f08a5..36c053c9 100644 --- a/config/havp/havp.inc +++ b/config/havp/havp.inc @@ -77,7 +77,13 @@ define('HVDEF_MAXSCANSIZE', '5000000'); # [bytes] ! do not enter 0 o define('HVDEF_MAXARCSCANSIZE', '5000000'); # [bytes] ! do not enter 0 or big size ! define('HVDEF_PID_FILE', '/var/run/havp.pid'); define('HVDEF_WORK_DIR', '/usr/local/etc/havp'); -define('HVDEF_LOG_DIR', '/var/log/havp'); + +$pfSversion = str_replace("\s", "", file_get_contents("/etc/version")); +if(preg_match("/^2.0/",$pfSversion)) + define('HVDEF_LOG_DIR', '/var/log/havp'); +else + define('HVDEF_LOG_DIR', '/var/log'); + define('HVDEF_TEMP_DIR', '/var/tmp'); define('HVDEF_HAVPTEMP_DIR', HVDEF_TEMP_DIR.'/havp'); define('HVDEF_RAMTEMP_DIR', HVDEF_TEMP_DIR.'/havpRAM'); @@ -97,7 +103,12 @@ define('HVDEF_HAVP_MAXSRV', '100'); # Clam #define('HVDEF_CLAM_RUNDIR', '/var/run/clamav'); define('HVDEF_CLAM_RUNDIR', '/var/run'); -define('HVDEF_AVLOG_DIR', '/var/log/clamav'); +define('HVDEF_CLAM_DBDIR', '/var/db/clamav'); +if(preg_match("/^2./",$pfSversion)) + define('HVDEF_AVLOG_DIR', '/var/log/clamav'); +else + define('HVDEF_AVLOG_DIR', '/var/log'); + define('HVDEF_CLAM_SOCKET', HVDEF_CLAM_RUNDIR.'/clamd.sock'); define('HVDEF_CLAM_PID', HVDEF_CLAM_RUNDIR.'/clamd.pid'); define('HVDEF_CLAM_LOG', HVDEF_AVLOG_DIR . '/clamd.log'); @@ -370,7 +381,12 @@ function havp_check_system() $grp = exec('pw group show ' . HVDEF_GROUP); if (strpos($grp, HVDEF_GROUP) !== 0) { exec('pw group add ' . HVDEF_GROUP); - log_error("Antivirus: Username '" . HVDEF_GROUP . "' was added."); + log_error("Antivirus: Group '" . HVDEF_GROUP . "' was added."); + } + $usr = exec('pw usershow -n ' . HVDEF_USER); + if (strpos($usr, HVDEF_USER) !== 0) { + exec('pw useradd ' . HVDEF_USER . ' -g ' . HVDEF_GROUP . ' -h - -s "/sbin/nologin" -d "/nonexistent" -c "havp daemon"'); + log_error("Antivirus: User '" . HVDEF_USER . "' was added."); } # workdir permissions @@ -381,6 +397,11 @@ function havp_check_system() mwexec("mkdir -p " . HVDEF_HAVPTEMP_DIR); havp_set_file_access(HVDEF_HAVPTEMP_DIR, HVDEF_USER, ''); + # clamav dbdir + if (!file_exists(HVDEF_CLAM_DBDIR)) + mwexec("mkdir -p " . HVDEF_CLAM_DBDIR); + havp_set_file_access(HVDEF_CLAM_DBDIR, HVDEF_AVUSER, ''); + # RAM tempdir if (!file_exists(HVDEF_RAMTEMP_DIR)) mwexec("mkdir -p " . HVDEF_RAMTEMP_DIR); @@ -410,6 +431,8 @@ function havp_check_system() if (!file_exists(HVDEF_CLAM_LOG)) file_put_contents(HVDEF_CLAM_LOG, ''); if (!file_exists(HVDEF_FRESHCLAM_LOG)) file_put_contents(HVDEF_FRESHCLAM_LOG, ''); # log dir permissions + if (!file_exists(HVDEF_AVLOG_DIR)) + mwexec("mkdir -p " . HVDEF_AVLOG_DIR); havp_set_file_access(HVDEF_AVLOG_DIR, HVDEF_USER, '0777'); # =-= ClamAV =-= @@ -836,7 +859,7 @@ function havp_config_freshclam() $conf[] = "PidFile /var/run/clamav/freshclam.pid"; $conf[] = "\n# db"; - $conf[] = "DatabaseOwner clamav"; + $conf[] = "DatabaseOwner havp"; $conf[] = "AllowSupplementaryGroups yes"; $conf[] = "DNSDatabaseInfo current.cvd.clamav.net"; @@ -863,7 +886,7 @@ function havp_config_freshclam() case 'sa': $conf[] = "DatabaseMirror clamav.dial-up.net"; break; # south africa case 'tw': $conf[] = "DatabaseMirror clamav.cs.pu.edu.tw"; break; # taiwan case 'uk': $conf[] = "DatabaseMirror clamav.oucs.ox.ac.uk"; break; # united kingdom - case 'us': $conf[] = "DatabaseMirror clamav.catt.com "; break; # united states + case 'us': $conf[] = "DatabaseMirror db.us.clamav.net "; break; # united states default: break; } } @@ -1564,7 +1587,7 @@ function havp_fscan_html() <hr> <span onClick="document.getElementById('scanfilepath').value = '/var/squid';" style="cursor: pointer;"> <img src='./themes/{$g['theme']}/images/icons/icon_pass.gif' title='Click here'> - <font size='-1'><u> Squid cache path (scan you squid cache now).</u></font> + <font size='-1'><u> Squid cache path (scan your squid cache now).</u></font> </img> </span> <br> diff --git a/config/havp/havp.xml b/config/havp/havp.xml index df03fca9..6d991a81 100644 --- a/config/havp/havp.xml +++ b/config/havp/havp.xml @@ -70,8 +70,8 @@ Select interface mode: <br> <b> standard </b> - client(s) bind to the 'proxy port' on selected interface(s); <br> <b> parent for squid </b> - configure HAVP as parent for Squid proxy;<br> - <b> transparent </b> - all 'http' requests on interface(s) will be translated to the HAVP proxy server without any client(s) additional configuration necessary (worked as 'parent for squid' with 'transparent' Squid proxy); <br> - <b> internal </b> - HAVP listen internal interface (127.0.0.1) on 'proxy port', use you own traffic forwarding rules.<br> + <b> transparent </b> - all HTTP requests on interface(s) will be directed to the HAVP proxy server without any client configuration necessary (works as parent for squid with transparent Squid proxy); <br> + <b> internal </b> - HAVP will listen on the loopback (127.0.0.1) on configured 'proxy port.' Use you own traffic forwarding rules.<br> </description> <type>select</type> <default_value>standard</default_value> @@ -85,7 +85,7 @@ <field> <fielddescr>Proxy interface(s)</fielddescr> <fieldname>proxyinterface</fieldname> - <description>The interface(s) for client connections to the proxy. Use 'Ctrl' + L.Click for multiple selection.</description> + <description>The interface(s) for client connections to the proxy. Use 'Ctrl' + L. Click for multiple selection.</description> <type>interfaces_selection</type> <required/> <multiple/> @@ -125,7 +125,7 @@ <fielddescr>Enable Forwarded IP</fielddescr> <fieldname>enableforwardedip</fieldname> <description> - If HAVP is used as parent proxy by some other proxy, this allows to write the real users IP to log, instead of proxy IP. + If HAVP is used as a parent proxy for some other proxy, this allows writing the real user's IP to log, instead of the proxy IP. </description> <type>checkbox</type> </field> @@ -150,7 +150,7 @@ <field> <fielddescr>Max download size, Bytes</fielddescr> <fieldname>maxdownloadsize</fieldname> - <description>Enter value (in Bytes) or leave empty. Downloads larger, than 'Max download size' will be blocked. Only if not Whitelisted!</description> + <description>Enter value (in Bytes) or leave empty. Downloads larger than 'Max download size' will be blocked if not whitelisted.</description> <type>input</type> <size>10</size> <default_value></default_value> @@ -169,7 +169,7 @@ <fielddescr>Whitelist</fielddescr> <fieldname>whitelist</fieldname> <description> - Enter each destination url on a new line that will be accessable to the users without scanning. + Enter each destination URL on a new line that will be accessable to the users without scanning. Use '*' symbol for mask. Example: *.github.com/*, *sourceforge.net/*clamav-*, */*.xml, */*.inc </description> <type>textarea</type> @@ -196,10 +196,10 @@ <fielddescr>Enable RAM Disk</fielddescr> <fieldname>enableramdisk</fieldname> <description> - This option allow use RAM Disk for HAVP temp files for more quick traffic scan. - Ram Disc size depend from 'ScanMax file size and avialable memory. - This option can be ignored in VMVare or on 'low system memory'. - ( RAM Disk size calculated as [1/4 avialable system memory] > [Scan max file size] * 100 ) + This option allow use RAM disk for HAVP temp files for more quick traffic scan. + RAM disk size depends on 'ScanMax' file size and available memory. + This option can be ignored on systems with low memory. + ( RAM disk size calculated as [1/4 available system memory] > [Scan max file size] * 100 ) </description> <type>checkbox</type> </field> @@ -209,7 +209,7 @@ <description> Select this value for limit maximum file size or leave '---(5M)'. Files larger than this limit won't be scanned. - Small values increace scan speed and maximum new connections per second and allow RAM Disk use. + Small values increace scan speed and maximum new connections per second and allow RAM disk use. <br> NOTE: Setting limit is a security risk, because some archives like ZIP need all the data to be scanned properly! Use this only if you |