aboutsummaryrefslogtreecommitdiffstats
path: root/config/p3scan-pf/p3scan-pf.inc
diff options
context:
space:
mode:
Diffstat (limited to 'config/p3scan-pf/p3scan-pf.inc')
-rw-r--r--config/p3scan-pf/p3scan-pf.inc395
1 files changed, 0 insertions, 395 deletions
diff --git a/config/p3scan-pf/p3scan-pf.inc b/config/p3scan-pf/p3scan-pf.inc
deleted file mode 100644
index b6f497b2..00000000
--- a/config/p3scan-pf/p3scan-pf.inc
+++ /dev/null
@@ -1,395 +0,0 @@
-<?php
-/* $Id$ */
-/*
- $RCSfile$
- Copyright (C) 2006 Daniel S. Haischt <me@daniel.stefan.haischt.name>
- All rights reserved.
-
- Copyright (C) 2006 Fernando Lemos
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notices,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notices, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/* ====================== USAGE NOTE: ====================== */
-/* Depending on your use case scenario, this software may */
-/* depend on the following software packages: */
-/* */
-/* - renatach (part of the FreeBSD ports collection) */
-/* - a virus scanner (e.g. ClamAV) */
-/* - a spam filter (e.g. DSPAM or SpamAssassin) */
-/* ========================================================= */
-
-
-/* include all configuration functions */
-require_once("functions.inc");
-require_once("notices.inc");
-
-function sync_package_p3scan() {
- global $config, $g;
- conf_mount_rw();
- config_lock();
- $fd = fopen("/etc/p3scan.conf","w");
-
- /* shorten the config path */
- $cfg = $config['installedpackages']['p3scanpf']['config'][0];
- $cfgmsg = $config['installedpackages']['p3scanpfmsg']['config'][0];
- $cfgemer = $config['installedpackages']['p3scanpfemer']['config'];
- $cfgvir = $config['installedpackages']['p3scanpfvir']['config'][0];
- $cfgspam = $config['installedpackages']['p3scanpfspam']['config'][0];
-
- fwrite($fd, "## p3scan-pf config file - generated by pfSense.\n##\n");
- fwrite($fd, "## at: " . date("l dS of F Y h:i:s A") . "\n##\n");
- /* ================================================================ */
- /* == Tab: Daemon Settings == */
- /* ================================================================ */
- fwrite($fd, "## Daemon Settings.\n");
- fwrite($fd, "pidfile = /var/run/p3scan/p3scan.pid\n");
- if (isset($cfg['maxchilds']) && $cfg['maxchilds'] <> "")
- fwrite($fd, "maxchilds = {$cfg['maxchilds']}\n");
- else
- fwrite($fd, "maxchilds = 10\n");
- if (isset($cfg['ipaddr']) && $cfg['ipaddr'] <> "")
- fwrite($fd, "ip = {$cfg['ipaddr']}\n");
- else
- fwrite($fd, "ip = 127.0.0.1\n");
- if (isset($cfg['port']) && $cfg['port'] <> "")
- fwrite($fd, "port = {$cfg['port']}\n");
- else
- fwrite($fd, "port = 8110\n");
- if (isset($cfg['sslport']) && $cfg['sslport'] <> "")
- fwrite($fd, "sslport = {$cfg['sslport']}\n");
- else
- fwrite($fd, "sslport = 995\n");
- if (isset($cfg['targetip']) && $cfg['targetip'] <> "") {
- if ($cfg['targetip'] == "0.0.0.0")
- setup_transparency();
- else
- remove_transparency();
- fwrite($fd, "targetip = {$cfg['targetip']}\n");
- } else {
- setup_transparency();
- fwrite($fd, "targetip = 0.0.0.0\n");
- }
- if (isset($cfg['targetport']) && $cfg['targetport'] <> "")
- fwrite($fd, "targetport = {$cfg['targetport']}\n");
- else
- fwrite($fd, "targetport = 8110\n");
- if (isset($cfg['emailport']) && $cfg['emailport'] <> "")
- fwrite($fd, "emailport = {$cfg['emailport']}\n");
- else
- fwrite($fd, "emailport = 25\n");
- if (isset($cfg['daemonuser']) && $cfg['daemonuser'] <> "")
- fwrite($fd, "user = {$cfg['daemonuser']}\n");
- else
- fwrite($fd, "user = root\n");
- fwrite($fd, "notifydir = /var/spool/p3scan/notify\n");
- fwrite($fd, "virusdir = /var/spool/p3scan\n");
- fwrite($fd, "template = /usr/local/etc/p3scan/p3scan.mail\n");
-
- /* ================================================================ */
- /* == Tab: Message Processing == */
- /* ================================================================ */
- fwrite($fd, "## Message Processing Settings.\n");
- if (isset($cfgmsg['justdelete']) && $cfgmsg['justdelete'] <> "")
- fwrite($fd, "justdelete\n");
- if (isset($cfgmsg['bytesfree']) && $cfgmsg['bytesfree'] <> "")
- fwrite($fd, "bytesfree = {$cfgmsg['bytesfree']}\n");
- else
- fwrite($fd, "bytesfree = 10000\n");
- if (isset($cfgmsg['broken']) && $cfgmsg['broken'] <> "")
- fwrite($fd, "broken\n");
- if (isset($cfgmsg['timeout']) && $cfgmsg['timeout'] <> "")
- fwrite($fd, "timeout = {$cfgmsg['timeout']}\n");
- else
- fwrite($fd, "timeout = 30\n");
- if (isset($cfgmsg['ispspam']) && $cfgmsg['ispspam'] <> "")
- fwrite($fd, "ispspam = {$cfgmsg['ispspam']}\n");
- if (file_exists("/usr/local/bin/renattach"))
- fwrite($fd, "renattach = /usr/local/bin/renattach\n");
- if (isset($cfgmsg['subject']) && $cfgmsg['subject'] <> "")
- fwrite($fd, "subject = {$cfgmsg['subject']}\n");
- else
- fwrite($fd, "subject = Subject: \"[Virus] found in a mail to you:\" <virus name>\n");
- if (isset($cfgmsg['notify']) && $cfgmsg['notify'] <> "")
- fwrite($fd, "notify = {$cfgmsg['notify']}\n");
- else
- fwrite($fd, "notify = Per instruction, the message has been deleted.\n");
- if (isset($cfgmsg['smtpreject']) && $cfgmsg['smtpreject'] <> "")
- fwrite($fd, "smtprset = {$cfgmsg['smtpreject']}\n");
- else
- fwrite($fd, "smtprset = Virus detected! P3scan rejected message!\n");
- if (isset($cfgmsg['checksize']) && $cfgmsg['checksize'] <> "")
- fwrite($fd, "checksize = {$cfgmsg['checksize']}\n");
- if (isset($cfgmsg['footer']) && $cfgmsg['footer'] <> "")
- fwrite($fd, "footer = {$cfgmsg['footer']}\n");
-
- /* ================================================================ */
- /* == Tab: Emergency Contact == */
- /* ================================================================ */
- fwrite($fd, "## Emergency Contacts.\n");
- if (is_array($cfgemer)) {
- foreach ($cfgemer as $addr) {
- $contact .= "{$addr['emailaddress']} ";
- }
- if (isset($contact) && $contact <> "")
- fwrite($fd, "emergcon = {$contact}\n");
- }
-
- /* ================================================================ */
- /* == Tab: Virus Scanner Settings == */
- /* ================================================================ */
- fwrite($fd, "## Virus Scanner Settings.\n");
- if (isset($cfgvir['scannertype']) && $cfgvir['scannertype'] <> "")
- fwrite($fd, "scannertype = {$cfgvir['scannertype']}\n");
- else
- fwrite($fd, "scannertype = clamd\n");
- if (isset($cfgvir['scanner']) && $cfgvir['scanner'] <> "")
- fwrite($fd, "scanner = {$cfgvir['scanner']}\n");
- else
- fwrite($fd, "scanner = 127.0.0.1:3310\n");
- if (isset($cfgvir['viruscode']) && $cfgvir['viruscode'] <> "")
- fwrite($fd, "viruscode = {$cfgvir['viruscode']}\n");
- else
- fwrite($fd, "viruscode = 1\n");
- if (isset($cfgvir['goodcode']) && $cfgvir['goodcode'] <> "")
- fwrite($fd, "goodcode = {$cfgvir['goodcode']}\n");
- if (isset($cfgvir['virusregexp']) && $cfgvir['virusregexp'] <> "")
- fwrite($fd, "virusregexp = {$cfgvir['virusregexp']}\n");
- if (isset($cfgvir['demime']) && $cfgvir['demime'] <> "")
- fwrite($fd, "demime\n");
-
- /* ================================================================ */
- /* == Tab: SPAM Settings == */
- /* ================================================================ */
- if ((isset($cfgspam['checkspam']) && $cfgspam['checkspam'] <> "") ||
- $config['installedpackages']['sassassin']['config'][0]['enable'] == 'on') {
- fwrite($fd, "## SPAM Settings.\n");
- fwrite($fd, "checkspam\n");
- if (isset($cfgspam['spamcheck']) && $cfgspam['spamcheck'] <> "") {
- /* most times the command line for the spam binary becomes
- * quite lengthy, which my be the reason that users are
- * the XML tag and the command line itself into several
- * lines. Thus strip whitespaces.
- */
- $cfgspam['spamcheck'] = trim($cfgspam['spamcheck']);
- fwrite($fd, "spamcheck = {$cfgspam['spamcheck']}\n");
- } else {
- if ($config['installedpackages']['sassassin']['config'][0]['enable'] == 'on') {
- fwrite($fd, "spamcheck = /usr/bin/spamc\n");
- } else {
- fwrite($fd, "spamcheck = /usr/local/bin/dspam --user dspamuser --mode=teft --stdout --deliver=innocent,spam --feature=ch,no,wh\n");
- }
- }
- }
-
- fclose($fd);
-
- /* NOTE: The following code requires the p3scan-pf.inc file to
- * be saved with UNIX Linefeeds. LF that is and NOT CR LF.
- */
- $start = <<<EOD
-test_p3scan_user=`cat /etc/passwd | grep p3scan`
-test_p3scan_group=`cat /etc/passwd | grep p3scan`
-
-if [ -z "\${test_p3scan_group}" ]; then
- pw groupadd p3scan -g 108
-fi
-
-if [ -z "\${test_p3scan_user}" ]; then
- pw useradd p3scan -u 108 -g p3scan -d /var/spool/p3scan -s /sbin/nologin -c 'P3Scan Daemon'
-fi
-
-if [ ! -d "/var/spool/p3scan" ]; then
- mkdir /var/spool/p3scan && chown p3scan:p3scan /var/spool/p3scan
-fi
-
-if [ ! -d "/var/spool/p3scan/children" ]; then
- mkdir /var/spool/p3scan/children && chown p3scan:p3scan /var/spool/p3scan/children
-fi
-
-if [ ! -d "/var/spool/p3scannotify" ]; then
- mkdir /var/spool/p3scannotify && chown p3scan:p3scan /var/spool/p3scannotify
-fi
-
-if [ ! -d "/var/run/p3scan" ]; then
- mkdir /var/run/p3scan && chown p3scan:p3scan /var/run/p3scan
-fi
-
-/sbin/mount_fdescfs fdescfs /dev/fd
-/usr/local/sbin/p3scan --configfile=/usr/local/etc/p3scan/p3scan.conf &
-
-EOD;
-
- $stop = "/usr/bin/killall p3scan\n" .
- "sleep 2";
-
- if (! file_exists("/usr/local/etc/rc.d/030.p3scan.sh")) {
- write_rcfile(array(
- "file" => "030.p3scan.sh",
- "start" => $start,
- "stop" => $stop
- )
- );
- }
-
- /* finally get rid of files that were instaled by the package */
- removePackageLeftovers();
-
- conf_mount_ro();
- config_unlock();
-
- if (! file_exists("/usr/local/etc/p3scan")) {
- mkdir("/usr/local/etc/p3scan");
- }
- if (! file_exists("/usr/local/etc/p3scan/p3scan.conf")) {
- mwexec("ln -s /etc/p3scan.conf /usr/local/etc/p3scan/p3scan.conf");
- }
- if (! file_exists("/usr/local/etc/p3scan/p3scan.mail")) {
- $fd = fopen("/usr/local/etc/p3scan/p3scan.mail","w");
-
- $p3scanmail = <<<EOD
-MIME-Version: 1.0
-Content-Transfer-Encoding: 8bit
-Content-Type: text/plain;
- charset="iso-8859-1"
-
-Hello %USERNAME%.
-This message body was generated automatically from P3Scan, which runs on
-%HOSTNAME%.%DOMAINNAME% for scanning all incoming email.
-
-It replaces the body of a message sent to you that contained a VIRUS!
-
-Instead of the infected email this message has been sent to you.
-
-You may look at the message header of this message for the complete
-email header information of the infected message.
-
-Virus name:
- %VIRUSNAME%
-(Supposed) Sender of the email:
- %MAILFROM%
-Sent To:
- %MAILTO%
-On Date:
- %MAILDATE%
-Subject:
- %SUBJECT%
-Connection data:
- %PROTOCOL% from %CLIENTIP%:%CLIENTPORT% to %SERVERIP%:%SERVERPORT%
-Message File:
- %P3SCANID%
-Virus Definition Info:
- %VDINFO%
---
-%PROGNAME% %VERSION%
-by Jack S. Lai <laitcg@cox.net>
-
-EOD;
-
- fwrite($fd, $p3scanmail);
- fclose($fd);
- }
-
- mwexec("/usr/local/etc/rc.d/030.p3scan.sh stop");
- /* test whether a pid file still exists and remove it if necessary */
- if (! is_service_running("p3scan-pf"))
- unlink_if_exists("/var/run/p3scan/p3scan.pid");
- mwexec("/usr/local/etc/rc.d/030.p3scan.sh start");
-
- return 0;
-}
-
-function custom_php_install_command() {
- global $config, $g;
- sync_package_p3scan();
-}
-
-function custom_php_deinstall_command() {
- global $config, $g;
- conf_mount_rw();
-
- if (is_service_running("p3scan-pf"))
- stop_service("p3scan-pf");
-
- unlink_if_exists("/usr/local/etc/p3scan/p3scan.conf");
- unlink_if_exists("/usr/local/etc/p3scan/p3scan.mail");
- unlink_if_exists("/usr/local/etc/rc.d/030.p3scan.sh");
- rmdir("/usr/local/etc/p3scan");
- mwexec("rm -rf /var/spool/p3scan");
- mwexec("rm -rf /var/run/p3scan");
- mwexec("rm -rf /var/run/p3scan");
-
- conf_mount_ro();
-}
-
-function removePackageLeftovers() {
- unlink_if_exists("/usr/local/etc/rc.d/p3scan.sh");
- unlink_if_exists("/usr/local/etc/p3scan.conf.sample");
- unlink_if_exists("/usr/local/etc/p3scan.mail.sample");
-
-}
-
-function add_trans_table(){
- global $config;
-
- /* Flush all entries first, and then add them. */
- $p3scan_pf_result = mwexec ('pfctl -a "rdr-package/p3scan" -t p3scan -T flush');
- if($p3scan_pf_result <> 0) {
- file_notice("P3SCAN", "There were error(s) flushing the exclude table", "P3SCAN", "");
- }
- if($config['installedpackages']['p3scanpftransex']['config'] != ""){
- foreach($config['installedpackages']['p3scanpftransex']['config'] as $tmp) {
- $p3scan_pf_result = mwexec ('pfctl -a "rdr-package/p3scan" -t p3scan -T add ' . $tmp['ip']);
- if($p3scan_pf_result <> 0) {
- file_notice("P3SCAN", "There were error(s) adding the ip " . $tmp['ip'], "P3SCAN", "");
- }
- }
- }
-}
-
-function remove_transparency() {
- $p3scan_pf_result = mwexec ('pfctl -a "rdr-package/p3scan" -t p3scan -T flush');
- if($p3scan_pf_result <> 0) {
- file_notice("P3SCAN", "There were error(s) flushing the exclude table", "P3SCAN", "");
- }
-}
-
-function setup_transparency() {
- global $config;
- $cfg = $config['installedpackages']['p3scanpf']['config'][0];
- $ip = $cfg['ipaddr'];
- $port = $cfg['port'];
-
- if ($ip == "" || $port == "") { return; }
-
- $trans_file = fopen("/tmp/p3scan_pf.rules","w");
- fwrite($trans_file, "table <p3scan> persist\n");
- fwrite($trans_file, "rdr on " . $config['interfaces']['lan']['if'] . " inet proto tcp from !<p3scan> to ! " . $config['interfaces']['lan']['ipaddr'] . " port = pop3 -> {$ip} port {$port} \n");
- fclose($trans_file);
- $p3scan_pf_result = mwexec ('pfctl -a "rdr-package/p3scan" -f /tmp/p3scan_pf.rules');
- if($p3scan_pf_result <> 0) {
- file_notice("P3SCAN", "There were error(s) loading the transparency rules", "P3SCAN", "");
- }
- add_trans_table();
-}
-?> \ No newline at end of file