diff options
Diffstat (limited to 'packages/p3scan-pf/p3scan-pf.inc')
| -rw-r--r-- | packages/p3scan-pf/p3scan-pf.inc | 348 |
1 files changed, 348 insertions, 0 deletions
diff --git a/packages/p3scan-pf/p3scan-pf.inc b/packages/p3scan-pf/p3scan-pf.inc new file mode 100644 index 00000000..b7359b49 --- /dev/null +++ b/packages/p3scan-pf/p3scan-pf.inc @@ -0,0 +1,348 @@ +<?php +/* $Id$ */ +/* + $RCSfile$ + Copyright (C) 2006 Daniel S. Haischt <me@daniel.stefan.haischt.name> + All rights reserved. + + Copyright (C) 2006 Fernando Lemos + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notices, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notices, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +/* ====================== USAGE NOTE: ====================== */ +/* Depending on your use case scenario, this software may */ +/* depend on the following software packages: */ +/* */ +/* - renatach (part of the FreeBSD ports collection) */ +/* - a virus scanner (e.g. ClamAV) */ +/* - a spam filter (e.g. DSPAM or SpamAssassin) */ +/* ========================================================= */ + + +/* include all configuration functions */ +require_once("functions.inc"); + +function sync_package_p3scan() { + global $config, $g; + conf_mount_rw(); + config_lock(); + $fd = fopen("/etc/p3scan.conf","w"); + + /* shorten the config path */ + $cfg = $config['installedpackages']['p3scanpf']['config'][0]; + $cfgmsg = $config['installedpackages']['p3scanpfmsg']['config'][0]; + $cfgemer = $config['installedpackages']['p3scanpfemer']['config']; + $cfgvir = $config['installedpackages']['p3scanpfvir']['config'][0]; + $cfgspam = $config['installedpackages']['p3scanpfspam']['config'][0]; + + fwrite($fd, "## p3scan-pf config file - generated by pfSense.\n##\n"); + fwrite($fd, "## at: " . date("l dS of F Y h:i:s A") . "\n##\n"); + /* ================================================================ */ + /* == Tab: Daemon Settings == */ + /* ================================================================ */ + fwrite($fd, "## Daemon Settings.\n"); + fwrite($fd, "pidfile = /var/run/p3scan/p3scan.pid\n"); + if (isset($cfg['maxchilds']) && $cfg['maxchilds'] <> "") + fwrite($fd, "maxchilds = {$cfg['maxchilds']}\n"); + else + fwrite($fd, "maxchilds = 10\n"); + if (isset($cfg['ipaddr']) && $cfg['ipaddr'] <> "") + fwrite($fd, "ip = {$cfg['ipaddr']}\n"); + else + fwrite($fd, "ip = 127.0.0.1\n"); + if (isset($cfg['port']) && $cfg['port'] <> "") + fwrite($fd, "port = {$cfg['port']}\n"); + else + fwrite($fd, "port = 8110\n"); + if (isset($cfg['sslport']) && $cfg['sslport'] <> "") + fwrite($fd, "sslport = {$cfg['sslport']}\n"); + else + fwrite($fd, "sslport = 995\n"); + if (isset($cfg['targetip']) && $cfg['targetip'] <> "") { + if ($cfg['targetip'] == "0.0.0.0") + setup_transparency(); + else + remove_transparency() + fwrite($fd, "targetip = {$cfg['targetip']}\n"); + } else { + setup_transparency(); + fwrite($fd, "targetip = 0.0.0.0\n"); + } + if (isset($cfg['targetport']) && $cfg['targetport'] <> "") + fwrite($fd, "targetport = {$cfg['targetport']}\n"); + else + fwrite($fd, "targetport = 8110\n"); + if (isset($cfg['emailport']) && $cfg['emailport'] <> "") + fwrite($fd, "emailport = {$cfg['emailport']}\n"); + else + fwrite($fd, "emailport = 25\n"); + if (isset($cfg['daemonuser']) && $cfg['daemonuser'] <> "") + fwrite($fd, "user = {$cfg['daemonuser']}\n"); + else + fwrite($fd, "user = root\n"); + fwrite($fd, "notifydir = /var/spool/p3scan/notify\n"); + fwrite($fd, "virusdir = /var/spool/p3scan\n"); + fwrite($fd, "template = /usr/local/etc/p3scan/p3scan.mail\n"); + + /* ================================================================ */ + /* == Tab: Message Processing == */ + /* ================================================================ */ + fwrite($fd, "## Message Processing Settings.\n"); + if (isset($cfgmsg['justdelete']) && $cfgmsg['justdelete'] <> "") + fwrite($fd, "justdelete\n"); + if (isset($cfgmsg['bytesfree']) && $cfgmsg['bytesfree'] <> "") + fwrite($fd, "bytesfree = {$cfgmsg['bytesfree']}\n"); + else + fwrite($fd, "bytesfree = 10000\n"); + if (isset($cfgmsg['broken']) && $cfgmsg['broken'] <> "") + fwrite($fd, "broken\n"); + if (isset($cfgmsg['timeout']) && $cfgmsg['timeout'] <> "") + fwrite($fd, "timeout = {$cfgmsg['timeout']}\n"); + else + fwrite($fd, "timeout = 30\n"); + if (isset($cfgmsg['ispspam']) && $cfgmsg['ispspam'] <> "") + fwrite($fd, "ispspam = {$cfgmsg['ispspam']}\n"); + if (file_exists("/usr/local/bin/renattach")) + fwrite($fd, "renattach = /usr/local/bin/renattach\n"); + if (isset($cfgmsg['subject']) && $cfgmsg['subject'] <> "") + fwrite($fd, "subject = {$cfgmsg['subject']}\n"); + else + fwrite($fd, "subject = Subject: \"[Virus] found in a mail to you:\" <virus name>\n"); + if (isset($cfgmsg['notify']) && $cfgmsg['notify'] <> "") + fwrite($fd, "notify = {$cfgmsg['notify']}\n"); + else + fwrite($fd, "notify = Per instruction, the message has been deleted.\n"); + if (isset($cfgmsg['smtpreject']) && $cfgmsg['smtpreject'] <> "") + fwrite($fd, "smtprset = {$cfgmsg['smtpreject']}\n"); + else + fwrite($fd, "smtprset = Virus detected! P3scan rejected message!\n"); + if (isset($cfgmsg['checksize']) && $cfgmsg['checksize'] <> "") + fwrite($fd, "checksize = {$cfgmsg['checksize']}\n"); + if (isset($cfgmsg['footer']) && $cfgmsg['footer'] <> "") + fwrite($fd, "footer = {$cfgmsg['footer']}\n"); + + /* ================================================================ */ + /* == Tab: Emergency Contact == */ + /* ================================================================ */ + fwrite($fd, "## Emergency Contacts.\n"); + if (is_array($cfgemer)) { + foreach ($cfgemer as $addr) { + $contact .= "{$addr['emailaddress']} "; + } + if (isset($contact) && $contact <> "") + fwrite($fd, "emergcon = {$contact}\n"); + } + + /* ================================================================ */ + /* == Tab: Virus Scanner Settings == */ + /* ================================================================ */ + fwrite($fd, "## Virus Scanner Settings.\n"); + if (isset($cfgvir['scannertype']) && $cfgvir['scannertype'] <> "") + fwrite($fd, "scannertype = {$cfgvir['scannertype']}\n"); + else + fwrite($fd, "scannertype = clamd\n"); + if (isset($cfgvir['scanner']) && $cfgvir['scanner'] <> "") + fwrite($fd, "scanner = {$cfgvir['scanner']}\n"); + else + fwrite($fd, "scanner = 127.0.0.1:3310\n"); + if (isset($cfgvir['viruscode']) && $cfgvir['viruscode'] <> "") + fwrite($fd, "viruscode = {$cfgvir['viruscode']}\n"); + else + fwrite($fd, "viruscode = 1\n"); + if (isset($cfgvir['goodcode']) && $cfgvir['goodcode'] <> "") + fwrite($fd, "goodcode = {$cfgvir['goodcode']}\n"); + if (isset($cfgvir['virusregexp']) && $cfgvir['virusregexp'] <> "") + fwrite($fd, "virusregexp = {$cfgvir['virusregexp']}\n"); + if (isset($cfgvir['demime']) && $cfgvir['demime'] <> "") + fwrite($fd, "demime\n"); + + /* ================================================================ */ + /* == Tab: SPAM Settings == */ + /* ================================================================ */ + if ((isset($cfgspam['checkspam']) && $cfgspam['checkspam'] <> "") || + $config['installedpackages']['sassassin']['config'][0]['enable'] == 'on') { + fwrite($fd, "## SPAM Settings.\n"); + fwrite($fd, "checkspam\n"); + if (isset($cfgspam['spamcheck']) && $cfgspam['spamcheck'] <> "") { + /* most times the command line for the spam binary becomes + * quite lengthy, which my be the reason that users are + * the XML tag and the command line itself into several + * lines. Thus strip whitespaces. + */ + $cfgspam['spamcheck'] = trim($cfgspam['spamcheck']); + fwrite($fd, "spamcheck = {$cfgspam['spamcheck']}\n"); + } else { + if ($config['installedpackages']['sassassin']['config'][0]['enable'] == 'on') { + fwrite($fd, "spamcheck = /usr/bin/spamc\n"); + } else { + fwrite($fd, "spamcheck = /usr/local/bin/dspam --user dspamuser --mode=teft --stdout --deliver=innocent,spam --feature=ch,no,wh\n"); + } + } + } + + fclose($fd); + + /* NOTE: The following code requires the p3scan-pf.inc file to + * be saved with UNIX Linefeeds. LF that is and NOT CR LF. + */ + $start = <<<EOD +test_p3scan_user=`cat /etc/passwd | grep p3scan` +test_p3scan_group=`cat /etc/passwd | grep p3scan` + +if [ -z "\${test_p3scan_group}" ]; then + pw groupadd p3scan -g 108 +fi + +if [ -z "\${test_p3scan_user}" ]; then + pw useradd p3scan -u 108 -g p3scan -d /var/spool/p3scan -s /sbin/nologin -c 'P3Scan Daemon' +fi + +if [ ! -d "/var/spool/p3scan" ]; then + mkdir /var/spool/p3scan && chown p3scan:p3scan /var/spool/p3scan +fi + +if [ ! -d "/var/spool/p3scan/children" ]; then + mkdir /var/spool/p3scan/children && chown p3scan:p3scan /var/spool/p3scan/children +fi + +if [ ! -d "/var/spool/p3scannotify" ]; then + mkdir /var/spool/p3scannotify && chown p3scan:p3scan /var/spool/p3scannotify +fi + +if [ ! -d "/var/run/p3scan" ]; then + mkdir /var/run/p3scan && chown p3scan:p3scan /var/run/p3scan +fi + +/sbin/mount_fdescfs fdescfs /dev/fd +/usr/local/sbin/p3scan --configfile=/usr/local/etc/p3scan/p3scan.conf & + +EOD; + + $stop = "/usr/bin/killall p3scan\n" . + "sleep 2"; + + write_rcfile(array( + "file" => "030.p3scan.sh", + "start" => $start, + "stop" => $stop + ) + ); + + conf_mount_ro(); + config_unlock(); + + if (! file_exists("/usr/local/etc/p3scan")) { + mkdir("/usr/local/etc/p3scan"); + } + if (! file_exists("/usr/local/etc/p3scan/p3scan.conf")) { + mwexec("ln -s /etc/p3scan.conf /usr/local/etc/p3scan/p3scan.conf"); + } + if (! file_exists("/usr/local/etc/p3scan/p3scan.mail")) { + $fd = fopen("/usr/local/etc/p3scan/p3scan.mail","w"); + + $p3scanmail = <<<EOD +MIME-Version: 1.0 +Content-Transfer-Encoding: 8bit +Content-Type: text/plain; + charset="iso-8859-1" + +Hello %USERNAME%. +This message body was generated automatically from P3Scan, which runs on +%HOSTNAME%.%DOMAINNAME% for scanning all incoming email. + +It replaces the body of a message sent to you that contained a VIRUS! + +Instead of the infected email this message has been sent to you. + +You may look at the message header of this message for the complete +email header information of the infected message. + +Virus name: + %VIRUSNAME% +(Supposed) Sender of the email: + %MAILFROM% +Sent To: + %MAILTO% +On Date: + %MAILDATE% +Subject: + %SUBJECT% +Connection data: + %PROTOCOL% from %CLIENTIP%:%CLIENTPORT% to %SERVERIP%:%SERVERPORT% +Message File: + %P3SCANID% +Virus Definition Info: + %VDINFO% +-- +%PROGNAME% %VERSION% +by Jack S. Lai <laitcg@cox.net> + +EOD; + + fwrite($fd, $p3scanmail); + fclose($fd); + } + + mwexec("/usr/local/etc/rc.d/030.p3scan.sh stop"); + mwexec("/usr/local/etc/rc.d/030.p3scan.sh start"); + + return 0; +} + +function custom_php_install_command() { + global $config, $g; + sync_package_p3scan(); +} + +function custom_php_deinstall_command() { + global $config, $g; + conf_mount_rw(); + unlink_if_exists("/usr/local/pkg/pf/p3scan_rules.php"); + unlink_if_exists("/usr/local/www/p3scan_rules.php"); + unlink_if_exists("/usr/local/etc/p3scan/p3scan.conf"); + unlink_if_exists("/usr/local/etc/p3scan/p3scan.mail"); + unlink_if_exists("/usr/local/etc/rc.d/030.p3scan.sh"); + rmdir("/usr/local/etc/p3scan"); + conf_mount_ro(); +} + +function remove_transparency() { + $p3scan_pf_result = mwexec ('pfctl -a "rdr-package/p3scan" -t p3scan -T flush'); + if($havp_pf_result <> 0) { + file_notice("P3SCAN", "There were error(s) flushing the exclude table", "P3SCAN", ""); +} + +function setup_transparency() { + global $config; + $cfg = $config['installedpackages']['p3scanpf']['config'][0]; + $trans_file = fopen("/tmp/p3scan_pf.rules","w"); + fwrite($trans_file, "table <p3scan> persist\n"); + fwrite($trans_file, "rdr on " . $config['interfaces']['lan']['if'] . " inet proto tcp from !<p3scan> to ! " . $config['interfaces']['lan']['ipaddr'] . " port = pop3 -> {$cfg['ip']} port {$cfg['port']} \n"); + fclose($trans_file); + $p3scan_pf_result = mwexec ('pfctl -a "rdr-package/p3scan" -f /tmp/p3scan_pf.rules'); + if($p3scan_pf_result <> 0) { + file_notice("P3SCAN", "There were error(s) loading the transparency rules", "P3SCAN", ""); + } +} +?>
\ No newline at end of file |