From 5c8a377c8729aa68ff5c61e93550517c8b3d73ac Mon Sep 17 00:00:00 2001 From: thuynguyenduc Date: Fri, 17 May 2013 11:33:33 +0700 Subject: Update squid.inc Fix missing last error language directory --- config/squid/squid.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/squid/squid.inc b/config/squid/squid.inc index bd0c8634..34186407 100644 --- a/config/squid/squid.inc +++ b/config/squid/squid.inc @@ -295,7 +295,7 @@ function squid_before_form_general($pkg) { } $field = &$pkg['fields']['field'][$i]; - for ($i = 0; $i < count($values) - 1; $i++) + for ($i = 0; $i < count($values); $i++) $field['options']['option'][] = array('name' => $names[$i], 'value' => $values[$i]); } -- cgit v1.2.3 From b3d17e3d4887fa9a73b2fc060c15e0537f1eb3e3 Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Fri, 17 May 2013 17:47:49 -0300 Subject: squid3-dev - include antivirus depend packages to pkg_config --- pkg_config.8.xml | 4 +++- pkg_config.8.xml.amd64 | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 44c10176..28796ad8 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -1280,11 +1280,13 @@ squid-3.3.4.tbz libltdl-2.4.2.tbz libwww-5.4.0_4.tbz + squidclamav-6.10_1.tbz + clamav-0.97.8.tbz ca_root_nss-3.14.1.tbz www/libwww www/squid33 - www/squid_radius_auth security/clamav www/squidclamav security/ca_root_nss + www/squid_radius_auth security/clamav www/squidclamav security/ca_root_nss www/c-icap-modules c-icap_UNSET=IPV6 squid33_UNSET=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES;squid33_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD http://www.pfsense.org/packages/config/squid3/33/squid.xml diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 471bd094..b81b5f71 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -1267,11 +1267,13 @@ squid-3.3.4.tbz libltdl-2.4.2.tbz libwww-5.4.0_4.tbz + squidclamav-6.10_1.tbz + clamav-0.97.8.tbz ca_root_nss-3.14.1.tbz www/libwww www/squid33 - www/squid_radius_auth security/clamav www/squidclamav security/ca_root_nss + www/squid_radius_auth security/clamav www/squidclamav security/ca_root_nss www/c-icap-modules c-icap_UNSET=IPV6 squid33_UNSET=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI ECAP SNMP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES;squid33_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD http://www.pfsense.org/packages/config/squid3/33/squid.xml -- cgit v1.2.3 From 61944b680cd6269aa1a6b57b703084ed19b62fb6 Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Fri, 17 May 2013 19:59:28 -0300 Subject: squid3-dev - improve icap antivirus integration code. --- config/squid3/33/squid.inc | 35 +++++++++++++++++++++++------------ 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc index 8eb9f2fa..a29fb3c6 100755 --- a/config/squid3/33/squid.inc +++ b/config/squid3/33/squid.inc @@ -427,6 +427,10 @@ function squid_validate_general($post, $input_errors) { $input_errors[] = "You can not run squid on the same port as the webgui"; } + if (($post['ssl_proxy'] == 'on') && ( $post['dca'] == '')) { + $input_errors[] = "SSL interception cannot be enabled without a CA."; + } + foreach (array('defined_ip_proxy_off') as $hosts) { foreach (explode(";", $post[$hosts]) as $host) { $host = trim($host); @@ -783,7 +787,7 @@ function squid_check_ca_hashes(){ #check certificates $cert_count=0; if (is_dir(SQUID_LOCALBASE. '/share/certs')) - if ($handle = opendir(SQUID_LOCALBASE.'/usr/local/share/certs')) { + if ($handle = opendir(SQUID_LOCALBASE.'/share/certs')) { while (false !== ($file = readdir($handle))) if (preg_match ("/\d+.0/",$file)) $cert_count++; @@ -1345,9 +1349,9 @@ EOF; if (!file_exists(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.sample")) if (file_exists(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.default")){ $sample_file=file_get_contents(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.default"); - $matches[0]="@/var/run/clamav/clamd.ctl@"; - $replaces[0]="/var/run/clamav/clamd.sock"; - file_put_contents(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.sample",preg_replace($matches,$replaces,$sample_file),LOCK_EX); + $clamav_m[0]="@/var/run/clamav/clamd.ctl@"; + $clamav_r[0]="/var/run/clamav/clamd.sock"; + file_put_contents(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.sample",preg_replace($clamav_m,$clamav_r,$sample_file),LOCK_EX); } #c-icap.conf if (!file_exists(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.sample")) @@ -1355,8 +1359,6 @@ EOF; $sample_file=file_get_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.default"); if (! preg_match ("/squidclamav/")) $sample_file.="\nService squidclamav squidclamav.so\n"; - if (! preg_match ("/User proxy/")) - $sample_file.="\nUser proxy\n"; file_put_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.sample",$sample_file,LOCK_EX); } @@ -1378,8 +1380,8 @@ EOF; $antivirus_config = $config['installedpackages']['squidantivirus']['config'][0]; } #check dirs - $dirs=array("/var/run/c-icap" => "proxy", - "/var/log/c-icap" => "proxy", + $dirs=array("/var/run/c-icap" => "clamav", + "/var/log/c-icap" => "clamav", "/var/log/clamav" => "clamav", "/var/run/clamav" => "clamav", "/var/db/clamav" => "clamav"); @@ -1404,11 +1406,20 @@ EOF; #check antivirus daemons #check icap - if (is_process_running("c-icap")) - mwexec_bg("/usr/local/etc/rc.d/c-icap reload"); - else + if (is_process_running("c-icap")){ + mwexec('/bin/echo -n "reconfigure" > /var/run/c-icap/c-icap.ctl'); + } + else{ + #check c-icap user on startup file + $c_icap_rcfile="/usr/local/etc/rc.d/c-icap"; + if (file_exists($c_icap_rcfile)){ + $sample_file=file_get_contents($c_icap_rcfile); + $cicapm[0]="@c_icap_user=.*}@"; + $cicapr[0]='c_icap_user="clamav"}'; + file_put_contents($c_icap_rcfile,preg_replace($cicapm,$cicapr,$sample_file),LOCK_EX); + } mwexec("/usr/local/etc/rc.d/c-icap start"); - + } #check clamav if (is_process_running("clamd")) mwexec_bg("/usr/local/etc/rc.d/clamav-clamd reload"); -- cgit v1.2.3