From edd26d4525fd346b0493e255235aca5706c96428 Mon Sep 17 00:00:00 2001
From: serg dvoriancev <dv_serg@mail.ru>
Date: Fri, 1 May 2009 22:59:43 +0400
Subject: havp update new version ; squidGuard fix small bug

---
 config/havp/havp.xml | 251 +++++++++++++++++++++++++++++----------------------
 1 file changed, 145 insertions(+), 106 deletions(-)

(limited to 'config/havp/havp.xml')

diff --git a/config/havp/havp.xml b/config/havp/havp.xml
index a70b09bc..f2e07c91 100644
--- a/config/havp/havp.xml
+++ b/config/havp/havp.xml
@@ -1,30 +1,58 @@
 <?xml version="1.0" encoding="utf-8" ?>
 <packagegui>
         <name>havp</name>
-        <title>Services: Antivirus proxy server (havp + clamav) -> Settings</title>
+        <title>Antivirus: HTTP proxy (havp + clamav)</title>
         <category>Status</category>
-        <version>1.7.1</version>
-        <include_file>havp.inc</include_file>
+        <version>0.88_03</version>
+        <include_file>/usr/local/pkg/havp.inc</include_file>
 
         <!-- Installation -->
         <menu>
-                <name>HTTP Antivirus</name>
-                <tooltiptext>Proxy server antivirus</tooltiptext>
+                <name>Antivirus</name>
+                <tooltiptext>Antivirus service</tooltiptext>
                 <section>Services</section>
                 <url>/pkg_edit.php?xml=havp.xml&amp;id=0</url>
         </menu>
 
+        <service>
+		<name>havp</name>
+		<rcfile>havp.sh</rcfile>
+		<executable>havp</executable>
+		<description>Antivirus HTTP proxy Service</description>
+        </service>
+
         <additional_files_needed>
                <item>http://www.pfsense.com/packages/config/havp/havp.inc</item>
+               <prefix>/usr/local/pkg/</prefix>
+               <chmod>0755</chmod>
+        </additional_files_needed>
+        <additional_files_needed>
+               <item>http://www.pfsense.com/packages/config/havp/havp_fscan.xml</item>
+               <prefix>/usr/local/pkg/</prefix>
+               <chmod>0755</chmod>
+        </additional_files_needed>
+        <additional_files_needed>
+               <item>http://www.pfsense.com/packages/config/havp/havp_avset.xml</item>
+               <prefix>/usr/local/pkg/</prefix>
+               <chmod>0755</chmod>
         </additional_files_needed>
 
         <tabs>
                 <tab>
-                        <text>Settings</text>
+                        <text>HTTP proxy</text>
                         <url>/pkg_edit.php?xml=havp.xml&amp;id=0</url>
                         <active/>
                 </tab>
+                <tab>
+                        <text>Files Scanner</text>
+                        <url>/pkg_edit.php?xml=havp_fscan.xml&amp;id=0</url>
+                </tab>
+                <tab>
+                        <text>Settings</text>
+                        <url>/pkg_edit.php?xml=havp_avset.xml&amp;id=0</url>
+                </tab>
         </tabs>
+
         <fields>
                 <field>
                         <fielddescr>Enable</fielddescr>
@@ -33,38 +61,72 @@
                         <type>checkbox</type>
                 </field>
                 <field>
-                        <fielddescr>Use external interface</fielddescr>
-                        <fieldname>listenextinterface</fieldname>
-                        <description>Select this for use external interface, otherwise the proxy will use the internal interface '127.0.0.1'. Cascade you other proxy to the HAVP as 'parent proxy' via '127.0.0.1' ip.</description>
-                        <type>checkbox</type>
-                        <enablefields>proxyiface</enablefields>
+                        <fielddescr>Proxy mode</fielddescr>
+                        <fieldname>proxymode</fieldname>
+                        <description>
+				Select interface mode: &lt;br&gt;
+				&lt;b&gt; standard &lt;/b&gt; - client(s) bind to the 'proxy port' on selected interface(s); &lt;br&gt;
+				&lt;b&gt; parent for squid &lt;/b&gt; - configure HAVP as parent for Squid proxy;&lt;br&gt;
+				&lt;b&gt; transparent &lt;/b&gt; - all 'http' requests on interface(s) will be translated to the HAVP proxy server without any client(s) additional configuration necessary (worked as 'parent for squid' with 'transparent' Squid proxy); &lt;br&gt;
+				&lt;b&gt; internal &lt;/b&gt; - HAVP listen internal interface (127.0.0.1) on 'proxy port', use you own traffic forwarding rules.&lt;br&gt;
+			</description>
+                        <type>select</type>
+                        <default_value>standard</default_value>
+                        <options>
+                                 <option><value>standard</value><name>Standard</name></option>
+                                 <option><value>squid</value><name>Parent for Squid</name></option>
+                                 <option><value>transparent</value><name>Transparent</name></option>
+                                 <option><value>internal</value><name>Internal</name></option>
+                        </options>
                 </field>
+
                 <field>
-                        <fielddescr>Proxy interface</fielddescr>
-                        <fieldname>proxyiface</fieldname>
-                        <description>The interface(s) the proxy server will bind to.</description>
+                        <fielddescr>Proxy interface(s)</fielddescr>
+                        <fieldname>proxyinterface</fieldname>
+                        <description>The interface(s) for client connections to the proxy. Use 'Ctrl' + L.Click for multiple selection.</description>
                         <type>interfaces_selection</type>
                         <required/>
-                        <default_value>lan</default_value>
+                        <multiple/>
+                        <value>lan</value>
                 </field>
                 <field>
                         <fielddescr>Proxy port</fielddescr>
                         <fieldname>proxyport</fieldname>
-                        <description>This is the port the proxy server will listen on.</description>
+                        <description>
+				This is the port the proxy server will listen on (for example: 8080). This port must be different from Squid proxy.
+                        </description>
                         <type>input</type>
                         <size>10</size>
                         <required/>
-                        <default_value>3128</default_value>
+                        <value>3125</value>
                 </field>
                 <field>
                         <fielddescr>Parent proxy</fielddescr>
                         <fieldname>parentproxy</fieldname>
                         <description>
-                                Enter the parent proxy as PROXY:PORT format or leave empty.
+                                Enter the parent (upstream) proxy settings as PROXY:PORT format or leave empty.
                         </description>
                         <type>input</type>
                         <size>90</size>
                 </field>
+                <field>
+                        <fielddescr>Enable X-Forwarded-For</fielddescr>
+                        <fieldname>enablexforwardedfor</fieldname>
+                        <description>
+ 				If client sent this header, FORWARDED_IP setting defines the value, then it is passed on. You might want to keep this disabled for security reasons.
+				&lt;br&gt;Enable this if you use your own parent proxy after HAVP, so it will see the original client IP.
+				&lt;br&gt;Disabling this also disables Via: header generation.
+                        </description>
+                        <type>checkbox</type>
+                </field>
+                <field>
+                        <fielddescr>Enable Forwarded IP</fielddescr>
+                        <fieldname>enableforwardedip</fieldname>
+                        <description>
+				If HAVP is used as parent proxy by some other proxy, this allows to write the real users IP to log, instead of proxy IP.
+                        </description>
+                        <type>checkbox</type>
+                </field>
                 <field>
                         <fielddescr>Language</fielddescr>
                         <fieldname>lang</fieldname>
@@ -84,17 +146,21 @@
                         </options>
                 </field>
                 <field>
-                        <fielddescr>Max download size</fielddescr>
+                        <fielddescr>Max download size, Bytes</fielddescr>
                         <fieldname>maxdownloadsize</fieldname>
-                        <description>Enter value or leave empty. Value in bytes. Downloads larger than 'Max download size' will be blocked. Only if not Whitelisted!</description>
+                        <description>Enter value (in Bytes) or leave empty. Downloads larger, than 'Max download size' will be blocked. Only if not Whitelisted!</description>
                         <type>input</type>
                         <size>10</size>
                         <default_value></default_value>
                 </field>
                 <field>
-                        <fielddescr>Disable X-Forward</fielddescr>
-                        <fieldname>xforwardedfor</fieldname>
-                        <description>If not set, proxy will include your system's IP address or name in the HTTP requests it forwards.</description>
+                        <fielddescr>HTTP Range requests</fielddescr>
+                        <fieldname>range</fieldname>
+                        <description>
+                        	Set this for allow HTTP Range requests, and broken downloads can be resumed.
+                        	Allowing HTTP Range is a security risk, because partial HTTP requests may not be properly scanned.
+                        	Whitelisted sites are allowed to use Range in any case.
+                        </description>
                         <type>checkbox</type>
                 </field>
 
@@ -128,102 +194,71 @@
                         <type>checkbox</type>
                 </field>
 
+                <field>
+                        <fielddescr>Enable RAM Disk</fielddescr>
+                        <fieldname>enableramdisk</fieldname>
+                        <description>
+				This option allow use RAM Disk for HAVP temp files for more quick traffic scan.
+				Ram Disc size depend from 'ScanMax file size and avialable memory.
+				This option can be ignored in VMVare or on 'low system memory'.
+				( RAM Disk size calculated as [1/4 avialable system memory] > [Scan max file size] * 100 )
+                        </description>
+                        <type>checkbox</type>
+                </field>
                 <field>
                         <fielddescr>Scan max file size</fielddescr>
                         <fieldname>scanmaxsize</fieldname>
                         <description>
-                                Enter here value in bytes (5, 10, 15, 20) or leave empty.
+                                Select this value for limit maximum file size or leave '---(5M)'.
                                 Files larger than this limit won't be scanned.
-                                Empty or 0 also disables the limit.
+                                Small values increace scan speed and maximum new connections per second and allow RAM Disk use.
+                                &lt;br&gt;
                                 NOTE: Setting limit is a security risk, because some archives like
                                 ZIP need all the data to be scanned properly! Use this only if you
-                                can't afford temporary space for big files. Also scanner settings
-                                will affect how many files will be scanned inside an archive etc.
+                                can't afford temporary space for big files.
                         </description>
-                        <type>input</type>
-                        <size>10</size>
+                        <type>select</type>
+                        <value>0</value>
+                        <options>
+                                 <option><value> 5000</value><name>--- (5M)</name></option>
+                                 <option><value>    1</value><name>     1 K</name></option>
+                                 <option><value>    2</value><name>     2 K</name></option>
+                                 <option><value>    3</value><name>     3 K</name></option>
+                                 <option><value>    5</value><name>     5 K</name></option>
+                                 <option><value>    7</value><name>     7 K</name></option>
+                                 <option><value>   10</value><name>    10 K</name></option>
+                                 <option><value>   20</value><name>    20 K</name></option>
+                                 <option><value>   30</value><name>    30 K</name></option>
+                                 <option><value>   50</value><name>    50 K</name></option>
+                                 <option><value>   70</value><name>    70 K</name></option>
+                                 <option><value>  100</value><name>   100 K</name></option>
+                                 <option><value>  200</value><name>   200 K</name></option>
+                                 <option><value>  300</value><name>   300 K</name></option>
+                                 <option><value>  500</value><name>   500 K</name></option>
+                                 <option><value>  700</value><name>   700 K</name></option>
+                                 <option><value> 1000</value><name>  1000 K</name></option>
+                                 <option><value> 1500</value><name>  1500 K</name></option>
+                                 <option><value> 2000</value><name>  2000 K</name></option>
+                                 <option><value> 2500</value><name>  2500 K</name></option>
+                                 <option><value> 3000</value><name>  3000 K</name></option>
+                                 <option><value> 3500</value><name>  3500 K</name></option>
+                                 <option><value> 4000</value><name>  4000 K</name></option>
+                                 <option><value> 4500</value><name>  4500 K</name></option>
+                                 <option><value> 5000</value><name>  5000 K</name></option>
+                                 <option><value> 5500</value><name>  5500 K</name></option>
+                                 <option><value> 6000</value><name>  6000 K</name></option>
+                                 <option><value> 7000</value><name>  7000 K</name></option>
+                                 <option><value> 8000</value><name>  8000 K</name></option>
+                                 <option><value> 9000</value><name>  9000 K</name></option>
+                                 <option><value>10000</value><name>10 000 K</name></option>
+                        </options>
                 </field>
-
                 <field>
                         <fielddescr>Scan images</fielddescr>
                         <fieldname>scanimg</fieldname>
                         <description>Check this for scan image files.</description>
                         <type>checkbox</type>
                 </field>
-
-                <field>
-                        <fielddescr>Scan archives</fielddescr>
-                        <fieldname>scanarc</fieldname>
-                        <description>Check this for scan within archives and compressed files.</description>
-                        <type>checkbox</type>
-                </field>
-
-                <field>
-                        <fielddescr>Scan archive max file size</fielddescr>
-                        <fieldname>scanarcmaxsize</fieldname>
-                        <value>10M</value>
-                        <description>
-                                Enter here value in megabytes (15M) or leave empty.
-                                Files in archives larger than this limit won't be scanned.
-                                Value of 0 also disables the limit.
-                        </description>
-                        <type>input</type>
-                        <size>10</size>
-                </field>
-
-                <field>
-                        <fielddescr>AV bases update</fielddescr>
-                        <fieldname>havpavupdate</fieldname>
-                        <description>
-                                &lt;input name='submit' type='submit' value='Update_AV'&gt;
-                                Press button for update AV database now.
-                        </description>
-                        <type>select</type>
-                        <value>hv_none</value>
-                        <options>
-                                <option><name>none</name><value>hv_none</value></option>
-                                <option><name>every 1  hours</name><value>hv_01h</value></option>
-                                <option><name>every 2  hours</name><value>hv_02h</value></option>
-                                <option><name>every 3  hours</name><value>hv_03h</value></option>
-                                <option><name>every 4  hours</name><value>hv_04h</value></option>
-                                <option><name>every 6  hours</name><value>hv_06h</value></option>
-                                <option><name>every 8  hours</name><value>hv_08h</value></option>
-                                <option><name>every 12 hours</name><value>hv_12h</value></option>
-                                <option><name>every 24 hours</name><value>hv_24h</value></option>
-                        </options>
-                </field>
-                <field>
-                        <fielddescr>Regional AV database update mirror</fielddescr>
-                        <fieldname>dbregion</fieldname>
-                        <description>Select regional database mirror.</description>
-                        <type>select</type>
-                        <value></value>
-                        <options>
-                                 <option><value></value><name>-----</name></option>
-                                 <option><value>au</value><name>Australia</name></option>
-                                 <option><value>eu</value><name>Europe</name></option>
-                                 <option><value>ca</value><name>Canada</name></option>
-                                 <option><value>cn</value><name>China</name></option>
-                                 <option><value>id</value><name>Indonesia</name></option>
-                                 <option><value>jp</value><name>Japan</name></option>
-                                 <option><value>kr</value><name>Korea</name></option>
-                                 <option><value>ml</value><name>Malaysia</name></option>
-                                 <option><value>ru</value><name>Russian</name></option>
-                                 <option><value>sa</value><name>South africa</name></option>
-                                 <option><value>tw</value><name>Taiwan</name></option>
-                                 <option><value>uk</value><name>United Kingdom</name></option>
-                                 <option><value>us</value><name>United States</name></option>
-                        </options>
-                </field>
-                <field>
-                        <fielddescr>Optional AV database update servers</fielddescr>
-                        <fieldname>avupdateserver</fieldname>
-                        <description>Enter here space separated AV update servers, or leave empty.</description>
-                        <type>textarea</type>
-                        <cols>60</cols>
-                        <rows>5</rows>
-                </field>
-
                 <field>
                         <fielddescr>Syslog</fielddescr>
                         <fieldname>syslog</fieldname>
@@ -237,11 +272,15 @@
                         <type>checkbox</type>
                 </field>
         </fields>
+
+        <custom_php_command_before_form>
+            havp_before_form(&amp;$pkg);
+        </custom_php_command_before_form>
         <custom_php_validation_command>
-                havp_validate_settings($_POST, &amp;$input_errors);
+            havp_validate_settings($_POST, &amp;$input_errors);
         </custom_php_validation_command>
         <custom_php_resync_config_command>
-                havp_resync();
+            havp_resync();
         </custom_php_resync_config_command>
         <custom_php_install_command>
         </custom_php_install_command>
-- 
cgit v1.2.3