From 55eddd7accf2c5f9b0f52b22a010c4c4b7c130d1 Mon Sep 17 00:00:00 2001 From: Bill Marquette Date: Fri, 6 Feb 2009 19:18:00 -0600 Subject: mv packages to config dir to match web layout --- config/p3scan-pf/p3scan-pf-emer.xml | 131 +++++++++++ config/p3scan-pf/p3scan-pf-msg.xml | 202 +++++++++++++++++ config/p3scan-pf/p3scan-pf-spam.xml | 122 ++++++++++ config/p3scan-pf/p3scan-pf-transex.xml | 124 +++++++++++ config/p3scan-pf/p3scan-pf-vir.xml | 166 ++++++++++++++ config/p3scan-pf/p3scan-pf.inc | 395 +++++++++++++++++++++++++++++++++ config/p3scan-pf/p3scan-pf.xml | 218 ++++++++++++++++++ 7 files changed, 1358 insertions(+) create mode 100644 config/p3scan-pf/p3scan-pf-emer.xml create mode 100644 config/p3scan-pf/p3scan-pf-msg.xml create mode 100644 config/p3scan-pf/p3scan-pf-spam.xml create mode 100644 config/p3scan-pf/p3scan-pf-transex.xml create mode 100644 config/p3scan-pf/p3scan-pf-vir.xml create mode 100644 config/p3scan-pf/p3scan-pf.inc create mode 100644 config/p3scan-pf/p3scan-pf.xml (limited to 'config/p3scan-pf') diff --git a/config/p3scan-pf/p3scan-pf-emer.xml b/config/p3scan-pf/p3scan-pf-emer.xml new file mode 100644 index 00000000..da39aef8 --- /dev/null +++ b/config/p3scan-pf/p3scan-pf-emer.xml @@ -0,0 +1,131 @@ + + + + + + + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper . + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + + p3scanpfemer + 1.0 + Services: POP3 Proxy: Emergency Contact + p3scan-pf.inc + + + Daemon Settings + /pkg_edit.php?xml=p3scan-pf.xml&id=0 + + + Transparent Proxy Exclusion + /pkg.php?xml=p3scan-pf-transex.xml + + + Message Processing + /pkg_edit.php?xml=p3scan-pf-msg.xml&id=0 + + + Emergency Contact + /pkg.php?xml=p3scan-pf-emer.xml + + + + Virus Scanner Settings + /pkg_edit.php?xml=p3scan-pf-vir.xml&id=0 + + + SPAM Settings + /pkg_edit.php?xml=p3scan-pf-spam.xml&id=0 + + + + ['installedpackages']['p3scanpf']['config']['contacts'] + + + + Email Address + emailaddress + + + Description + description + + + + + + Email Address + emailaddress + + In the event p3scan encounters a catastrophic problem and has to terminate, + it will send an email to these email addresses just before setting up to + close down on the next iteration of a child process. + + input + + + Description + description + Description. + input + + + + + sync_package_p3scan(); + + + sync_package_p3scan(); + + diff --git a/config/p3scan-pf/p3scan-pf-msg.xml b/config/p3scan-pf/p3scan-pf-msg.xml new file mode 100644 index 00000000..d3f81aa2 --- /dev/null +++ b/config/p3scan-pf/p3scan-pf-msg.xml @@ -0,0 +1,202 @@ + + + + + + + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper . + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + + p3scanpfmsg + 1.0 + Services: POP3 Proxy: Message Processing + + This <acronym title="Hypertext Markup Language">HTML</acronym> page uses default values, hence even if each field is + set, you are still required to save this page if you are editing this page + for the very first time! + + pkg_edit.php?xml=p3scan-pf-msg.xml&id=0 + p3scan-pf.inc + + + Daemon Settings + /pkg_edit.php?xml=p3scan-pf.xml&id=0 + + + Transparent Proxy Exclusion + /pkg.php?xml=p3scan-pf-transex.xml + + + Message Processing + /pkg_edit.php?xml=p3scan-pf-msg.xml&id=0 + + + + Emergency Contact + /pkg.php?xml=p3scan-pf-emer.xml + + + Virus Scanner Settings + /pkg_edit.php?xml=p3scan-pf-vir.xml&id=0 + + + SPAM Settings + /pkg_edit.php?xml=p3scan-pf-spam.xml&id=0 + + + + ['installedpackages']['p3scanpf']['config']['messaging'] + + + + Just Delete + justdelete + + Instead of keeping an infected message in the Virus Directory, delete it + after reporting it to the user. + + checkbox + true + + + Bytes Free + bytesfree + The number of KB's there must be free before processing any mail. + input + + 10000 + + + Broken Email Clients + brokenec + + Some email clients may require special processing. + + checkbox + true + + + ISP Spam + ispspam + + This option allows you to set the string your <acronym title="Internet Service Provider">ISP</acronym> uses if it processes + your email for SPAM. Leave this field blank if you are not going to use + this option. + + input + -- Spam -- + + + Subject + subject + + This option can be used to change the default subject line when + reporting a virus infected message. + + input + 60 + + Subject: "[Virus] found in a mail to you:" <virus name> + + + Notify + notify + + This option can be used to change the default file deleted notification + that is displayed in the virus notification message when the + "justdelete" option is used. + + input + 60 + + Per instruction, the message has been deleted. + + + SMTP Reject + smtpreject + + This option can be used to change the default <acronym title="Simple Mail Transfer Protocol">SMTP</acronym> Reject message that + is sent to the client in the event a message is rejected due to a virus. + The error message will have a prefix of "554". + + input + 60 + + Virus detected! P3scan rejected message! + + + Check SMTP size + checksize + + This option can be used to set the maximum message size (in KBytes) + that p3scan will use to determine if it should scan an smtp submission. + Leave this field blank if you are not going to use this option. + + input + 1024 + + + Footer + footer + + This option is used to add the virus definition info from your scanner + to an SMTP message. Leave this field blank if you are not going to use + this option. + + input + 40 + /usr/local/bin/clamdscan -V + + + + + sync_package_p3scan(); + + diff --git a/config/p3scan-pf/p3scan-pf-spam.xml b/config/p3scan-pf/p3scan-pf-spam.xml new file mode 100644 index 00000000..86301a50 --- /dev/null +++ b/config/p3scan-pf/p3scan-pf-spam.xml @@ -0,0 +1,122 @@ + + + + + + + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper . + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + + p3scanpfspam + 1.0 + Services: POP3 Proxy: SPAM Settings + + This <acronym title="Hypertext Markup Language">HTML</acronym> page uses default values, hence even if each field is + set, you are still required to save this page if you are editing this page + for the very first time! + + pkg_edit.php?xml=p3scan-pf-spam.xml&id=0 + p3scan-pf.inc + + + Daemon Settings + /pkg_edit.php?xml=p3scan-pf.xml&id=0 + + + Transparent Proxy Exclusion + /pkg.php?xml=p3scan-pf-transex.xml + + + Message Processing + pkg_edit.php?xml=p3scan-pf-msg.xml&id=0 + + + Emergency Contact + /pkg.php?xml=p3scan-pf-emer.xml + + + Virus Scanner Settings + /pkg_edit.php?xml=p3scan-pf-vir.xml&id=0 + + + SPAM Settings + /pkg_edit.php?xml=p3scan-pf-spam.xml&id=0 + + + + + ['installedpackages']['p3scanpf']['config']['spam'] + + + + Enable Spam Checking + checkspam + + If set, will scan for Spam before scanning for a virus. + + checkbox + true + spamcheck + + + SPAM Executable Command + spamcheck + The command (plus arguments) that should be invoked to check for SPAM messages. + input + 70 + + /usr/local/bin/dspam --user dspamuser --mode=teft --stdout --deliver=innocent,spam --feature=ch,no,wh + + + + + sync_package_p3scan(); + + diff --git a/config/p3scan-pf/p3scan-pf-transex.xml b/config/p3scan-pf/p3scan-pf-transex.xml new file mode 100644 index 00000000..e1b2070a --- /dev/null +++ b/config/p3scan-pf/p3scan-pf-transex.xml @@ -0,0 +1,124 @@ + + + + + + + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper . + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + + p3scanpftransex + 1.0 + Services: POP3 Proxy: Exclude from Transparent Proxy + + Below you will have the opportunity to define specific IP addresses + which should be exempt from beeing served via transparent proxying. + + p3scan-pf.inc + + + Daemon Settings + /pkg_edit.php?xml=p3scan-pf.xml&id=0 + + + Transparent Proxy Exclusion + /pkg.php?xml=p3scan-pf-transex.xml + + + + Message Processing + /pkg_edit.php?xml=p3scan-pf-msg.xml&id=0 + + + Emergency Contact + /pkg.php?xml=p3scan-pf-emer.xml + + + Virus Scanner Settings + /pkg_edit.php?xml=p3scan-pf-vir.xml&id=0 + + + SPAM Settings + /pkg_edit.php?xml=p3scan-pf-spam.xml&id=0 + + + + ['installedpackages']['p3scanpf']['config']['virus'] + + + + Exempted IP + ip + + + Description + description + + + + + + Exempted IP + ip + Enter the IP to exempt from transparent proxy + input + + + Description + description + Enter the description for this item + input + + + + + sync_package_p3scan(); + + diff --git a/config/p3scan-pf/p3scan-pf-vir.xml b/config/p3scan-pf/p3scan-pf-vir.xml new file mode 100644 index 00000000..d96e8a87 --- /dev/null +++ b/config/p3scan-pf/p3scan-pf-vir.xml @@ -0,0 +1,166 @@ + + + + + + + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper . + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + + p3scanpfvir + 1.0 + Services: POP3 Proxy: Virus Scanner Settings + + This <acronym title="Hypertext Markup Language">HTML</acronym> page uses default values, hence even if each field is + set, you are still required to save this page if you are editing this page + for the very first time! + + pkg_edit.php?xml=p3scan-pf-vir.xml&id=0 + p3scan-pf.inc + + + Daemon Settings + /pkg_edit.php?xml=p3scan-pf.xml&id=0 + + + Transparent Proxy Exclusion + /pkg.php?xml=p3scan-pf-transex.xml + + + Message Processing + /pkg_edit.php?xml=p3scan-pf-msg.xml&id=0 + + + Emergency Contact + /pkg.php?xml=p3scan-pf-emer.xml + + + Virus Scanner Settings + /pkg_edit.php?xml=p3scan-pf-vir.xml&id=0 + + + + SPAM Settings + /pkg_edit.php?xml=p3scan-pf-spam.xml&id=0 + + + + ['installedpackages']['p3scanpf']['config']['virus'] + + + + Scanner Type + scannertype + Select here which type of scanner you want to use. + select + 1 + clamd + + + + + + + + + + + Virusscanner + scanner + Depends on scannertype. + input + + 127.0.0.1:3310 + + + Scanner Returncode + viruscode + + Specify the returncode(s) which the scanner returns when + the mail is infected. + + input + 1 + + + Good Scanner return codes + goodcode + + Some scanners can report more than good or infected. Place valid return + codes here that will enable the message to be delivered without a warning. + + input + + + Regular Expression for Virusname + virusregexp + + Specify here a regular expression which describes where the name of + the virus can be found. + + input + .*: (.*) FOUND + + + deMIME Setting + demime + + Tick this if we should parse all <acronym title="Multipurpose Internet Mail Extensions">MIME</acronym>-sections instead of passing the + message as-is to the scanner. + + checkbox + true + + + + + sync_package_p3scan(); + + diff --git a/config/p3scan-pf/p3scan-pf.inc b/config/p3scan-pf/p3scan-pf.inc new file mode 100644 index 00000000..b6f497b2 --- /dev/null +++ b/config/p3scan-pf/p3scan-pf.inc @@ -0,0 +1,395 @@ + + All rights reserved. + + Copyright (C) 2006 Fernando Lemos + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notices, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notices, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +/* ====================== USAGE NOTE: ====================== */ +/* Depending on your use case scenario, this software may */ +/* depend on the following software packages: */ +/* */ +/* - renatach (part of the FreeBSD ports collection) */ +/* - a virus scanner (e.g. ClamAV) */ +/* - a spam filter (e.g. DSPAM or SpamAssassin) */ +/* ========================================================= */ + + +/* include all configuration functions */ +require_once("functions.inc"); +require_once("notices.inc"); + +function sync_package_p3scan() { + global $config, $g; + conf_mount_rw(); + config_lock(); + $fd = fopen("/etc/p3scan.conf","w"); + + /* shorten the config path */ + $cfg = $config['installedpackages']['p3scanpf']['config'][0]; + $cfgmsg = $config['installedpackages']['p3scanpfmsg']['config'][0]; + $cfgemer = $config['installedpackages']['p3scanpfemer']['config']; + $cfgvir = $config['installedpackages']['p3scanpfvir']['config'][0]; + $cfgspam = $config['installedpackages']['p3scanpfspam']['config'][0]; + + fwrite($fd, "## p3scan-pf config file - generated by pfSense.\n##\n"); + fwrite($fd, "## at: " . date("l dS of F Y h:i:s A") . "\n##\n"); + /* ================================================================ */ + /* == Tab: Daemon Settings == */ + /* ================================================================ */ + fwrite($fd, "## Daemon Settings.\n"); + fwrite($fd, "pidfile = /var/run/p3scan/p3scan.pid\n"); + if (isset($cfg['maxchilds']) && $cfg['maxchilds'] <> "") + fwrite($fd, "maxchilds = {$cfg['maxchilds']}\n"); + else + fwrite($fd, "maxchilds = 10\n"); + if (isset($cfg['ipaddr']) && $cfg['ipaddr'] <> "") + fwrite($fd, "ip = {$cfg['ipaddr']}\n"); + else + fwrite($fd, "ip = 127.0.0.1\n"); + if (isset($cfg['port']) && $cfg['port'] <> "") + fwrite($fd, "port = {$cfg['port']}\n"); + else + fwrite($fd, "port = 8110\n"); + if (isset($cfg['sslport']) && $cfg['sslport'] <> "") + fwrite($fd, "sslport = {$cfg['sslport']}\n"); + else + fwrite($fd, "sslport = 995\n"); + if (isset($cfg['targetip']) && $cfg['targetip'] <> "") { + if ($cfg['targetip'] == "0.0.0.0") + setup_transparency(); + else + remove_transparency(); + fwrite($fd, "targetip = {$cfg['targetip']}\n"); + } else { + setup_transparency(); + fwrite($fd, "targetip = 0.0.0.0\n"); + } + if (isset($cfg['targetport']) && $cfg['targetport'] <> "") + fwrite($fd, "targetport = {$cfg['targetport']}\n"); + else + fwrite($fd, "targetport = 8110\n"); + if (isset($cfg['emailport']) && $cfg['emailport'] <> "") + fwrite($fd, "emailport = {$cfg['emailport']}\n"); + else + fwrite($fd, "emailport = 25\n"); + if (isset($cfg['daemonuser']) && $cfg['daemonuser'] <> "") + fwrite($fd, "user = {$cfg['daemonuser']}\n"); + else + fwrite($fd, "user = root\n"); + fwrite($fd, "notifydir = /var/spool/p3scan/notify\n"); + fwrite($fd, "virusdir = /var/spool/p3scan\n"); + fwrite($fd, "template = /usr/local/etc/p3scan/p3scan.mail\n"); + + /* ================================================================ */ + /* == Tab: Message Processing == */ + /* ================================================================ */ + fwrite($fd, "## Message Processing Settings.\n"); + if (isset($cfgmsg['justdelete']) && $cfgmsg['justdelete'] <> "") + fwrite($fd, "justdelete\n"); + if (isset($cfgmsg['bytesfree']) && $cfgmsg['bytesfree'] <> "") + fwrite($fd, "bytesfree = {$cfgmsg['bytesfree']}\n"); + else + fwrite($fd, "bytesfree = 10000\n"); + if (isset($cfgmsg['broken']) && $cfgmsg['broken'] <> "") + fwrite($fd, "broken\n"); + if (isset($cfgmsg['timeout']) && $cfgmsg['timeout'] <> "") + fwrite($fd, "timeout = {$cfgmsg['timeout']}\n"); + else + fwrite($fd, "timeout = 30\n"); + if (isset($cfgmsg['ispspam']) && $cfgmsg['ispspam'] <> "") + fwrite($fd, "ispspam = {$cfgmsg['ispspam']}\n"); + if (file_exists("/usr/local/bin/renattach")) + fwrite($fd, "renattach = /usr/local/bin/renattach\n"); + if (isset($cfgmsg['subject']) && $cfgmsg['subject'] <> "") + fwrite($fd, "subject = {$cfgmsg['subject']}\n"); + else + fwrite($fd, "subject = Subject: \"[Virus] found in a mail to you:\" \n"); + if (isset($cfgmsg['notify']) && $cfgmsg['notify'] <> "") + fwrite($fd, "notify = {$cfgmsg['notify']}\n"); + else + fwrite($fd, "notify = Per instruction, the message has been deleted.\n"); + if (isset($cfgmsg['smtpreject']) && $cfgmsg['smtpreject'] <> "") + fwrite($fd, "smtprset = {$cfgmsg['smtpreject']}\n"); + else + fwrite($fd, "smtprset = Virus detected! P3scan rejected message!\n"); + if (isset($cfgmsg['checksize']) && $cfgmsg['checksize'] <> "") + fwrite($fd, "checksize = {$cfgmsg['checksize']}\n"); + if (isset($cfgmsg['footer']) && $cfgmsg['footer'] <> "") + fwrite($fd, "footer = {$cfgmsg['footer']}\n"); + + /* ================================================================ */ + /* == Tab: Emergency Contact == */ + /* ================================================================ */ + fwrite($fd, "## Emergency Contacts.\n"); + if (is_array($cfgemer)) { + foreach ($cfgemer as $addr) { + $contact .= "{$addr['emailaddress']} "; + } + if (isset($contact) && $contact <> "") + fwrite($fd, "emergcon = {$contact}\n"); + } + + /* ================================================================ */ + /* == Tab: Virus Scanner Settings == */ + /* ================================================================ */ + fwrite($fd, "## Virus Scanner Settings.\n"); + if (isset($cfgvir['scannertype']) && $cfgvir['scannertype'] <> "") + fwrite($fd, "scannertype = {$cfgvir['scannertype']}\n"); + else + fwrite($fd, "scannertype = clamd\n"); + if (isset($cfgvir['scanner']) && $cfgvir['scanner'] <> "") + fwrite($fd, "scanner = {$cfgvir['scanner']}\n"); + else + fwrite($fd, "scanner = 127.0.0.1:3310\n"); + if (isset($cfgvir['viruscode']) && $cfgvir['viruscode'] <> "") + fwrite($fd, "viruscode = {$cfgvir['viruscode']}\n"); + else + fwrite($fd, "viruscode = 1\n"); + if (isset($cfgvir['goodcode']) && $cfgvir['goodcode'] <> "") + fwrite($fd, "goodcode = {$cfgvir['goodcode']}\n"); + if (isset($cfgvir['virusregexp']) && $cfgvir['virusregexp'] <> "") + fwrite($fd, "virusregexp = {$cfgvir['virusregexp']}\n"); + if (isset($cfgvir['demime']) && $cfgvir['demime'] <> "") + fwrite($fd, "demime\n"); + + /* ================================================================ */ + /* == Tab: SPAM Settings == */ + /* ================================================================ */ + if ((isset($cfgspam['checkspam']) && $cfgspam['checkspam'] <> "") || + $config['installedpackages']['sassassin']['config'][0]['enable'] == 'on') { + fwrite($fd, "## SPAM Settings.\n"); + fwrite($fd, "checkspam\n"); + if (isset($cfgspam['spamcheck']) && $cfgspam['spamcheck'] <> "") { + /* most times the command line for the spam binary becomes + * quite lengthy, which my be the reason that users are + * the XML tag and the command line itself into several + * lines. Thus strip whitespaces. + */ + $cfgspam['spamcheck'] = trim($cfgspam['spamcheck']); + fwrite($fd, "spamcheck = {$cfgspam['spamcheck']}\n"); + } else { + if ($config['installedpackages']['sassassin']['config'][0]['enable'] == 'on') { + fwrite($fd, "spamcheck = /usr/bin/spamc\n"); + } else { + fwrite($fd, "spamcheck = /usr/local/bin/dspam --user dspamuser --mode=teft --stdout --deliver=innocent,spam --feature=ch,no,wh\n"); + } + } + } + + fclose($fd); + + /* NOTE: The following code requires the p3scan-pf.inc file to + * be saved with UNIX Linefeeds. LF that is and NOT CR LF. + */ + $start = << "030.p3scan.sh", + "start" => $start, + "stop" => $stop + ) + ); + } + + /* finally get rid of files that were instaled by the package */ + removePackageLeftovers(); + + conf_mount_ro(); + config_unlock(); + + if (! file_exists("/usr/local/etc/p3scan")) { + mkdir("/usr/local/etc/p3scan"); + } + if (! file_exists("/usr/local/etc/p3scan/p3scan.conf")) { + mwexec("ln -s /etc/p3scan.conf /usr/local/etc/p3scan/p3scan.conf"); + } + if (! file_exists("/usr/local/etc/p3scan/p3scan.mail")) { + $fd = fopen("/usr/local/etc/p3scan/p3scan.mail","w"); + + $p3scanmail = << + +EOD; + + fwrite($fd, $p3scanmail); + fclose($fd); + } + + mwexec("/usr/local/etc/rc.d/030.p3scan.sh stop"); + /* test whether a pid file still exists and remove it if necessary */ + if (! is_service_running("p3scan-pf")) + unlink_if_exists("/var/run/p3scan/p3scan.pid"); + mwexec("/usr/local/etc/rc.d/030.p3scan.sh start"); + + return 0; +} + +function custom_php_install_command() { + global $config, $g; + sync_package_p3scan(); +} + +function custom_php_deinstall_command() { + global $config, $g; + conf_mount_rw(); + + if (is_service_running("p3scan-pf")) + stop_service("p3scan-pf"); + + unlink_if_exists("/usr/local/etc/p3scan/p3scan.conf"); + unlink_if_exists("/usr/local/etc/p3scan/p3scan.mail"); + unlink_if_exists("/usr/local/etc/rc.d/030.p3scan.sh"); + rmdir("/usr/local/etc/p3scan"); + mwexec("rm -rf /var/spool/p3scan"); + mwexec("rm -rf /var/run/p3scan"); + mwexec("rm -rf /var/run/p3scan"); + + conf_mount_ro(); +} + +function removePackageLeftovers() { + unlink_if_exists("/usr/local/etc/rc.d/p3scan.sh"); + unlink_if_exists("/usr/local/etc/p3scan.conf.sample"); + unlink_if_exists("/usr/local/etc/p3scan.mail.sample"); + +} + +function add_trans_table(){ + global $config; + + /* Flush all entries first, and then add them. */ + $p3scan_pf_result = mwexec ('pfctl -a "rdr-package/p3scan" -t p3scan -T flush'); + if($p3scan_pf_result <> 0) { + file_notice("P3SCAN", "There were error(s) flushing the exclude table", "P3SCAN", ""); + } + if($config['installedpackages']['p3scanpftransex']['config'] != ""){ + foreach($config['installedpackages']['p3scanpftransex']['config'] as $tmp) { + $p3scan_pf_result = mwexec ('pfctl -a "rdr-package/p3scan" -t p3scan -T add ' . $tmp['ip']); + if($p3scan_pf_result <> 0) { + file_notice("P3SCAN", "There were error(s) adding the ip " . $tmp['ip'], "P3SCAN", ""); + } + } + } +} + +function remove_transparency() { + $p3scan_pf_result = mwexec ('pfctl -a "rdr-package/p3scan" -t p3scan -T flush'); + if($p3scan_pf_result <> 0) { + file_notice("P3SCAN", "There were error(s) flushing the exclude table", "P3SCAN", ""); + } +} + +function setup_transparency() { + global $config; + $cfg = $config['installedpackages']['p3scanpf']['config'][0]; + $ip = $cfg['ipaddr']; + $port = $cfg['port']; + + if ($ip == "" || $port == "") { return; } + + $trans_file = fopen("/tmp/p3scan_pf.rules","w"); + fwrite($trans_file, "table persist\n"); + fwrite($trans_file, "rdr on " . $config['interfaces']['lan']['if'] . " inet proto tcp from ! to ! " . $config['interfaces']['lan']['ipaddr'] . " port = pop3 -> {$ip} port {$port} \n"); + fclose($trans_file); + $p3scan_pf_result = mwexec ('pfctl -a "rdr-package/p3scan" -f /tmp/p3scan_pf.rules'); + if($p3scan_pf_result <> 0) { + file_notice("P3SCAN", "There were error(s) loading the transparency rules", "P3SCAN", ""); + } + add_trans_table(); +} +?> \ No newline at end of file diff --git a/config/p3scan-pf/p3scan-pf.xml b/config/p3scan-pf/p3scan-pf.xml new file mode 100644 index 00000000..f309cb50 --- /dev/null +++ b/config/p3scan-pf/p3scan-pf.xml @@ -0,0 +1,218 @@ + + + + + + + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper . + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + p3scanpf + 1.0 + Services: POP3 Proxy: Main + + This <acronym title="Hypertext Markup Language">HTML</acronym> page uses default values, hence even if each field is + set, you are still required to save this page if you are editing this page + for the very first time! + + pkg_edit.php?xml=p3scan-pf.xml&id=0 + p3scan-pf.inc + + + POP3 Proxy + A transparent POP3-Proxy with virus-scanning capabilities +
Services
+ p3scan-pf.xml + /pkg_edit.php?xml=p3scan-pf.xml&id=0 +
+ + p3scan-pf + 030.p3scan.sh + p3scan + POP3 virus/spam scanner. + + + + Daemon Settings + /pkg_edit.php?xml=p3scan-pf.xml&id=0 + + + + Transparent Proxy Exclusion + /pkg.php?xml=p3scan-pf-transex.xml + + + Message Processing + /pkg_edit.php?xml=p3scan-pf-msg.xml&id=0 + + + Emergency Contact + /pkg.php?xml=p3scan-pf-emer.xml + + + Virus Scanner Settings + /pkg_edit.php?xml=p3scan-pf-vir.xml&id=0 + + + SPAM Settings + /pkg_edit.php?xml=p3scan-pf-spam.xml&id=0 + + + + ['installedpackages']['p3scanpf']['config'] + + /usr/local/pkg/ + 0755 + http://www.pfsense.com/packages/config/p3scan-pf/p3scan-pf-msg.xml + + + /usr/local/pkg/ + 0755 + http://www.pfsense.com/packages/config/p3scan-pf/p3scan-pf-transex.xml + + + /usr/local/pkg/ + 0755 + http://www.pfsense.com/packages/config/p3scan-pf/p3scan-pf-emer.xml + + + /usr/local/pkg/ + 0755 + http://www.pfsense.com/packages/config/p3scan-pf/p3scan-pf-vir.xml + + + /usr/local/pkg/ + 0755 + http://www.pfsense.com/packages/config/p3scan-pf/p3scan-pf-spam.xml + + + /usr/local/pkg/ + 0755 + http://www.pfsense.com/packages/config/p3scan-pf/p3scan-pf.inc + + + + + Max Child's + maxchilds + The maximum number of connections we will handle at once. + input + 10 + + + IP Address + ipaddr + The <acronym title="Internet Protocol">IP</acronym> Address we listen on. + input + + 127.0.0.1 + + + Port + port + The <acronym title="Transmission Control Protocol">TCP</acronym> port on we should listen. + input + + 8110 + + + SSL Port + sslport + The TCP <acronym title="Secure Sockets Layer">SSL</acronym> port on we should listen. + input + + 995 + + + Target IP + targetip + Target IP is the IP to connect (0.0.0.0 enables transparent mode). + input + + 0.0.0.0 + + + Target Port + targetport + Target Port is the port to connect. + input + + 8110 + + + Email Port + emailport + The port we should listen on to scan outgoing email messages. + input + + 25 + + + Daemon User + daemonuser + The username the daemon should run as. + input + + root + + + + + sync_package_p3scan(); + + + sync_package_p3scan(); + + + custom_php_install_command(); + + + custom_php_deinstall_command(); + +
-- cgit v1.2.3