Copyright (C) 2014 Andrew Nikitin .
Copyright (C) 2015 ESF, LLC
All rights reserved.
*/
/* ====================================================================================== */
/*
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
/* ====================================================================================== */
]]>
havpAntivirus: HTTP proxy (HAVP + ClamAV)Status1.10.0/usr/local/pkg/havp.inchavphavp.shhavpAntivirus HTTP Proxy Servicehttps://packages.pfsense.org/packages/config/havp/havp.inc/usr/local/pkg/https://packages.pfsense.org/packages/config/havp/havp_avset.xml/usr/local/pkg/https://packages.pfsense.org/packages/config/havp/antivirus.php/usr/local/www/General Page/antivirus.phpHTTP Proxy/pkg_edit.php?xml=havp.xmlSettings/pkg_edit.php?xml=havp_avset.xmlHAVP Log/havp_log.php?logtab=havpClamd Log/havp_log.php?logtab=clamdEnableenableCheck this to enable AV proxy.checkboxClamAV ModeuseclamdDaemon - HAVP will use ClamAV as socket scanner daemon. (Default option.) Library - HAVP will use ClamAV as loaded library scanner. Note: this mode needs much more memory.
]]>
selecttrueProxy ModeproxymodeStandard - clients bind to the 'proxy port' on selected interface(s) Parent for Squid - configure HAVP as parent for Squid proxy Transparent - all HTTP requests on interface(s) will be directed to the HAVP proxy server without any client configuration necessary. (Works as parent for Squid with transparent Squid proxy.) Internal - HAVP will listen on the loopback (127.0.0.1) on configured 'Proxy Port.' Use your own firewall forwarding rules.
]]>
selectstandardProxy Interface(s)proxyinterfaceThe interface(s) for client connections to the proxy. Use 'Ctrl' + left click for multiple selection.interfaces_selectionlanProxy PortproxyportNote: This port must be different from Squid proxy.
]]>
input103125Parent ProxyparentproxyEnter the parent (upstream) proxy settings in PROXY:PORT format or leave empty.input90Enable X-Forwarded-Forenablexforwardedfor
Enable this if you use your own parent proxy after HAVP, so it will see the original client's IP.
Note: Disabling this also disables Via: header generation.
]]>
checkboxEnable Forwarded IPenableforwardedipIf HAVP is used as a parent proxy for some other proxy, this allows writing the real user's IP to log, instead of the proxy IP.checkboxLanguagelangSelect the language in which the HAVP proxy server will display error messages to users.selectenMax Download Sizemaxdownloadsize
(in bytes) or leave empty. Downloads larger than 'Max Download Size' will be blocked if not whitelisted.
]]>
input10HTTP Range Requestsrange
Allowing HTTP Range is a security risk, because partial HTTP requests may not be properly scanned.
Note: Whitelisted sites are allowed to use HTTP Range in any case, regardless of this setting.
]]>
checkboxWhitelistwhitelist
separate line. The URLs will be accessible to users without AV scanning.
Use '*' symbol as wildcard mask. URL examples: *.github.com/*, *sourceforge.net/*clamav-*, */*.xml, */*.inc
]]>
textarea605base64Blacklistblacklist
separate line, using the same syntax as 'Whitelist'. Access to these URLs will be blocked for HAVP proxy users.
]]>
textarea605base64Block File on Scanning ErrorfailscanerrorIf enabled, the proxy will block the files if an error occurs while scanning.checkboxEnable RAM Diskenableramdisk
RAM disk size depends on 'Scan Max File Size' and available memory. This option should be ignored on systems with low memory.
Note: RAM disk size is calculated as [1/4 available system memory] > [Scan max file size] * 100 ).
]]>
checkboxScan Max File Sizescanmaxsize
Small values increase scan speed and maximum new connections per second and allow RAM disk use.
NOTE: Setting a low limit is a security risk, because some archives like ZIP need all the data to be scanned properly! Use this only if you
can't afford temporary space for large files.
]]>
select0Scan ImagesscanimgCheck this option to scan image files. This option allows you to increase reliability, but also slows down the scanning process.checkboxScan Media StreamsscanstreamCheck this option to scan media (audio/video) streams.checkboxScan Broken ExecutablesscanbrokenexeCheck this to enable the Heuristic Broken Executable Scan.checkboxonHAVP LoglogCheck this to enable HAVP logging.checkboxsyslogHAVP SyslogsyslogCheck this to enable HAVP logging to syslog.checkbox
havp_validate_settings($_POST, $input_errors);
havp_resync();
havp_install();
havp_deinstall();
havp_generate_rules