diff options
-rw-r--r-- | .SRCINFO | 24 | ||||
-rw-r--r-- | PKGBUILD | 42 | ||||
-rw-r--r-- | clamd_mod.conf | 50 | ||||
-rw-r--r-- | virus_scan.conf | 204 |
4 files changed, 320 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..df2043d285aa --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,24 @@ +pkgbase = c-icap-modules + pkgdesc = Modules for C-ICAP server + pkgver = 0.3.2 + pkgrel = 2 + url = http://c-icap.sourceforge.net/ + arch = i686 + arch = x86_64 + license = GPL + license = LGPL + depends = c-icap>=0.3.2 + depends = c-icap<0.4 + backup = etc/c-icap/clamav_mod.conf + backup = etc/c-icap/clamd_mod.conf + backup = etc/c-icap/virus_scan.conf + backup = etc/c-icap/srv_url_check.conf + source = http://downloads.sourceforge.net/project/c-icap/c-icap-modules/0.3.x/c_icap_modules-0.3.2.tar.gz + source = clamd_mod.conf + source = virus_scan.conf + sha256sums = e3472662687cf9fa37a496df31436924326e315920056a404f023ec5e852e239 + sha256sums = b3fcab76c3809e220f53b98b87242063dc06be37a6b8db040f01e4cf39d7fd9f + sha256sums = d0fd9ab05ea9fa590e87af477b28156cf88de921411093a01147c984742c5a5f + +pkgname = c-icap-modules + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..538ac387c88c --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,42 @@ +# Maintainer: Amish <contact at via dot aur> +pkgname=c-icap-modules +pkgver=0.3.2 +pkgrel=2 +pkgdesc='Modules for C-ICAP server' +depends=('c-icap>=0.3.2' 'c-icap<0.4') +arch=(i686 x86_64) +url='http://c-icap.sourceforge.net/' +license=('GPL' 'LGPL') +source=("http://downloads.sourceforge.net/project/c-icap/c-icap-modules/0.3.x/c_icap_modules-${pkgver}.tar.gz" + 'clamd_mod.conf' + 'virus_scan.conf') +sha256sums=('e3472662687cf9fa37a496df31436924326e315920056a404f023ec5e852e239' + 'b3fcab76c3809e220f53b98b87242063dc06be37a6b8db040f01e4cf39d7fd9f' + 'd0fd9ab05ea9fa590e87af477b28156cf88de921411093a01147c984742c5a5f') +backup=('etc/c-icap/clamav_mod.conf' + 'etc/c-icap/clamd_mod.conf' + 'etc/c-icap/virus_scan.conf' + 'etc/c-icap/srv_url_check.conf') + +build() { + cd "${srcdir}/c_icap_modules-${pkgver}" + ./configure \ + --prefix=/usr \ + --localstatedir=/var \ + --sbindir=/usr/bin \ + --sysconfdir=/etc/c-icap \ + + make +} + +package() { + install -dm755 "${pkgdir}"/etc/c-icap + cd "${srcdir}/c_icap_modules-${pkgver}" + make DESTDIR="${pkgdir}" install + + # fix some bad permissions + find "${pkgdir}"/etc/c-icap/ -type f -print0 | xargs -0 chmod 644 + find "${pkgdir}"/usr/share/c_icap/templates/ -type f -print0 | xargs -0 chmod 644 + + install -Dm644 ../clamd_mod.conf ../virus_scan.conf "${pkgdir}"/etc/c-icap/ +} diff --git a/clamd_mod.conf b/clamd_mod.conf new file mode 100644 index 000000000000..64ddae7d6e14 --- /dev/null +++ b/clamd_mod.conf @@ -0,0 +1,50 @@ +# +# To enable clamd module in c-icap, copy this file in c-icap +# configuration directory and add the following line at the end of +# c-icap.conf file: +# Include clamd_mod.conf +# + +# Module: clamd_mod +# Description: +# This is an addon module for the antivirus service (virus_scan) which +# adds support for the open source antivirus clamav, using the clamd +# daemon. +# +# Example: +# Module common clamav_mod.so +# + +# Load the clamd_mod module: +Module common clamd_mod.so + +# TAG: clamd_mod.ClamdSocket +# Format: clamd_mod.ClamdSocket path +# Description: +# The path of the clamd socket to use +# Default: +# clamd_mod.ClamdSocket /var/run/clamav/clamd.ctl +clamd_mod.ClamdSocket /var/lib/clamav/clamd.sock + +# TAG: clamd_mod.ClamdHost +# Format: clamd_mod.ClamdHost host +# Description: +# The host to be used to connect to Clamd if a ClamdPort is specified. +# Default: +# clamd_mod.ClamdHost 127.0.0.1 + +# TAG: clamd_mod.ClamdPort +# Format: clamd_mod.ClamdPort port +# Description: +# The port to be used to connect to Clamd. If specified +# TCP connection to port "port" will be used instead of ClamdSocket. +# When you are using TCP communication with clamd please be sure +# that the filesystem permissions allow clamd to scan files created +# by clamd_mod module. +# The clamd_mod module create files with read permissions to running +# c-icap process owner and group. +# Default: +# clamd_mod.ClamdPort None, ClamdSocket is used. + +# End module: clamd_mod + diff --git a/virus_scan.conf b/virus_scan.conf new file mode 100644 index 000000000000..a301cb980b82 --- /dev/null +++ b/virus_scan.conf @@ -0,0 +1,204 @@ +# +# To enable virus_scan service in c-icap, copy this file in c-icap +# configuration directory and add the following line at the end of +# c-icap.conf file: +# Include virus_scan.conf +# + +# Module: virus_scan +# Description: +# This is an antivirus services for the c-icap ICAP server +# This module add the following log formating codes for use with +# the LogFormat configuration parameter: +# %{virus_scan:virus}Sa Prints the virus name or "-". +# %{virus_scan:action}Sa Prints "passed" if the object scanned and no +# virus found, "blocked" if a virus found and +# object blocked, and "partiallyblocked" if a +# virus found but some of the data transmitted +# to the user. +# Example: +# LogFormat myVScanFmt "%tl, %>a %is %Ib %Ob %huo [Action: %{virus_scan:action}Sa] [Virus: %{virus_scan:virus}Sa]" +# acl VSCAN service virus_scan +# AccessLog /var/log/c-icap-access-vscan.log myVScanFmt VSCAN +LogFormat myVScanFmt "%tl, %>a %is %Ib %Ob %huo [Action: %{virus_scan:action}Sa] [Virus: %{virus_scan:virus}Sa]" +acl VSCAN service virus_scan +AccessLog /var/log/c-icap/vscan.log myVScanFmt VSCAN + +# +# The following additional formatting codes can be used with the service +# templates (the VIRUS_FOUND, VIR_MODE_HEAD, VIR_MODE_PROGRESS, +# VIR_MODE_TAIL and VIR_MODE_VIRUS_FOUND templates exist under the c-icap +# templates directory): +# %VVN The virus name. +# %VVV The Antivirus name/version. +# %VU The HTTP url. +# %VFR The downloaded file requested name. For use with virelator mode. +# %VFS Expected http body data size (Content-Length header). For use +# with virelator mode. +# %VF The name of the local file where the data stored. For use with +# with virelator mode. +# %VHS An HTTP URL to get stored object. For use with virelator mode. +# See also the VirHTTPUrl configuration parameter. +# %VPR Profile name (Exist only if virus_scan profiles are enabled). +# +# Example: +# Service antivirus_module virus_scan.so +# ServiceAlias avscan virus_scan?allow204=on&sizelimit=off&mode=simple +# + +# Load the virus_scan service: +Service antivirus_module virus_scan.so + +#Add an alias to srv_clamav for compatibility with old service name +ServiceAlias srv_clamav virus_scan + +# Add the alias avscan for virus_scan service. It is used by many +# ICAP based antivirus clients: +ServiceAlias avscan virus_scan?allow204=on&sizelimit=off&mode=simple + + +# Antivirus module settings + +# TAG: virus_scan.ScanFileTypes +# Format: virus_scan.ScanFileTypes type1 [type2] ... +# Description: +# the list of file types or groups of file types which will be +# scanned for viruses. For supported types look in c-icap.magic +# configuration file. +# Default: +# None set. +virus_scan.ScanFileTypes TEXT DATA EXECUTABLE ARCHIVE GIF JPEG MSOFFICE + +#The percentage of data to sent if the downloaded file exceeds the StartSendPercentDataAfter size +# TAG: virus_scan.SendPercentData +# Format: virus_scan.SendPercentData percent +# Description: +# the percentage of data that can be sent by the c-icap server +# before receiving the complete body of a request. +# This feature in conjuction with the folowing can be usefull +# becouse if the download of the object takes a lot of time +# the connection of web client to proxy can be expired. +# It must be noticed that the data which delivered to the +# web client maybe contains a virus or a part of a virus +# and can be dangerous. In the other hand partial data +# (for example 5% data of a zip or an exe file) in most +# cases can not be used. +# Set it to 0 to disable this feature. +# Default: +# virus_scan.SendPercentData 0 +virus_scan.SendPercentData 5 + +# TAG: virus_scan.StartSendPercentDataAfter +# Format: virus_scan.StartSendPercentDataAfter bytes +# Description: +# Only if the object is bigger than size then the percentage +# of data which defined by SendPercentData sent by the c-icap +# server before receiving the complete body of request. +# Default: +# virus_scan.StartSendPercentDataAfter 0 +virus_scan.StartSendPercentDataAfter 2M + +# TAG: virus_scan.Allow204Responces +# Format: virus_scan.Allow204Responces on|off +# Description: +# Disable 204 responces outside previews for virus_scan if +# your icap client does not support it. +# Default: +# virus_scan.Allow204Responces on + +# TAG: virus_scan.PassOnError +# Format: virus_scan.PassOnError on|off +# Description: +# Pass the content instead of blocking it, in the case when the virus +# scanner or the virus_scan module finds an error. +# The error will be logged nevertheless. +# Default: +# virus_scan.PassOnError off +virus_scan.PassOnError on + +# The Maximum object to be scanned. +# TAG: virus_scan.MaxObjectSize +# Format: virus_scan.MaxObjectSize Bytes +# Description: +# The maximum size of files which will be scanned by +# antivirus service.You can use K and M indicators to define size +# in kilobytes or megabytes. +# Default: +# virus_scan.MaxObjectSize 5M +virus_scan.MaxObjectSize 10M + +# TAG: virus_scan.DefaultEngine +# Format: virus_scan.DefaultEngine EngineName1 EngineName2 ... +# Description: +# The antivirus engines to use if no engine has selected using ICAP +# service arguments. +# The antivirus engines loaded as external c-icap modules. +# Currently the following antivirus engines are available for the +# c-icap-modules: +# "clamd" or "clamav" +# Default: +# None set. The first loaded engine will be used. +# Example: +# virus_scan.DefaultEngine clamav +virus_scan.DefaultEngine clamd + +# The following directives are related with an experimental +# mode which I call "viralator like" mode. The virus_scan +# service checks the type of file and if it included in +# VirScanFileTypes list (see below) download the file localy +# and sends to the web client messages about the progress +# of download. After the download completed it sends a message +# with the web location where the downloaded file stored. + +# TAG: virus_scan.VirSaveDir +# Format: virus_scan.VirSaveDir path +# Description: +# The directory where the downloaded files stored. +# Must be a directory where a web server has access. +# Default: +# No set +# Example: +# virus_scan.VirSaveDir /srv/www/htdocs/downloads/ + +# from where the documents can be retrieved (you can find the get_file.pl script in contrib dir) +# TAG: virus_scan.VirHTTPUrl +# Format: virus_scan.VirHTTPUrl URL +# Description: +# The url which used by the web client to retrieve +# downloaded file. The file where the download stored +# can has diferent name than the original, if a file +# with the same name exists in the directory. In the +# url the "%f" can be used to specify the real name +# of downloaded file. +# You can use the small cgi program "get_file.pl" +# which exists in contrib directory of c-icap-modules +# distribution. +# Default: +# No set +# Example: +# virus_scan.VirHTTPUrl "http://fortune/cgi-bin/get_file.pl?usename=%f&remove=1&file=" + +# TAG: virus_scan.VirUpdateTime +# Format: virus_scan.VirUpdateTime seconds +# Description: +# The secs is the interval between the "progress of download" +# messages in seconds. +# Default: +# virus_scan.VirUpdateTime 15 + +# TAG: virus_scan.VirScanFileTypes +# Format: virus_scan.VirScanFileTypes type1 type2 ... +# Description: +# The list of file types and groups of file types, +# for which this mode must be used. +# Default: +# None set +# Example: +# virus_scan.VirScanFileTypes ARCHIVE EXECUTABLE + +# Enable on or more antivirus engines: +Include clamd_mod.conf +#Include clamav_mod.conf + +# End module: virus_scan + |