--- a/.pc/03_havp.config.patch/etc/havp/havp.config.in	Wed Jun 18 16:19:01 2014 +0200
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,664 +0,0 @@
-#
-# This is the configuration file for HAVP
-#
-# All lines starting with a hash (#) or empty lines are ignored.
-# Uncomment parameters you want to change!
-#
-# All parameters configurable in this file are explained and their default
-# values are shown. If no default value is defined "NONE" is specified.
-# 
-# General syntax: Parameter Value
-# Value can be: true/false, number, or path
-#
-# Extra spaces and tabs are ignored.
-#
-
-# You must remove this line for HAVP to start.
-# This makes sure you have (hopefully) reviewed the configuration. :)
-# Hint: You must enable some scanner! Find them in the end..
-REMOVETHISLINE deleteme
-
-#
-# For reasons of security it is recommended to run a proxy program
-# without root rights. It is recommended to create user that is not
-# used by any other program.
-#
-# Default:
-# USER havp
-# GROUP havp
-
-# If this is true HAVP is running as daemon in background.
-# For testing you may run HAVP at your text console.
-#
-# Default:
-# DAEMON true
-
-#
-# Process id (PID) of the main HAVP process is written to this file.
-# Be sure that it is writeable by the user under which HAVP is running.
-# /etc/init.d/havp script requires this to work.
-#
-# Default:
-# PIDFILE @localstatedir@/run/havp/havp.pid
-
-#
-# For performance reasons several instances of HAVP have to run.
-# Specify how many servers (child processes) are simultaneously
-# listening on port PORT for a connection. Minimum value should be
-# the peak requests-per-second expected + 5 for headroom. For best
-# performance, you should have atleast 1 CPU core per 16 processes.
-#
-# For single user home use, 8 should be minimum.
-# For 500+ users corporate use, start at 40.
-#
-# Value can and should be higher than recommended. Memory and
-# CPU usage is only affected by the number of concurrent requests.
-#
-# More childs are automatically created when needed, up to MAXSERVERS.
-#
-# Default:
-# SERVERNUMBER 8
-# MAXSERVERS 100
-
-#
-# Files where to log requests and info/errors.
-# Needs to have write permission for HAVP user.
-#
-# Default:
-# ACCESSLOG @localstatedir@/log/havp/access.log
-# ERRORLOG @localstatedir@/log/havp/havp.log
-# VIRUSLOG (same as ACCESSLOG)
-
-#
-# Format for timestamps in logfile messages.
-# See: man strftime
-#
-# Default:
-# TIMEFORMAT %d/%m/%Y %H:%M:%S
-
-#
-# Syslog can be used instead of logging to file.
-# For facilities and levels, see "man syslog".
-#
-# Default:
-# USESYSLOG false
-# SYSLOGNAME havp
-# SYSLOGFACILITY daemon
-# SYSLOGLEVEL info
-# SYSLOGVIRUSLEVEL warning
-
-#
-# true: Log every request to access log
-# false: Log only viruses to access log
-#
-# Default:
-# LOG_OKS true
-
-#
-# Level of HAVP logging
-#  0 = Only serious errors and information
-#  1 = Less interesting information is included
-#
-# Default:
-# LOGLEVEL 0
-
-#
-# Temporary scan file.
-# This file must reside on a partition for which mandatory
-# locking is enabled. For Linux, use "-o mand" in mount command.
-# See "man mount" for details. Solaris does not need any special
-# steps, it works directly.
-#
-# Specify absolute path to a file which name must contain "XXXXXX".
-# These characters are used by system to create unique named files.
-#
-# Default:
-# SCANTEMPFILE /var/tmp/havp/havp-XXXXXX
-
-#
-# Directory for ClamAV and other scanner created tempfiles.
-# Needs to be writable by HAVP user. Use ramdisk for best performance.
-#
-# Default:
-# TEMPDIR /var/tmp
-
-#
-# HAVP reloads scanners virus database by receiving a signal
-# (send SIGHUP to PID from PIDFILE, see "man kill") or after
-# a specified period of time. Specify here the number of
-# minutes to wait for reloading.
-#
-# This only affects library scanners (clamlib, trophie).
-# Other scanners must be updated manually.
-#
-# Default:
-# DBRELOAD 60 
-
-#
-# Run HAVP as transparent Proxy?
-#
-# If you don't know what this means read the mini-howto
-# TransparentProxy written by Daniel Kiracofe.
-# (e.g.: http://www.tldp.org/HOWTO/mini/TransparentProxy.html)
-# Definitely you have more to do than setting this to true.
-# You are warned!
-#
-# Default:
-# TRANSPARENT false
-
-#
-# Specify a parent proxy (e.g. Squid) HAVP should use.
-# If needed, user and password authentication can be used,
-# but only Basic-authentication scheme is supported.
-#
-# Default: NONE
-# PARENTPROXY localhost
-# PARENTPORT 3128
-# PARENTUSER username
-# PARENTPASSWORD password
-
-#
-# Write X-Forwarded-For: to log instead of connecters IP?
-#
-# If HAVP is used as parent proxy by some other proxy, this allows
-# to write the real users IP to log, instead of proxy IP.
-#
-# Default:
-# FORWARDED_IP false
-
-#
-# Send X-Forwarded-For: header to servers?
-#
-# If client sent this header, FORWARDED_IP setting defines the value,
-# then it is passed on. You might want to keep this disabled for security
-# reasons. Enable this if you use your own parent proxy after HAVP, so it
-# will see the original client IP.
-#
-# Disabling this also disables Via: header generation.
-#
-# Default:
-# X_FORWARDED_FOR false
-
-#
-# Port HAVP is listening on.
-#
-# Default:
-# PORT 8080
-
-#
-# IP address that HAVP listens on.
-# Let it be undefined to bind all addresses.
-#
-# Default: NONE
-# BIND_ADDRESS 127.0.0.1
-
-#
-# IP address used for sending outbound packets.
-# Let it be undefined if you want OS to handle right address.
-#
-# Default: NONE
-# SOURCE_ADDRESS 1.2.3.4
-
-#
-# Path to template files.
-#
-# Default:
-# TEMPLATEPATH @sysconfdir@/havp/templates/en
-
-#
-# Set to true if you want to prefer Whitelist.
-# If URL is Whitelisted, then Blacklist is ignored.
-# Otherwise Blacklist is preferred.
-#
-# Default:
-# WHITELISTFIRST true
-
-#
-# List of URLs not to scan.
-#
-# Default:
-# WHITELIST @sysconfdir@/havp/whitelist
-
-#
-# List of URLs that are denied access.
-#
-# Default:
-# BLACKLIST @sysconfdir@/havp/blacklist
-
-#
-# Is scanner error fatal?
-#
-# For example, archive types that are not supported by scanner
-# may return error. Also if scanner has invalid pattern files etc.
-#
-# true: User gets error page
-# false: No error is reported (viruses might not be detected)
-#
-# Default:
-# FAILSCANERROR true
-
-#
-# When scanning takes longer than this, it will be aborted.
-# Timer is started after HAVP has fully received all data.
-# If set too low, complex files/archives might produce timeout.
-# Timeout is always a fatal error regardless of FAILSCANERROR.
-#
-# Time in minutes!
-#
-# Default:
-# SCANNERTIMEOUT 10
-
-#
-# Allow HTTP Range requests?
-#
-# false: Broken downloads can NOT be resumed
-# true: Broken downloads can be resumed
-#
-# Allowing Range is a security risk, because partial
-# HTTP requests may not be properly scanned.
-#
-# Whitelisted sites are allowed to use Range in any case.
-#
-# Default:
-# RANGE false
-
-#
-# Allow HTTP Range request to get the ZIP header first?
-#
-# This allows (partial) scanning of ZIP files that are bigger than
-# MAXSCANSIZE. Scanning is done up to that many bytes into the file.
-#
-# Default:
-# PRELOADZIPHEADER true
-
-#
-# If you really need more performance, you can disable scanning of
-# JPG, GIF and PNG files. These are probably the most common files
-# around, so it will save lots of CPU. But be warned, image exploits
-# exist and more could be found. Think twice if you want to disable!
-#
-# In addition of checking Content-Type: image/*, this setting uses
-# file magic to make sure the file is really image.
-#
-# Also see SCANMIME/SKIPMIME settings to control scanning based
-# on just the Content-Type header.
-#
-# Default:
-# SCANIMAGES true
-
-#
-# What MIME types NOT to scan. For performance reasons, you could
-# exclude all media types.
-#
-# Based on Content-Type: header as given by the HTTP server.
-# Note that it is easy to forge and should not be trusted.
-#
-# Basic wildcard match supported.
-#
-# Default: NONE
-# SKIPMIME image/* video/* audio/*
-
-#
-# If set, then ONLY these MIME types will be scanned.
-#
-# Based on Content-Type: header as given by the HTTP server.
-# Note that it is easy to forge and should not be trusted.
-#
-# Basic wildcard match supported.
-#
-# Default: NONE
-# SCANMIME application/*
-
-#
-# Temporary file will grow only up to this size. This means scanner
-# will scan data until this limit is reached.
-#
-# There are two sides to this setting. By limiting the size, you gain
-# performance, less waiting for big files and less needed temporary space.
-# But there is slightly higher chance of virus slipping through (though
-# scanning large archives should not be gateways function, HAVP is more
-# geared towards small exploit detection etc).
-#
-# VALUE IN BYTES NOT KB OR MB!!!!
-#  0 = No size limit
-#
-# Default:
-# MAXSCANSIZE 5000000
-
-#
-# Amount of data going to browser that is held back, until it
-# is scanned. When we know file is clean, this held back data
-# can be sent to browser. You can safely set bigger value, only
-# thing you will notice is some "delay" in beginning of download.
-# Virus found in files bigger than this might not produce HAVP
-# error page, but result in a "broken" download.
-#
-# VALUE IN BYTES NOT KB OR MB!!!!
-#
-# Default:
-# KEEPBACKBUFFER 200000
-
-#
-# This setting complements KEEPBACKBUFFER. It tells how many Seconds to
-# initially receive data from server, before sending anything to client.
-# Even trickling is not done before this time elapses. This way files that
-# are received fast are more secure and user can get virus report page for
-# files bigger than KEEPBACKBUFFER.
-#
-# Setting to 0 will disable this, and only KEEPBACKBUFFER is used.
-#
-# Default:
-# KEEPBACKTIME 5
-
-#
-# After Trickling Time (seconds), some bytes are sent to browser
-# to keep the connection alive. Trickling is not needed if timeouts
-# are not expected for files smaller than KEEPBACKBUFFER, but it is
-# recommended to set anyway.
-#
-# 0 = No Trickling
-#
-# Default:
-# TRICKLING 30
-
-#
-# Send this many bytes to browser every TRICKLING seconds, see above
-#
-# Default:
-# TRICKLINGBYTES 1
-
-#
-# Downloads larger than MAXDOWNLOADSIZE will be blocked.
-# Only if not Whitelisted!
-#
-# VALUE IN BYTES NOT KB OR MB!!!!
-#  0 = Unlimited Downloads
-#
-# Default:
-# MAXDOWNLOADSIZE 0
-
-#
-# Space separated list of strings to partially match User-Agent: header.
-# These are used for streaming content, so scanning is generally not needed
-# and tempfiles grow unnecessary. Remember when enabled, that user could
-# fake header and pass some scanning. HTTP Range requests are allowed for
-# these, so players can seek content.
-#
-# You can uncomment here a list of most popular players.
-#
-# Default: NONE
-# STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS
-
-#
-# Bytes to scan from beginning of streams.
-# When set to 0, STREAMUSERAGENT scanning will be completely disabled.
-# It is not recommended as there are some exploits for players.
-#
-# Default:
-# STREAMSCANSIZE 20000
-
-#
-# Disable mandatory locking (dynamic scanning) for certain file types.
-# This is intended for fixing cases where a scanner forces use of mmap()
-# call. Mandatory locking might not allow this, so you could get errors
-# regarding memory allocation or I/O. You can test the "None" option
-# anyway, as it might even work depending on your OS (some Linux seems
-# to allow mand+mmap).
-# 
-# Allowed values:
-#   None
-#   ClamAV:BinHex  (mmap forced in versions older than 0.96)
-#   ClamAV:PDF     (mmap forced in versions older than 0.96)
-#   ClamAV:ZIP     (mmap forced in 0.93.x, should work in 0.94)
-#   AVG:ALL        (AVG 8.5 does not work, uses mmap MAP_SHARED)
-#
-# Default:
-# DISABLELOCKINGFOR AVG:ALL
-
-#
-# Whitelist specific viruses by case-insensitive substring match.
-# For example, "Oversized." and "Encrypted." are good candidates,
-# if you can't disable those checks any other way.
-#
-# Default: NONE
-# IGNOREVIRUS Oversized. Encrypted. Phishing.
-
-
-#####
-##### ClamAV Library Scanner (libclamav)
-#####
-
-ENABLECLAMLIB false
-
-# HAVP uses libclamav hardcoded pattern directory, which usually is
-# /usr/local/share/clamav. You only need to set CLAMDBDIR, if you are
-# using non-default DatabaseDirectory setting in clamd.conf.
-#
-# Default: NONE
-# CLAMDBDIR /path/to/directory
-
-# Should we block broken executables?
-#
-# Default:
-# CLAMBLOCKBROKEN false
-
-# Should we block encrypted archives?
-#
-# Default:
-# CLAMBLOCKENCRYPTED false
-
-# Should we block files that go over maximum archive limits?
-#
-# Default:
-# CLAMBLOCKMAX false
-
-# Scanning limits?
-# You can find some additional info from documentation or clamd.conf
-#
-# Stop when this many total bytes scanned (MB)
-# CLAMMAXSCANSIZE 20
-#
-# Stop when this many files have been scanned
-# CLAMMAXFILES 50
-#
-# Don't scan files over this size (MB)
-# CLAMMAXFILESIZE 100
-#
-# Maximum archive recursion
-# CLAMMAXRECURSION 8
-
-
-#####
-##### ClamAV Socket Scanner (clamd)
-#####
-##### NOTE: ClamAV Library Scanner should be preferred (less overhead)
-#####
-
-ENABLECLAMD false
-
-# Path to clamd socket
-#
-# Default:
-# CLAMDSOCKET /tmp/clamd
-
-# ..OR if you use clamd TCP socket, uncomment to enable use
-#
-# Clamd daemon needs to run on the same server as HAVP
-#
-# Default: NONE
-# CLAMDSERVER 127.0.0.1
-# CLAMDPORT 3310
-
-
-#####
-##### F-Prot Socket Scanner
-#####
-
-ENABLEFPROT false
-
-# F-Prot daemon needs to run on same server as HAVP
-#
-# Default:
-# FPROTSERVER 127.0.0.1
-# FPROTPORT 10200
-
-# F-Prot options (only for version 6+ !)
-#
-# See "fpscand-client.sh --help" for possible options.
-#
-# At the moment:
-#  --scanlevel=<n>  Which scanlevel to use, 0-4 (2).
-#  --heurlevel=<n>  How aggressive heuristics should be used, 0-4 (2).
-#  --archive=<n>    Scan inside supported archives n levels deep 1-99 (5).
-#  --adware         Instructs the daemon to flag adware.
-#  --applications   Instructs the daemon to flag potentially unwanted applications.
-#
-# Default: NONE
-# FPROTOPTIONS --scanlevel=2 --heurlevel=2
-
-
-#####
-##### AVG Socket Scanner
-#####
-
-ENABLEAVG false
-
-# AVG daemon needs to run on the same server as HAVP
-#
-# Default:
-# AVGSERVER 127.0.0.1
-# AVGPORT 55555
-
-
-#####
-##### Kaspersky Socket Scanner
-#####
-
-ENABLEAVESERVER false
-
-# Path to aveserver socket
-#
-# Default:
-# AVESOCKET /var/run/aveserver
-
-
-#####
-##### Sophos Scanner (Sophie)
-#####
-
-ENABLESOPHIE false
-
-# Path to sophie socket
-#
-# Default:
-# SOPHIESOCKET /var/run/sophie
-
-
-#####
-##### Trend Micro Library Scanner (Trophie)
-#####
-
-ENABLETROPHIE false
-
-# Scanning limits inside archives (filesize = MB):
-#
-# Default:
-# TROPHIEMAXFILES 50
-# TROPHIEMAXFILESIZE 10
-# TROPHIEMAXRATIO 250
-
-
-#####
-##### NOD32 Socket Scanner
-#####
-
-ENABLENOD32 false
-
-# Path to nod32d socket
-#
-# For 3.0+ version, try /tmp/esets.sock
-#
-# Default:
-# NOD32SOCKET /tmp/nod32d.sock
-
-# Used NOD32 Version
-#
-#  30 = 3.0+
-#  25 = 2.5+
-#  21 = 2.x (very old)
-#
-# Default:
-# NOD32VERSION 25
-
-
-#####
-##### Avast! Socket Scanner
-#####
-
-ENABLEAVAST false
-
-# Path to avastd socket
-#
-# Default:
-# AVASTSOCKET /var/run/avast4/local.sock
-
-# ..OR if you use avastd TCP socket, uncomment to enable use
-#
-# Avast daemon needs to run on the same server as HAVP
-#
-# Default: NONE
-# AVASTSERVER 127.0.0.1
-# AVASTPORT 5036
-
-
-#####
-##### Arcavir Socket Scanner
-#####
-
-ENABLEARCAVIR false
-
-# Path to arcavird socket
-#
-# For version 2008, default socket is /var/run/arcad.ctl
-#
-# Default:
-# ARCAVIRSOCKET /var/run/arcavird.socket
-
-# Used Arcavir version
-#  2007 = Version 2007 and earlier
-#  2008 = Version 2008 and later
-#
-# Default:
-# ARCAVIRVERSION 2007
-
-
-#####
-##### DrWeb Socket Scanner
-#####
-
-ENABLEDRWEB false
-
-# Enable heuristic scanning?
-#
-# Default:
-# DRWEBHEURISTIC true
-
-# Enable malware detection?
-# (Adware, Dialer, Joke, Riskware, Hacktool)
-#
-# Default:
-# DRWEBMALWARE true
-
-# Path to drwebd socket
-#
-# Default:
-# DRWEBSOCKET /var/drweb/run/.daemon
-
-# ..OR if you use drwebd TCP socket, uncomment to enable use
-#
-# DrWeb daemon needs to run on the same server as HAVP
-#
-# Default: NONE
-# DRWEBSERVER 127.0.0.1
-# DRWEBPORT 3000
-