--- a/.pc/.quilt_patches Wed Jun 18 16:19:01 2014 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-debian/patches
--- a/.pc/.quilt_series Wed Jun 18 16:19:01 2014 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-series
--- a/.pc/.version Wed Jun 18 16:19:01 2014 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-2
--- a/.pc/03_havp.config.patch/etc/havp/havp.config.in Wed Jun 18 16:19:01 2014 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,664 +0,0 @@
-#
-# This is the configuration file for HAVP
-#
-# All lines starting with a hash (#) or empty lines are ignored.
-# Uncomment parameters you want to change!
-#
-# All parameters configurable in this file are explained and their default
-# values are shown. If no default value is defined "NONE" is specified.
-#
-# General syntax: Parameter Value
-# Value can be: true/false, number, or path
-#
-# Extra spaces and tabs are ignored.
-#
-
-# You must remove this line for HAVP to start.
-# This makes sure you have (hopefully) reviewed the configuration. :)
-# Hint: You must enable some scanner! Find them in the end..
-REMOVETHISLINE deleteme
-
-#
-# For reasons of security it is recommended to run a proxy program
-# without root rights. It is recommended to create user that is not
-# used by any other program.
-#
-# Default:
-# USER havp
-# GROUP havp
-
-# If this is true HAVP is running as daemon in background.
-# For testing you may run HAVP at your text console.
-#
-# Default:
-# DAEMON true
-
-#
-# Process id (PID) of the main HAVP process is written to this file.
-# Be sure that it is writeable by the user under which HAVP is running.
-# /etc/init.d/havp script requires this to work.
-#
-# Default:
-# PIDFILE @localstatedir@/run/havp/havp.pid
-
-#
-# For performance reasons several instances of HAVP have to run.
-# Specify how many servers (child processes) are simultaneously
-# listening on port PORT for a connection. Minimum value should be
-# the peak requests-per-second expected + 5 for headroom. For best
-# performance, you should have atleast 1 CPU core per 16 processes.
-#
-# For single user home use, 8 should be minimum.
-# For 500+ users corporate use, start at 40.
-#
-# Value can and should be higher than recommended. Memory and
-# CPU usage is only affected by the number of concurrent requests.
-#
-# More childs are automatically created when needed, up to MAXSERVERS.
-#
-# Default:
-# SERVERNUMBER 8
-# MAXSERVERS 100
-
-#
-# Files where to log requests and info/errors.
-# Needs to have write permission for HAVP user.
-#
-# Default:
-# ACCESSLOG @localstatedir@/log/havp/access.log
-# ERRORLOG @localstatedir@/log/havp/havp.log
-# VIRUSLOG (same as ACCESSLOG)
-
-#
-# Format for timestamps in logfile messages.
-# See: man strftime
-#
-# Default:
-# TIMEFORMAT %d/%m/%Y %H:%M:%S
-
-#
-# Syslog can be used instead of logging to file.
-# For facilities and levels, see "man syslog".
-#
-# Default:
-# USESYSLOG false
-# SYSLOGNAME havp
-# SYSLOGFACILITY daemon
-# SYSLOGLEVEL info
-# SYSLOGVIRUSLEVEL warning
-
-#
-# true: Log every request to access log
-# false: Log only viruses to access log
-#
-# Default:
-# LOG_OKS true
-
-#
-# Level of HAVP logging
-# 0 = Only serious errors and information
-# 1 = Less interesting information is included
-#
-# Default:
-# LOGLEVEL 0
-
-#
-# Temporary scan file.
-# This file must reside on a partition for which mandatory
-# locking is enabled. For Linux, use "-o mand" in mount command.
-# See "man mount" for details. Solaris does not need any special
-# steps, it works directly.
-#
-# Specify absolute path to a file which name must contain "XXXXXX".
-# These characters are used by system to create unique named files.
-#
-# Default:
-# SCANTEMPFILE /var/tmp/havp/havp-XXXXXX
-
-#
-# Directory for ClamAV and other scanner created tempfiles.
-# Needs to be writable by HAVP user. Use ramdisk for best performance.
-#
-# Default:
-# TEMPDIR /var/tmp
-
-#
-# HAVP reloads scanners virus database by receiving a signal
-# (send SIGHUP to PID from PIDFILE, see "man kill") or after
-# a specified period of time. Specify here the number of
-# minutes to wait for reloading.
-#
-# This only affects library scanners (clamlib, trophie).
-# Other scanners must be updated manually.
-#
-# Default:
-# DBRELOAD 60
-
-#
-# Run HAVP as transparent Proxy?
-#
-# If you don't know what this means read the mini-howto
-# TransparentProxy written by Daniel Kiracofe.
-# (e.g.: http://www.tldp.org/HOWTO/mini/TransparentProxy.html)
-# Definitely you have more to do than setting this to true.
-# You are warned!
-#
-# Default:
-# TRANSPARENT false
-
-#
-# Specify a parent proxy (e.g. Squid) HAVP should use.
-# If needed, user and password authentication can be used,
-# but only Basic-authentication scheme is supported.
-#
-# Default: NONE
-# PARENTPROXY localhost
-# PARENTPORT 3128
-# PARENTUSER username
-# PARENTPASSWORD password
-
-#
-# Write X-Forwarded-For: to log instead of connecters IP?
-#
-# If HAVP is used as parent proxy by some other proxy, this allows
-# to write the real users IP to log, instead of proxy IP.
-#
-# Default:
-# FORWARDED_IP false
-
-#
-# Send X-Forwarded-For: header to servers?
-#
-# If client sent this header, FORWARDED_IP setting defines the value,
-# then it is passed on. You might want to keep this disabled for security
-# reasons. Enable this if you use your own parent proxy after HAVP, so it
-# will see the original client IP.
-#
-# Disabling this also disables Via: header generation.
-#
-# Default:
-# X_FORWARDED_FOR false
-
-#
-# Port HAVP is listening on.
-#
-# Default:
-# PORT 8080
-
-#
-# IP address that HAVP listens on.
-# Let it be undefined to bind all addresses.
-#
-# Default: NONE
-# BIND_ADDRESS 127.0.0.1
-
-#
-# IP address used for sending outbound packets.
-# Let it be undefined if you want OS to handle right address.
-#
-# Default: NONE
-# SOURCE_ADDRESS 1.2.3.4
-
-#
-# Path to template files.
-#
-# Default:
-# TEMPLATEPATH @sysconfdir@/havp/templates/en
-
-#
-# Set to true if you want to prefer Whitelist.
-# If URL is Whitelisted, then Blacklist is ignored.
-# Otherwise Blacklist is preferred.
-#
-# Default:
-# WHITELISTFIRST true
-
-#
-# List of URLs not to scan.
-#
-# Default:
-# WHITELIST @sysconfdir@/havp/whitelist
-
-#
-# List of URLs that are denied access.
-#
-# Default:
-# BLACKLIST @sysconfdir@/havp/blacklist
-
-#
-# Is scanner error fatal?
-#
-# For example, archive types that are not supported by scanner
-# may return error. Also if scanner has invalid pattern files etc.
-#
-# true: User gets error page
-# false: No error is reported (viruses might not be detected)
-#
-# Default:
-# FAILSCANERROR true
-
-#
-# When scanning takes longer than this, it will be aborted.
-# Timer is started after HAVP has fully received all data.
-# If set too low, complex files/archives might produce timeout.
-# Timeout is always a fatal error regardless of FAILSCANERROR.
-#
-# Time in minutes!
-#
-# Default:
-# SCANNERTIMEOUT 10
-
-#
-# Allow HTTP Range requests?
-#
-# false: Broken downloads can NOT be resumed
-# true: Broken downloads can be resumed
-#
-# Allowing Range is a security risk, because partial
-# HTTP requests may not be properly scanned.
-#
-# Whitelisted sites are allowed to use Range in any case.
-#
-# Default:
-# RANGE false
-
-#
-# Allow HTTP Range request to get the ZIP header first?
-#
-# This allows (partial) scanning of ZIP files that are bigger than
-# MAXSCANSIZE. Scanning is done up to that many bytes into the file.
-#
-# Default:
-# PRELOADZIPHEADER true
-
-#
-# If you really need more performance, you can disable scanning of
-# JPG, GIF and PNG files. These are probably the most common files
-# around, so it will save lots of CPU. But be warned, image exploits
-# exist and more could be found. Think twice if you want to disable!
-#
-# In addition of checking Content-Type: image/*, this setting uses
-# file magic to make sure the file is really image.
-#
-# Also see SCANMIME/SKIPMIME settings to control scanning based
-# on just the Content-Type header.
-#
-# Default:
-# SCANIMAGES true
-
-#
-# What MIME types NOT to scan. For performance reasons, you could
-# exclude all media types.
-#
-# Based on Content-Type: header as given by the HTTP server.
-# Note that it is easy to forge and should not be trusted.
-#
-# Basic wildcard match supported.
-#
-# Default: NONE
-# SKIPMIME image/* video/* audio/*
-
-#
-# If set, then ONLY these MIME types will be scanned.
-#
-# Based on Content-Type: header as given by the HTTP server.
-# Note that it is easy to forge and should not be trusted.
-#
-# Basic wildcard match supported.
-#
-# Default: NONE
-# SCANMIME application/*
-
-#
-# Temporary file will grow only up to this size. This means scanner
-# will scan data until this limit is reached.
-#
-# There are two sides to this setting. By limiting the size, you gain
-# performance, less waiting for big files and less needed temporary space.
-# But there is slightly higher chance of virus slipping through (though
-# scanning large archives should not be gateways function, HAVP is more
-# geared towards small exploit detection etc).
-#
-# VALUE IN BYTES NOT KB OR MB!!!!
-# 0 = No size limit
-#
-# Default:
-# MAXSCANSIZE 5000000
-
-#
-# Amount of data going to browser that is held back, until it
-# is scanned. When we know file is clean, this held back data
-# can be sent to browser. You can safely set bigger value, only
-# thing you will notice is some "delay" in beginning of download.
-# Virus found in files bigger than this might not produce HAVP
-# error page, but result in a "broken" download.
-#
-# VALUE IN BYTES NOT KB OR MB!!!!
-#
-# Default:
-# KEEPBACKBUFFER 200000
-
-#
-# This setting complements KEEPBACKBUFFER. It tells how many Seconds to
-# initially receive data from server, before sending anything to client.
-# Even trickling is not done before this time elapses. This way files that
-# are received fast are more secure and user can get virus report page for
-# files bigger than KEEPBACKBUFFER.
-#
-# Setting to 0 will disable this, and only KEEPBACKBUFFER is used.
-#
-# Default:
-# KEEPBACKTIME 5
-
-#
-# After Trickling Time (seconds), some bytes are sent to browser
-# to keep the connection alive. Trickling is not needed if timeouts
-# are not expected for files smaller than KEEPBACKBUFFER, but it is
-# recommended to set anyway.
-#
-# 0 = No Trickling
-#
-# Default:
-# TRICKLING 30
-
-#
-# Send this many bytes to browser every TRICKLING seconds, see above
-#
-# Default:
-# TRICKLINGBYTES 1
-
-#
-# Downloads larger than MAXDOWNLOADSIZE will be blocked.
-# Only if not Whitelisted!
-#
-# VALUE IN BYTES NOT KB OR MB!!!!
-# 0 = Unlimited Downloads
-#
-# Default:
-# MAXDOWNLOADSIZE 0
-
-#
-# Space separated list of strings to partially match User-Agent: header.
-# These are used for streaming content, so scanning is generally not needed
-# and tempfiles grow unnecessary. Remember when enabled, that user could
-# fake header and pass some scanning. HTTP Range requests are allowed for
-# these, so players can seek content.
-#
-# You can uncomment here a list of most popular players.
-#
-# Default: NONE
-# STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS
-
-#
-# Bytes to scan from beginning of streams.
-# When set to 0, STREAMUSERAGENT scanning will be completely disabled.
-# It is not recommended as there are some exploits for players.
-#
-# Default:
-# STREAMSCANSIZE 20000
-
-#
-# Disable mandatory locking (dynamic scanning) for certain file types.
-# This is intended for fixing cases where a scanner forces use of mmap()
-# call. Mandatory locking might not allow this, so you could get errors
-# regarding memory allocation or I/O. You can test the "None" option
-# anyway, as it might even work depending on your OS (some Linux seems
-# to allow mand+mmap).
-#
-# Allowed values:
-# None
-# ClamAV:BinHex (mmap forced in versions older than 0.96)
-# ClamAV:PDF (mmap forced in versions older than 0.96)
-# ClamAV:ZIP (mmap forced in 0.93.x, should work in 0.94)
-# AVG:ALL (AVG 8.5 does not work, uses mmap MAP_SHARED)
-#
-# Default:
-# DISABLELOCKINGFOR AVG:ALL
-
-#
-# Whitelist specific viruses by case-insensitive substring match.
-# For example, "Oversized." and "Encrypted." are good candidates,
-# if you can't disable those checks any other way.
-#
-# Default: NONE
-# IGNOREVIRUS Oversized. Encrypted. Phishing.
-
-
-#####
-##### ClamAV Library Scanner (libclamav)
-#####
-
-ENABLECLAMLIB false
-
-# HAVP uses libclamav hardcoded pattern directory, which usually is
-# /usr/local/share/clamav. You only need to set CLAMDBDIR, if you are
-# using non-default DatabaseDirectory setting in clamd.conf.
-#
-# Default: NONE
-# CLAMDBDIR /path/to/directory
-
-# Should we block broken executables?
-#
-# Default:
-# CLAMBLOCKBROKEN false
-
-# Should we block encrypted archives?
-#
-# Default:
-# CLAMBLOCKENCRYPTED false
-
-# Should we block files that go over maximum archive limits?
-#
-# Default:
-# CLAMBLOCKMAX false
-
-# Scanning limits?
-# You can find some additional info from documentation or clamd.conf
-#
-# Stop when this many total bytes scanned (MB)
-# CLAMMAXSCANSIZE 20
-#
-# Stop when this many files have been scanned
-# CLAMMAXFILES 50
-#
-# Don't scan files over this size (MB)
-# CLAMMAXFILESIZE 100
-#
-# Maximum archive recursion
-# CLAMMAXRECURSION 8
-
-
-#####
-##### ClamAV Socket Scanner (clamd)
-#####
-##### NOTE: ClamAV Library Scanner should be preferred (less overhead)
-#####
-
-ENABLECLAMD false
-
-# Path to clamd socket
-#
-# Default:
-# CLAMDSOCKET /tmp/clamd
-
-# ..OR if you use clamd TCP socket, uncomment to enable use
-#
-# Clamd daemon needs to run on the same server as HAVP
-#
-# Default: NONE
-# CLAMDSERVER 127.0.0.1
-# CLAMDPORT 3310
-
-
-#####
-##### F-Prot Socket Scanner
-#####
-
-ENABLEFPROT false
-
-# F-Prot daemon needs to run on same server as HAVP
-#
-# Default:
-# FPROTSERVER 127.0.0.1
-# FPROTPORT 10200
-
-# F-Prot options (only for version 6+ !)
-#
-# See "fpscand-client.sh --help" for possible options.
-#
-# At the moment:
-# --scanlevel=<n> Which scanlevel to use, 0-4 (2).
-# --heurlevel=<n> How aggressive heuristics should be used, 0-4 (2).
-# --archive=<n> Scan inside supported archives n levels deep 1-99 (5).
-# --adware Instructs the daemon to flag adware.
-# --applications Instructs the daemon to flag potentially unwanted applications.
-#
-# Default: NONE
-# FPROTOPTIONS --scanlevel=2 --heurlevel=2
-
-
-#####
-##### AVG Socket Scanner
-#####
-
-ENABLEAVG false
-
-# AVG daemon needs to run on the same server as HAVP
-#
-# Default:
-# AVGSERVER 127.0.0.1
-# AVGPORT 55555
-
-
-#####
-##### Kaspersky Socket Scanner
-#####
-
-ENABLEAVESERVER false
-
-# Path to aveserver socket
-#
-# Default:
-# AVESOCKET /var/run/aveserver
-
-
-#####
-##### Sophos Scanner (Sophie)
-#####
-
-ENABLESOPHIE false
-
-# Path to sophie socket
-#
-# Default:
-# SOPHIESOCKET /var/run/sophie
-
-
-#####
-##### Trend Micro Library Scanner (Trophie)
-#####
-
-ENABLETROPHIE false
-
-# Scanning limits inside archives (filesize = MB):
-#
-# Default:
-# TROPHIEMAXFILES 50
-# TROPHIEMAXFILESIZE 10
-# TROPHIEMAXRATIO 250
-
-
-#####
-##### NOD32 Socket Scanner
-#####
-
-ENABLENOD32 false
-
-# Path to nod32d socket
-#
-# For 3.0+ version, try /tmp/esets.sock
-#
-# Default:
-# NOD32SOCKET /tmp/nod32d.sock
-
-# Used NOD32 Version
-#
-# 30 = 3.0+
-# 25 = 2.5+
-# 21 = 2.x (very old)
-#
-# Default:
-# NOD32VERSION 25
-
-
-#####
-##### Avast! Socket Scanner
-#####
-
-ENABLEAVAST false
-
-# Path to avastd socket
-#
-# Default:
-# AVASTSOCKET /var/run/avast4/local.sock
-
-# ..OR if you use avastd TCP socket, uncomment to enable use
-#
-# Avast daemon needs to run on the same server as HAVP
-#
-# Default: NONE
-# AVASTSERVER 127.0.0.1
-# AVASTPORT 5036
-
-
-#####
-##### Arcavir Socket Scanner
-#####
-
-ENABLEARCAVIR false
-
-# Path to arcavird socket
-#
-# For version 2008, default socket is /var/run/arcad.ctl
-#
-# Default:
-# ARCAVIRSOCKET /var/run/arcavird.socket
-
-# Used Arcavir version
-# 2007 = Version 2007 and earlier
-# 2008 = Version 2008 and later
-#
-# Default:
-# ARCAVIRVERSION 2007
-
-
-#####
-##### DrWeb Socket Scanner
-#####
-
-ENABLEDRWEB false
-
-# Enable heuristic scanning?
-#
-# Default:
-# DRWEBHEURISTIC true
-
-# Enable malware detection?
-# (Adware, Dialer, Joke, Riskware, Hacktool)
-#
-# Default:
-# DRWEBMALWARE true
-
-# Path to drwebd socket
-#
-# Default:
-# DRWEBSOCKET /var/drweb/run/.daemon
-
-# ..OR if you use drwebd TCP socket, uncomment to enable use
-#
-# DrWeb daemon needs to run on the same server as HAVP
-#
-# Default: NONE
-# DRWEBSERVER 127.0.0.1
-# DRWEBPORT 3000
-
--- a/.pc/04_params.cpp.patch/havp/params.cpp Wed Jun 18 16:19:01 2014 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,443 +0,0 @@
-/***************************************************************************
- params.cpp - description
- -------------------
- begin : So Feb 20 2005
- copyright : (C) 2005 by Peter Sebald / Christian Hilgers
- email : christian@hilgers.ag
- ***************************************************************************/
-
-/***************************************************************************
- * *
- * This program is free software; you can redistribute it and/or modify *
- * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; either version 2 of the License, or *
- * (at your option) any later version. *
- * *
- ***************************************************************************/
-
-#include "default.h"
-#include "params.h"
-#include "utils.h"
-
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <iostream>
-#include <fstream>
-#include <cstdlib>
-
-#ifndef INADDR_NONE
-#define INADDR_NONE ((unsigned long) -1)
-#endif
-
-map <string,string> Params::params;
-
-void Params::SetDefaults()
-{
- SetConfig("DISPLAYINITIALMESSAGES", "true");
- SetConfig("USER", "havp");
- SetConfig("GROUP", "havp");
- SetConfig("DAEMON", "true");
- SetConfig("SERVERNUMBER", "8");
- SetConfig("MAXSERVERS", "150");
- SetConfig("PORT", "8080");
- SetConfig("BIND_ADDRESS", "");
- SetConfig("SOURCE_ADDRESS", "");
- SetConfig("PARENTPROXY", "");
- SetConfig("PARENTPORT", "0");
- SetConfig("PARENTUSER", "");
- SetConfig("PARENTPASSWORD", "");
- SetConfig("ACCESSLOG", ACCESSLOG);
- SetConfig("VIRUSLOG", "");
- SetConfig("ERRORLOG", ERRORLOG);
- SetConfig("TIMEFORMAT", "%d/%m/%Y %H:%M:%S");
- SetConfig("LOG_OKS", "true");
- SetConfig("LOGLEVEL", "0");
- SetConfig("USESYSLOG", "false");
- SetConfig("SYSLOGNAME", "havp");
- SetConfig("SYSLOGFACILITY", "daemon");
- SetConfig("SYSLOGLEVEL", "info");
- SetConfig("SYSLOGVIRUSLEVEL","warning");
- SetConfig("SCANIMAGES", "true");
- SetConfig("SKIPMIME", "");
- SetConfig("SCANMIME", "");
- SetConfig("MAXSCANSIZE", "5000000");
- SetConfig("KEEPBACKBUFFER", "200000");
- SetConfig("KEEPBACKTIME", "5");
- SetConfig("TRICKLING", "30");
- SetConfig("TRICKLINGBYTES", "1");
- SetConfig("WHITELISTFIRST", "true");
- SetConfig("WHITELIST", WHITELISTFILE);
- SetConfig("BLACKLIST", BLACKLISTFILE);
- SetConfig("TEMPLATEPATH", TEMPLATEPATH);
- SetConfig("TEMPDIR", "/var/tmp");
- SetConfig("SCANTEMPFILE", "/var/tmp/havp/havp-XXXXXX");
- SetConfig("PIDFILE", PIDFILE);
- SetConfig("TRANSPARENT", "false");
- SetConfig("RANGE", "false");
- SetConfig("PRELOADZIPHEADER","true");
- SetConfig("FORWARDED_IP", "false");
- SetConfig("X_FORWARDED_FOR","false");
- SetConfig("STREAMUSERAGENT","");
- SetConfig("STREAMSCANSIZE", "20000");
- SetConfig("DBRELOAD", "60");
- SetConfig("FAILSCANERROR", "true");
- SetConfig("MAXDOWNLOADSIZE","0");
- SetConfig("SCANNERTIMEOUT", "10");
- SetConfig("IGNOREVIRUS", "");
- SetConfig("DISABLELOCKINGFOR","AVG:ALL");
-//SCANNERS
- SetConfig("ENABLECLAMLIB","false");
- SetConfig("CLAMDBDIR","");
- SetConfig("CLAMBLOCKBROKEN","false");
- SetConfig("CLAMBLOCKMAX","false");
- SetConfig("CLAMBLOCKENCRYPTED","false");
- SetConfig("CLAMMAXSCANSIZE","20");
- SetConfig("CLAMMAXFILES","50");
- SetConfig("CLAMMAXFILESIZE","100");
- SetConfig("CLAMMAXRECURSION","8");
- SetConfig("ENABLECLAMD","false");
- SetConfig("CLAMDSOCKET","/tmp/clamd");
- SetConfig("CLAMDSERVER","");
- SetConfig("CLAMDPORT","3310");
- SetConfig("ENABLEAVG","false");
- SetConfig("AVGSERVER","127.0.0.1");
- SetConfig("AVGPORT","55555");
- SetConfig("ENABLEAVESERVER","false");
- SetConfig("AVESOCKET","/var/run/aveserver");
- SetConfig("ENABLEFPROT","false");
- SetConfig("FPROTPORT","10200");
- SetConfig("FPROTSERVER","127.0.0.1");
- SetConfig("FPROTOPTIONS","");
- SetConfig("ENABLENOD32","false");
- SetConfig("NOD32SOCKET","/tmp/nod32d.sock");
- SetConfig("NOD32VERSION","25");
- SetConfig("ENABLETROPHIE","false");
- SetConfig("TROPHIEMAXFILES","50");
- SetConfig("TROPHIEMAXFILESIZE","10");
- SetConfig("TROPHIEMAXRATIO","250");
- SetConfig("ENABLESOPHIE","false");
- SetConfig("SOPHIESOCKET","/var/run/sophie");
- SetConfig("ENABLEAVAST","false");
- SetConfig("AVASTSOCKET","/var/run/avast4/local.sock");
- SetConfig("AVASTSERVER","");
- SetConfig("AVASTPORT","5036");
- SetConfig("ENABLEARCAVIR","false");
- SetConfig("ARCAVIRSOCKET","/var/run/arcavird.socket");
- SetConfig("ARCAVIRVERSION","2007");
- SetConfig("ENABLEDRWEB","false");
- SetConfig("DRWEBSOCKET","/var/drweb/run/.daemon");
- SetConfig("DRWEBSERVER","");
- SetConfig("DRWEBPORT","3000");
- SetConfig("DRWEBHEURISTIC","true");
- SetConfig("DRWEBMALWARE","true");
-}
-
-bool Params::ReadConfig( string file )
-{
- ifstream input( file.c_str() );
-
- if ( !input )
- {
- cerr << "Could not open config file: " << file << endl;
- return false;
- }
-
- string::size_type Position;
- string line, key, val;
-
- while ( input )
- {
- getline( input, line );
-
- //Strip whitespace from beginning and end
- if ( (Position = line.find_first_not_of(" \t")) != string::npos )
- {
- line = line.substr(Position, (line.find_last_not_of(" \t", string::npos) - Position) + 1);
- }
-
- //Read next if nothing found
- if ( (Position == string::npos) || (line.size() == 0) ) continue;
-
- //Read next if commented
- if ( line.substr(0, 1) == "#" ) continue;
-
- //Find key and value
- if ( (Position = line.find_first_of(" \t")) != string::npos )
- {
- key = line.substr(0, Position);
-
- if ( key == "REMOVETHISLINE" )
- {
- cout << "Configuration is not edited!" << endl;
- cout << "You must delete REMOVETHISLINE option." << endl;
- cout << "Review the configuration carefully. :)" << endl;
- return false;
- }
-
- if ( (Position = line.find_first_not_of(" \t", Position + 1)) == string::npos )
- {
- cout << "Invalid Config Line: " << line << endl;
- return false;
- }
-
- val = line.substr( Position );
-
- Params::SetConfig( key, val );
- }
- else
- {
- cout << "Invalid Config Line: " << line << endl;
- return false;
- }
- }
-
- input.close();
-
- return true;
-}
-
-void Params::SetConfig( string param, string value )
-{
- string TempParams[] = {CONFIGPARAMS};
- bool ParamFound = false;
-
- param = UpperCase(param);
-
- for ( unsigned int i = 0; i < sizeof(TempParams)/sizeof(string); i++ )
- {
- if ( param == TempParams[i] )
- {
- ParamFound = true;
- }
- }
-
- if ( ParamFound )
- {
- if ( UpperCase(value) == "TRUE" || UpperCase(value) == "FALSE" )
- {
- value = UpperCase(value);
- }
-
- params[param] = value;
- }
- else
- {
- cout << "Unknown Config Parameter: " << param << endl;
- cout << "Exiting.." << endl;
- exit(1);
- }
-}
-
-int Params::GetConfigInt( string param )
-{
- return atoi( params[param].c_str() );
-}
-
-bool Params::GetConfigBool( string param )
-{
- if ( params[param] == "TRUE" )
- {
- return true;
- }
- else
- {
- return false;
- }
-}
-
-string Params::GetConfigString( string param )
-{
- return params[param];
-}
-
-void Params::ShowConfig( string cfgfile )
-{
- cout << endl << "# Using HAVP config: " << cfgfile << endl << endl;
- typedef map<string,string>::const_iterator CI;
- for(CI p = params.begin(); p != params.end(); ++p)
- {
- cout << p->first << "=" << p->second << '\n';
- }
- cout << endl;
-}
-
-void Params::Usage()
-{
- cout << endl << "Usage: havp [Options]" << endl << endl;
- cout << "HAVP Version " << VERSION << endl << endl;
- cout << "Possible options are:" << endl;
- cout << "--help | -h This pamphlet" << endl;
- cout << "--conf-file=FileName | -c Filename Use this Config-File" << endl;
- cout << "--show-config | -s Show configuration HAVP is using" << endl << endl;
-}
-
-bool Params::SetParams( int argvT, char* argcT[] )
-{
- string option, value;
- string::size_type i1, i2;
-
- string cfgfile = CONFIGFILE;
- bool showconf = false;
-
- SetDefaults();
-
- while ( --argvT )
- {
- value = *++argcT;
- i1 = value.find_first_not_of("-");
-
- //No GNU options
- if ( i1 == 1 )
- {
- option = value.substr(i1, 1);
-
- if ( option == "c" )
- {
- --argvT;
-
- if ( argvT == 0 )
- {
- Usage();
- return false;
- }
- value = *++argcT;
- }
- else if ( option == "s" )
- {
- showconf = true;
- }
- else
- {
- Usage();
- return false;
- }
- }
- //GNU options
- else if ( i1 == 2 )
- {
- if ( (i2 = value.find("=")) != string::npos )
- {
- option = value.substr(i1, i2 - i1);
-
- if ( value.size() > i2 + 1 )
- {
- value = value.substr(i2 + 1);
- }
- else
- {
- Usage();
- return false;
- }
- }
- else
- {
- option = value.substr(i1);
- value = "";
- }
- }
- else
- {
- Usage();
- return false;
- }
-
- if ( option == "help" )
- {
- Usage();
- return false;
- }
- else if ( option == "show-config" )
- {
- showconf = true;
- }
- else if ( option == "conf-file" || option == "c" )
- {
- if (value == "")
- {
- Usage();
- return false;
- }
-
- cfgfile = value;
- }
- else if ( showconf == true )
- {
- //Nothing: prevent Usage
- }
- else
- {
- Usage();
- return false;
- }
- }
-
- if ( ReadConfig( cfgfile ) == false )
- {
- return false;
- }
-
- if ( showconf == true )
- {
- ShowConfig( cfgfile );
- return false;
- }
-
- return TestConfig();
-}
-
-//Test that some options are sane
-bool Params::TestConfig()
-{
- if ( Params::GetConfigInt("SERVERNUMBER") < 1 )
- {
- cout << "Invalid Config: SERVERNUMBER needs to be greater than 0" << endl;
- return false;
- }
- if ( Params::GetConfigString("ACCESSLOG").substr(0,1) != "/"
- || (Params::GetConfigString("VIRUSLOG") != "" && Params::GetConfigString("VIRUSLOG").substr(0,1) != "/")
- || Params::GetConfigString("ERRORLOG").substr(0,1) != "/" )
- {
- cout << "Invalid Config: Log paths need to be abolute" << endl;
- return false;
- }
- if ( Params::GetConfigString("SCANTEMPFILE").find("XXXXXX") == string::npos )
- {
- cout << "Invalid Config: SCANTEMPFILE must contain string \"XXXXXX\"" << endl;
- return false;
- }
- if ( Params::GetConfigInt("MAXSERVERS") > 500 )
- {
- cout << "Note: MAXSERVERS is unusually high! You are sure you want this?" << endl;
- }
- if ( Params::GetConfigString("BIND_ADDRESS") == "NULL" ) Params::SetConfig("BIND_ADDRESS","");
- if ( Params::GetConfigString("BIND_ADDRESS") != "" )
- {
- if ( inet_addr( Params::GetConfigString("BIND_ADDRESS").c_str() ) == INADDR_NONE )
- {
- cout << "Invalid Config: Invalid BIND_ADDRESS" << endl;
- return false;
- }
- }
- if ( Params::GetConfigString("SOURCE_ADDRESS") == "NULL" ) Params::SetConfig("SOURCE_ADDRESS","");
- if ( Params::GetConfigString("SOURCE_ADDRESS") != "" )
- {
- if ( inet_addr( Params::GetConfigString("SOURCE_ADDRESS").c_str() ) == INADDR_NONE )
- {
- cout << "Invalid Config: Invalid SOURCE_ADDRESS" << endl;
- return false;
- }
- }
- if ( Params::GetConfigString("PARENTPROXY") != "" && Params::GetConfigInt("PARENTPORT") < 1 )
- {
- cout << "Invalid Config: Invalid PARENTPROXY/PARENTPORT" << endl;
- return false;
- }
- if ( Params::GetConfigInt("TRICKLING") > 0 && Params::GetConfigInt("TRICKLINGBYTES") < 1 )
- {
- cout << "Invalid Config: TRICKLINGBYTES needs to be greater than 0" << endl;
- return false;
- }
-
- return true;
-}
--- a/.pc/05_add_ssltimeout_option.patch/etc/havp/havp.config.in Wed Jun 18 16:19:01 2014 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,670 +0,0 @@
-#
-# This is the configuration file for HAVP
-#
-# All lines starting with a hash (#) or empty lines are ignored.
-# Uncomment parameters you want to change!
-#
-# All parameters configurable in this file are explained and their default
-# values are shown. If no default value is defined "NONE" is specified.
-#
-# General syntax: Parameter Value
-# Value can be: true/false, number, or path
-#
-# Extra spaces and tabs are ignored.
-#
-
-# You must remove this line for HAVP to start.
-# This makes sure you have (hopefully) reviewed the configuration. :)
-# Hint: You must enable some scanner! Find them in the end..
-# REMOVETHISLINE deleteme
-
-#
-# For reasons of security it is recommended to run a proxy program
-# without root rights. It is recommended to create user that is not
-# used by any other program.
-#
-# Default:
-# USER havp
-# GROUP havp
-
-# If this is true HAVP is running as daemon in background.
-# For testing you may run HAVP at your text console.
-#
-# Default:
-# DAEMON true
-
-#
-# Process id (PID) of the main HAVP process is written to this file.
-# Be sure that it is writeable by the user under which HAVP is running.
-# /etc/init.d/havp script requires this to work.
-#
-# Default:
-# PIDFILE @localstatedir@/run/havp/havp.pid
-
-#
-# For performance reasons several instances of HAVP have to run.
-# Specify how many servers (child processes) are simultaneously
-# listening on port PORT for a connection. Minimum value should be
-# the peak requests-per-second expected + 5 for headroom. For best
-# performance, you should have atleast 1 CPU core per 16 processes.
-#
-# For single user home use, 8 should be minimum.
-# For 500+ users corporate use, start at 40.
-#
-# Value can and should be higher than recommended. Memory and
-# CPU usage is only affected by the number of concurrent requests.
-#
-# More childs are automatically created when needed, up to MAXSERVERS.
-#
-# Default:
-# SERVERNUMBER 8
-# MAXSERVERS 100
-
-#
-# Files where to log requests and info/errors.
-# Needs to have write permission for HAVP user.
-#
-# Default:
-# ACCESSLOG @localstatedir@/log/havp/access.log
-# ERRORLOG @localstatedir@/log/havp/havp.log
-# VIRUSLOG (same as ACCESSLOG)
-
-#
-# Format for timestamps in logfile messages.
-# See: man strftime
-#
-# Default:
-# TIMEFORMAT %d/%m/%Y %H:%M:%S
-
-#
-# Syslog can be used instead of logging to file.
-# For facilities and levels, see "man syslog".
-#
-# Default:
-# USESYSLOG false
-# SYSLOGNAME havp
-# SYSLOGFACILITY daemon
-# SYSLOGLEVEL info
-# SYSLOGVIRUSLEVEL warning
-
-#
-# true: Log every request to access log
-# false: Log only viruses to access log
-#
-# Default:
-# LOG_OKS true
-
-#
-# Level of HAVP logging
-# 0 = Only serious errors and information
-# 1 = Less interesting information is included
-#
-# Default:
-# LOGLEVEL 0
-
-#
-# Temporary scan file.
-# This file must reside on a partition for which mandatory
-# locking is enabled. For Linux, use "-o mand" in mount command.
-# See "man mount" for details. Solaris does not need any special
-# steps, it works directly.
-#
-# Specify absolute path to a file which name must contain "XXXXXX".
-# These characters are used by system to create unique named files.
-#
-# Default:
-# SCANTEMPFILE /var/spool/havp/havp-XXXXXX
-
-#
-# Directory for ClamAV and other scanner created tempfiles.
-# Needs to be writable by HAVP user. Use ramdisk for best performance.
-#
-# Default:
-# TEMPDIR /var/tmp
-
-#
-# HAVP reloads scanners virus database by receiving a signal
-# (send SIGHUP to PID from PIDFILE, see "man kill") or after
-# a specified period of time. Specify here the number of
-# minutes to wait for reloading.
-#
-# This only affects library scanners (clamlib, trophie).
-# Other scanners must be updated manually.
-#
-# Default:
-# DBRELOAD 60
-
-#
-# Run HAVP as transparent Proxy?
-#
-# If you don't know what this means read the mini-howto
-# TransparentProxy written by Daniel Kiracofe.
-# (e.g.: http://www.tldp.org/HOWTO/mini/TransparentProxy.html)
-# Definitely you have more to do than setting this to true.
-# You are warned!
-#
-# Default:
-# TRANSPARENT false
-
-#
-# Specify a parent proxy (e.g. Squid) HAVP should use.
-# If needed, user and password authentication can be used,
-# but only Basic-authentication scheme is supported.
-#
-# Default: NONE
-# PARENTPROXY localhost
-# PARENTPORT 3128
-# PARENTUSER username
-# PARENTPASSWORD password
-
-#
-# Write X-Forwarded-For: to log instead of connecters IP?
-#
-# If HAVP is used as parent proxy by some other proxy, this allows
-# to write the real users IP to log, instead of proxy IP.
-#
-# Default:
-# FORWARDED_IP false
-
-#
-# Send X-Forwarded-For: header to servers?
-#
-# If client sent this header, FORWARDED_IP setting defines the value,
-# then it is passed on. You might want to keep this disabled for security
-# reasons. Enable this if you use your own parent proxy after HAVP, so it
-# will see the original client IP.
-#
-# Disabling this also disables Via: header generation.
-#
-# Default:
-# X_FORWARDED_FOR false
-
-#
-# Port HAVP is listening on.
-#
-# Default:
-# PORT 8080
-
-#
-# IP address that HAVP listens on.
-# Let it be undefined to bind all addresses.
-#
-# Default: NONE
-# BIND_ADDRESS 127.0.0.1
-
-#
-# IP address used for sending outbound packets.
-# Let it be undefined if you want OS to handle right address.
-#
-# Default: NONE
-# SOURCE_ADDRESS 1.2.3.4
-
-#
-# Path to template files.
-#
-# Default:
-# TEMPLATEPATH @sysconfdir@/havp/templates/en
-
-#
-# Set to true if you want to prefer Whitelist.
-# If URL is Whitelisted, then Blacklist is ignored.
-# Otherwise Blacklist is preferred.
-#
-# Default:
-# WHITELISTFIRST true
-
-#
-# List of URLs not to scan.
-#
-# Default:
-# WHITELIST @sysconfdir@/havp/whitelist
-
-#
-# List of URLs that are denied access.
-#
-# Default:
-# BLACKLIST @sysconfdir@/havp/blacklist
-
-#
-# Is scanner error fatal?
-#
-# For example, archive types that are not supported by scanner
-# may return error. Also if scanner has invalid pattern files etc.
-#
-# true: User gets error page
-# false: No error is reported (viruses might not be detected)
-#
-# Default:
-# FAILSCANERROR true
-
-# SSL connections may be silent for a while (mostly when "abused"
-# for other communication than HTTP). HAVP disconnects these connections
-# after several seconds.
-#
-# Default:
-# SSLTIMEOUT 20
-
-#
-# When scanning takes longer than this, it will be aborted.
-# Timer is started after HAVP has fully received all data.
-# If set too low, complex files/archives might produce timeout.
-# Timeout is always a fatal error regardless of FAILSCANERROR.
-#
-# Time in minutes!
-#
-# Default:
-# SCANNERTIMEOUT 10
-
-#
-# Allow HTTP Range requests?
-#
-# false: Broken downloads can NOT be resumed
-# true: Broken downloads can be resumed
-#
-# Allowing Range is a security risk, because partial
-# HTTP requests may not be properly scanned.
-#
-# Whitelisted sites are allowed to use Range in any case.
-#
-# Default:
-# RANGE false
-
-#
-# Allow HTTP Range request to get the ZIP header first?
-#
-# This allows (partial) scanning of ZIP files that are bigger than
-# MAXSCANSIZE. Scanning is done up to that many bytes into the file.
-#
-# Default:
-# PRELOADZIPHEADER true
-
-#
-# If you really need more performance, you can disable scanning of
-# JPG, GIF and PNG files. These are probably the most common files
-# around, so it will save lots of CPU. But be warned, image exploits
-# exist and more could be found. Think twice if you want to disable!
-#
-# In addition of checking Content-Type: image/*, this setting uses
-# file magic to make sure the file is really image.
-#
-# Also see SCANMIME/SKIPMIME settings to control scanning based
-# on just the Content-Type header.
-#
-# Default:
-# SCANIMAGES true
-
-#
-# What MIME types NOT to scan. For performance reasons, you could
-# exclude all media types.
-#
-# Based on Content-Type: header as given by the HTTP server.
-# Note that it is easy to forge and should not be trusted.
-#
-# Basic wildcard match supported.
-#
-# Default: NONE
-# SKIPMIME image/* video/* audio/*
-
-#
-# If set, then ONLY these MIME types will be scanned.
-#
-# Based on Content-Type: header as given by the HTTP server.
-# Note that it is easy to forge and should not be trusted.
-#
-# Basic wildcard match supported.
-#
-# Default: NONE
-# SCANMIME application/*
-
-#
-# Temporary file will grow only up to this size. This means scanner
-# will scan data until this limit is reached.
-#
-# There are two sides to this setting. By limiting the size, you gain
-# performance, less waiting for big files and less needed temporary space.
-# But there is slightly higher chance of virus slipping through (though
-# scanning large archives should not be gateways function, HAVP is more
-# geared towards small exploit detection etc).
-#
-# VALUE IN BYTES NOT KB OR MB!!!!
-# 0 = No size limit
-#
-# Default:
-# MAXSCANSIZE 5000000
-
-#
-# Amount of data going to browser that is held back, until it
-# is scanned. When we know file is clean, this held back data
-# can be sent to browser. You can safely set bigger value, only
-# thing you will notice is some "delay" in beginning of download.
-# Virus found in files bigger than this might not produce HAVP
-# error page, but result in a "broken" download.
-#
-# VALUE IN BYTES NOT KB OR MB!!!!
-#
-# Default:
-# KEEPBACKBUFFER 200000
-
-#
-# This setting complements KEEPBACKBUFFER. It tells how many Seconds to
-# initially receive data from server, before sending anything to client.
-# Even trickling is not done before this time elapses. This way files that
-# are received fast are more secure and user can get virus report page for
-# files bigger than KEEPBACKBUFFER.
-#
-# Setting to 0 will disable this, and only KEEPBACKBUFFER is used.
-#
-# Default:
-# KEEPBACKTIME 5
-
-#
-# After Trickling Time (seconds), some bytes are sent to browser
-# to keep the connection alive. Trickling is not needed if timeouts
-# are not expected for files smaller than KEEPBACKBUFFER, but it is
-# recommended to set anyway.
-#
-# 0 = No Trickling
-#
-# Default:
-# TRICKLING 30
-
-#
-# Send this many bytes to browser every TRICKLING seconds, see above
-#
-# Default:
-# TRICKLINGBYTES 1
-
-#
-# Downloads larger than MAXDOWNLOADSIZE will be blocked.
-# Only if not Whitelisted!
-#
-# VALUE IN BYTES NOT KB OR MB!!!!
-# 0 = Unlimited Downloads
-#
-# Default:
-# MAXDOWNLOADSIZE 0
-
-#
-# Space separated list of strings to partially match User-Agent: header.
-# These are used for streaming content, so scanning is generally not needed
-# and tempfiles grow unnecessary. Remember when enabled, that user could
-# fake header and pass some scanning. HTTP Range requests are allowed for
-# these, so players can seek content.
-#
-# You can uncomment here a list of most popular players.
-#
-# Default: NONE
-# STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS
-
-#
-# Bytes to scan from beginning of streams.
-# When set to 0, STREAMUSERAGENT scanning will be completely disabled.
-# It is not recommended as there are some exploits for players.
-#
-# Default:
-# STREAMSCANSIZE 20000
-
-#
-# Disable mandatory locking (dynamic scanning) for certain file types.
-# This is intended for fixing cases where a scanner forces use of mmap()
-# call. Mandatory locking might not allow this, so you could get errors
-# regarding memory allocation or I/O. You can test the "None" option
-# anyway, as it might even work depending on your OS (some Linux seems
-# to allow mand+mmap).
-#
-# Allowed values:
-# None
-# ClamAV:BinHex (mmap forced in versions older than 0.96)
-# ClamAV:PDF (mmap forced in versions older than 0.96)
-# ClamAV:ZIP (mmap forced in 0.93.x, should work in 0.94)
-# AVG:ALL (AVG 8.5 does not work, uses mmap MAP_SHARED)
-#
-# Default:
-# DISABLELOCKINGFOR AVG:ALL
-
-#
-# Whitelist specific viruses by case-insensitive substring match.
-# For example, "Oversized." and "Encrypted." are good candidates,
-# if you can't disable those checks any other way.
-#
-# Default: NONE
-# IGNOREVIRUS Oversized. Encrypted. Phishing.
-
-
-#####
-##### ClamAV Library Scanner (libclamav)
-#####
-
-ENABLECLAMLIB true
-
-# HAVP uses libclamav hardcoded pattern directory, which usually is
-# /usr/share/clamav. You only need to set CLAMDBDIR, if you are
-# using non-default DatabaseDirectory setting in clamd.conf.
-#
-# Default: NONE
-# CLAMDBDIR /var/lib/clamav
-
-# Should we block broken executables?
-#
-# Default:
-# CLAMBLOCKBROKEN false
-
-# Should we block encrypted archives?
-#
-# Default:
-# CLAMBLOCKENCRYPTED false
-
-# Should we block files that go over maximum archive limits?
-#
-# Default:
-# CLAMBLOCKMAX false
-
-# Scanning limits?
-# You can find some additional info from documentation or clamd.conf
-#
-# Stop when this many total bytes scanned (MB)
-# CLAMMAXSCANSIZE 20
-#
-# Stop when this many files have been scanned
-# CLAMMAXFILES 50
-#
-# Don't scan files over this size (MB)
-# CLAMMAXFILESIZE 100
-#
-# Maximum archive recursion
-# CLAMMAXRECURSION 8
-
-
-#####
-##### ClamAV Socket Scanner (clamd)
-#####
-##### NOTE: ClamAV Library Scanner should be preferred (less overhead)
-#####
-
-ENABLECLAMD false
-
-# Path to clamd socket
-#
-# Default:
-# CLAMDSOCKET /tmp/clamd
-
-# ..OR if you use clamd TCP socket, uncomment to enable use
-#
-# Clamd daemon needs to run on the same server as HAVP
-#
-# Default: NONE
-# CLAMDSERVER 127.0.0.1
-# CLAMDPORT 3310
-
-
-#####
-##### F-Prot Socket Scanner
-#####
-
-ENABLEFPROT false
-
-# F-Prot daemon needs to run on same server as HAVP
-#
-# Default:
-# FPROTSERVER 127.0.0.1
-# FPROTPORT 10200
-
-# F-Prot options (only for version 6+ !)
-#
-# See "fpscand-client.sh --help" for possible options.
-#
-# At the moment:
-# --scanlevel=<n> Which scanlevel to use, 0-4 (2).
-# --heurlevel=<n> How aggressive heuristics should be used, 0-4 (2).
-# --archive=<n> Scan inside supported archives n levels deep 1-99 (5).
-# --adware Instructs the daemon to flag adware.
-# --applications Instructs the daemon to flag potentially unwanted applications.
-#
-# Default: NONE
-# FPROTOPTIONS --scanlevel=2 --heurlevel=2
-
-
-#####
-##### AVG Socket Scanner
-#####
-
-ENABLEAVG false
-
-# AVG daemon needs to run on the same server as HAVP
-#
-# Default:
-# AVGSERVER 127.0.0.1
-# AVGPORT 55555
-
-
-#####
-##### Kaspersky Socket Scanner
-#####
-
-ENABLEAVESERVER false
-
-# Path to aveserver socket
-#
-# Default:
-# AVESOCKET /var/run/aveserver
-
-
-#####
-##### Sophos Scanner (Sophie)
-#####
-
-ENABLESOPHIE false
-
-# Path to sophie socket
-#
-# Default:
-# SOPHIESOCKET /var/run/sophie
-
-
-#####
-##### Trend Micro Library Scanner (Trophie)
-#####
-
-ENABLETROPHIE false
-
-# Scanning limits inside archives (filesize = MB):
-#
-# Default:
-# TROPHIEMAXFILES 50
-# TROPHIEMAXFILESIZE 10
-# TROPHIEMAXRATIO 250
-
-
-#####
-##### NOD32 Socket Scanner
-#####
-
-ENABLENOD32 false
-
-# Path to nod32d socket
-#
-# For 3.0+ version, try /tmp/esets.sock
-#
-# Default:
-# NOD32SOCKET /tmp/nod32d.sock
-
-# Used NOD32 Version
-#
-# 30 = 3.0+
-# 25 = 2.5+
-# 21 = 2.x (very old)
-#
-# Default:
-# NOD32VERSION 25
-
-
-#####
-##### Avast! Socket Scanner
-#####
-
-ENABLEAVAST false
-
-# Path to avastd socket
-#
-# Default:
-# AVASTSOCKET /var/run/avast4/local.sock
-
-# ..OR if you use avastd TCP socket, uncomment to enable use
-#
-# Avast daemon needs to run on the same server as HAVP
-#
-# Default: NONE
-# AVASTSERVER 127.0.0.1
-# AVASTPORT 5036
-
-
-#####
-##### Arcavir Socket Scanner
-#####
-
-ENABLEARCAVIR false
-
-# Path to arcavird socket
-#
-# For version 2008, default socket is /var/run/arcad.ctl
-#
-# Default:
-# ARCAVIRSOCKET /var/run/arcavird.socket
-
-# Used Arcavir version
-# 2007 = Version 2007 and earlier
-# 2008 = Version 2008 and later
-#
-# Default:
-# ARCAVIRVERSION 2007
-
-
-#####
-##### DrWeb Socket Scanner
-#####
-
-ENABLEDRWEB false
-
-# Enable heuristic scanning?
-#
-# Default:
-# DRWEBHEURISTIC true
-
-# Enable malware detection?
-# (Adware, Dialer, Joke, Riskware, Hacktool)
-#
-# Default:
-# DRWEBMALWARE true
-
-# Path to drwebd socket
-#
-# Default:
-# DRWEBSOCKET /var/drweb/run/.daemon
-
-# ..OR if you use drwebd TCP socket, uncomment to enable use
-#
-# DrWeb daemon needs to run on the same server as HAVP
-#
-# Default: NONE
-# DRWEBSERVER 127.0.0.1
-# DRWEBPORT 3000
--- a/.pc/05_add_ssltimeout_option.patch/havp/default.h.in Wed Jun 18 16:19:01 2014 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,120 +0,0 @@
-/***************************************************************************
- default.h - description
- -------------------
- begin : Sa Feb 12 2005
- copyright : (C) 2005 by Christian Hilgers
- email : christian@hilgers.ag
- ***************************************************************************/
-
-/***************************************************************************
- * *
- * This program is free software; you can redistribute it and/or modify *
- * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; either version 2 of the License, or *
- * (at your option) any later version. *
- * *
- ***************************************************************************/
-
-
-#ifndef DEFAULT_H
-#define DEFAULT_H
-
-#define VERSION "0.92"
-
-//##############################################################
-//Define if you want to rewrite a URL
-//#define REWRITE URLRewrite["havp"]="www.server-side.de"; URLRewrite["www.havp"]="www.server-side.de";
-
-//##############################################################
-//Parameters in Configurationfile
-
-#define CONFIGPARAMS \
- "WHITELISTFIRST","TEMPDIR","RANGE", "PRELOADZIPHEADER", "USER","GROUP", \
- "SERVERNUMBER","PORT","BIND_ADDRESS","SOURCE_ADDRESS","KEEPBACKBUFFER", \
- "KEEPBACKTIME","TRICKLING","TRICKLINGBYTES","MAXSCANSIZE","WHITELIST","BLACKLIST","PIDFILE", \
- "DAEMON","TRANSPARENT","LOG_OKS","ACCESSLOG","VIRUSLOG","ERRORLOG","TIMEFORMAT","LOGLEVEL", \
- "USESYSLOG","SYSLOGNAME","SYSLOGFACILITY","SYSLOGLEVEL","SYSLOGVIRUSLEVEL","IGNOREVIRUS", \
- "DISPLAYINITIALMESSAGES","DBRELOAD","SCANTEMPFILE","TEMPLATEPATH","DISABLELOCKINGFOR", \
- "PARENTPROXY","PARENTPORT","MAXSERVERS","FORWARDED_IP","X_FORWARDED_FOR","FAILSCANERROR", \
- "MAXDOWNLOADSIZE","SCANNERTIMEOUT","STREAMUSERAGENT","STREAMSCANSIZE","SCANIMAGES", \
- "SKIPMIME","SCANMIME", \
- "ENABLECLAMLIB","CLAMDBDIR","CLAMBLOCKBROKEN","CLAMBLOCKMAX","CLAMBLOCKENCRYPTED", \
- "CLAMMAXFILES","CLAMMAXFILESIZE","CLAMMAXRECURSION","CLAMMAXSCANSIZE", \
- "ENABLEAVG","AVGSERVER","AVGPORT", \
- "ENABLEAVESERVER","AVESOCKET", \
- "ENABLEFPROT","FPROTSERVER","FPROTPORT","FPROTOPTIONS", \
- "ENABLETROPHIE","TROPHIEMAXFILES","TROPHIEMAXFILESIZE","TROPHIEMAXRATIO", \
- "ENABLENOD32","NOD32SOCKET","NOD32VERSION", \
- "ENABLECLAMD","CLAMDSOCKET","CLAMDSERVER","CLAMDPORT", \
- "ENABLESOPHIE","SOPHIESOCKET", \
- "ENABLEAVAST","AVASTSOCKET","AVASTSERVER","AVASTPORT", \
- "ENABLEARCAVIR","ARCAVIRSOCKET","ARCAVIRVERSION", \
- "ENABLEDRWEB","DRWEBSOCKET","DRWEBSERVER","DRWEBPORT","DRWEBHEURISTIC","DRWEBMALWARE", \
- "PARENTUSER", "PARENTPASSWORD"
-//SCANNERS
-
-
-//##############################################################
-//Configuration not setable in havp.config
-
-//CONNTIMEOUT in seconds
-#define CONNTIMEOUT 60
-
-//RECVTIMEOUT in seconds
-#define RECVTIMEOUT 120
-
-//SENDTIMEOUT in seconds
-#define SENDTIMEOUT 120
-
-//Maximum client connection waiting for accept
-#define MAXCONNECTIONS 1024
-
-//Maximum bytes received in one request
-#define MAXRECV 14600
-
-//Maximum logfile line length
-#define STRINGLENGTH 1000
-
-//Maximum hardlock size - do not change
-#define MAXFILELOCKSIZE 1000000000
-
-//Valid Methods
-#define METHODS \
- "GET","POST","HEAD","CONNECT","PUT","TRACE","PURGE","OPTIONS","UNLOCK", \
- "SEARCH","PROPFIND","BPROPFIND","PROPPATCH","BPROPPATCH","MKCOL","COPY", \
- "BCOPY","MOVE","LOCK","BMOVE","DELETE","BDELETE","SUBSCRIBE","UNSUBSCRIBE", \
- "POLL","REPORT","ERROR","NONE","MKACTIVITY","CHECKOUT","MERGE"
-
-//Maximum length of SCANTEMPFILE
-#define MAXSCANTEMPFILELENGTH 200
-
-//Maximum length of http headers
-#define MAXHTTPHEADERLENGTH 65536
-
-// HTML Error String
-#define ERROR_DNS "dns.html"
-#define VIRUS_FOUND "virus.html"
-#define ERROR_SCANNER "scanner.html"
-#define ERROR_DOWN "down.html"
-#define ERROR_INVALID "invalid.html"
-#define ERROR_REQUEST "request.html"
-#define ERROR_BODY "error.html"
-#define ERROR_BLACKLIST "blacklist.html"
-#define ERROR_MAXSIZE "maxsize.html"
-
-// DONT TOUCH - run configure
-#undef CONFIGFILE
-#undef WHITELISTFILE
-#undef BLACKLISTFILE
-#undef TEMPLATEPATH
-#undef ACCESSLOG
-#undef ERRORLOG
-#undef PIDFILE
-#undef NOMAND
-#undef SSLTUNNEL
-#undef USECLAMLIB
-#undef USETROPHIE
-#undef HAVE_SETGROUPS
-#undef HAVE_INITGROUPS
-
-#endif
--- a/.pc/05_add_ssltimeout_option.patch/havp/params.cpp Wed Jun 18 16:19:01 2014 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,443 +0,0 @@
-/***************************************************************************
- params.cpp - description
- -------------------
- begin : So Feb 20 2005
- copyright : (C) 2005 by Peter Sebald / Christian Hilgers
- email : christian@hilgers.ag
- ***************************************************************************/
-
-/***************************************************************************
- * *
- * This program is free software; you can redistribute it and/or modify *
- * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; either version 2 of the License, or *
- * (at your option) any later version. *
- * *
- ***************************************************************************/
-
-#include "default.h"
-#include "params.h"
-#include "utils.h"
-
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <iostream>
-#include <fstream>
-#include <cstdlib>
-
-#ifndef INADDR_NONE
-#define INADDR_NONE ((unsigned long) -1)
-#endif
-
-map <string,string> Params::params;
-
-void Params::SetDefaults()
-{
- SetConfig("DISPLAYINITIALMESSAGES", "true");
- SetConfig("USER", "havp");
- SetConfig("GROUP", "havp");
- SetConfig("DAEMON", "true");
- SetConfig("SERVERNUMBER", "8");
- SetConfig("MAXSERVERS", "150");
- SetConfig("PORT", "8080");
- SetConfig("BIND_ADDRESS", "");
- SetConfig("SOURCE_ADDRESS", "");
- SetConfig("PARENTPROXY", "");
- SetConfig("PARENTPORT", "0");
- SetConfig("PARENTUSER", "");
- SetConfig("PARENTPASSWORD", "");
- SetConfig("ACCESSLOG", ACCESSLOG);
- SetConfig("VIRUSLOG", "");
- SetConfig("ERRORLOG", ERRORLOG);
- SetConfig("TIMEFORMAT", "%d/%m/%Y %H:%M:%S");
- SetConfig("LOG_OKS", "true");
- SetConfig("LOGLEVEL", "0");
- SetConfig("USESYSLOG", "false");
- SetConfig("SYSLOGNAME", "havp");
- SetConfig("SYSLOGFACILITY", "daemon");
- SetConfig("SYSLOGLEVEL", "info");
- SetConfig("SYSLOGVIRUSLEVEL","warning");
- SetConfig("SCANIMAGES", "true");
- SetConfig("SKIPMIME", "");
- SetConfig("SCANMIME", "");
- SetConfig("MAXSCANSIZE", "5000000");
- SetConfig("KEEPBACKBUFFER", "200000");
- SetConfig("KEEPBACKTIME", "5");
- SetConfig("TRICKLING", "30");
- SetConfig("TRICKLINGBYTES", "1");
- SetConfig("WHITELISTFIRST", "true");
- SetConfig("WHITELIST", WHITELISTFILE);
- SetConfig("BLACKLIST", BLACKLISTFILE);
- SetConfig("TEMPLATEPATH", TEMPLATEPATH);
- SetConfig("TEMPDIR", "/var/spool/havp");
- SetConfig("SCANTEMPFILE", "/var/spool/havp/havp-XXXXXX");
- SetConfig("PIDFILE", PIDFILE);
- SetConfig("TRANSPARENT", "false");
- SetConfig("RANGE", "false");
- SetConfig("PRELOADZIPHEADER","true");
- SetConfig("FORWARDED_IP", "false");
- SetConfig("X_FORWARDED_FOR","false");
- SetConfig("STREAMUSERAGENT","");
- SetConfig("STREAMSCANSIZE", "20000");
- SetConfig("DBRELOAD", "60");
- SetConfig("FAILSCANERROR", "true");
- SetConfig("MAXDOWNLOADSIZE","0");
- SetConfig("SCANNERTIMEOUT", "10");
- SetConfig("IGNOREVIRUS", "");
- SetConfig("DISABLELOCKINGFOR","AVG:ALL");
-//SCANNERS
- SetConfig("ENABLECLAMLIB","false");
- SetConfig("CLAMDBDIR","");
- SetConfig("CLAMBLOCKBROKEN","false");
- SetConfig("CLAMBLOCKMAX","false");
- SetConfig("CLAMBLOCKENCRYPTED","false");
- SetConfig("CLAMMAXSCANSIZE","20");
- SetConfig("CLAMMAXFILES","50");
- SetConfig("CLAMMAXFILESIZE","100");
- SetConfig("CLAMMAXRECURSION","8");
- SetConfig("ENABLECLAMD","false");
- SetConfig("CLAMDSOCKET","/tmp/clamd");
- SetConfig("CLAMDSERVER","");
- SetConfig("CLAMDPORT","3310");
- SetConfig("ENABLEAVG","false");
- SetConfig("AVGSERVER","127.0.0.1");
- SetConfig("AVGPORT","55555");
- SetConfig("ENABLEAVESERVER","false");
- SetConfig("AVESOCKET","/var/run/aveserver");
- SetConfig("ENABLEFPROT","false");
- SetConfig("FPROTPORT","10200");
- SetConfig("FPROTSERVER","127.0.0.1");
- SetConfig("FPROTOPTIONS","");
- SetConfig("ENABLENOD32","false");
- SetConfig("NOD32SOCKET","/tmp/nod32d.sock");
- SetConfig("NOD32VERSION","25");
- SetConfig("ENABLETROPHIE","false");
- SetConfig("TROPHIEMAXFILES","50");
- SetConfig("TROPHIEMAXFILESIZE","10");
- SetConfig("TROPHIEMAXRATIO","250");
- SetConfig("ENABLESOPHIE","false");
- SetConfig("SOPHIESOCKET","/var/run/sophie");
- SetConfig("ENABLEAVAST","false");
- SetConfig("AVASTSOCKET","/var/run/avast4/local.sock");
- SetConfig("AVASTSERVER","");
- SetConfig("AVASTPORT","5036");
- SetConfig("ENABLEARCAVIR","false");
- SetConfig("ARCAVIRSOCKET","/var/run/arcavird.socket");
- SetConfig("ARCAVIRVERSION","2007");
- SetConfig("ENABLEDRWEB","false");
- SetConfig("DRWEBSOCKET","/var/drweb/run/.daemon");
- SetConfig("DRWEBSERVER","");
- SetConfig("DRWEBPORT","3000");
- SetConfig("DRWEBHEURISTIC","true");
- SetConfig("DRWEBMALWARE","true");
-}
-
-bool Params::ReadConfig( string file )
-{
- ifstream input( file.c_str() );
-
- if ( !input )
- {
- cerr << "Could not open config file: " << file << endl;
- return false;
- }
-
- string::size_type Position;
- string line, key, val;
-
- while ( input )
- {
- getline( input, line );
-
- //Strip whitespace from beginning and end
- if ( (Position = line.find_first_not_of(" \t")) != string::npos )
- {
- line = line.substr(Position, (line.find_last_not_of(" \t", string::npos) - Position) + 1);
- }
-
- //Read next if nothing found
- if ( (Position == string::npos) || (line.size() == 0) ) continue;
-
- //Read next if commented
- if ( line.substr(0, 1) == "#" ) continue;
-
- //Find key and value
- if ( (Position = line.find_first_of(" \t")) != string::npos )
- {
- key = line.substr(0, Position);
-
- if ( key == "REMOVETHISLINE" )
- {
- cout << "Configuration is not edited!" << endl;
- cout << "You must delete REMOVETHISLINE option." << endl;
- cout << "Review the configuration carefully. :)" << endl;
- return false;
- }
-
- if ( (Position = line.find_first_not_of(" \t", Position + 1)) == string::npos )
- {
- cout << "Invalid Config Line: " << line << endl;
- return false;
- }
-
- val = line.substr( Position );
-
- Params::SetConfig( key, val );
- }
- else
- {
- cout << "Invalid Config Line: " << line << endl;
- return false;
- }
- }
-
- input.close();
-
- return true;
-}
-
-void Params::SetConfig( string param, string value )
-{
- string TempParams[] = {CONFIGPARAMS};
- bool ParamFound = false;
-
- param = UpperCase(param);
-
- for ( unsigned int i = 0; i < sizeof(TempParams)/sizeof(string); i++ )
- {
- if ( param == TempParams[i] )
- {
- ParamFound = true;
- }
- }
-
- if ( ParamFound )
- {
- if ( UpperCase(value) == "TRUE" || UpperCase(value) == "FALSE" )
- {
- value = UpperCase(value);
- }
-
- params[param] = value;
- }
- else
- {
- cout << "Unknown Config Parameter: " << param << endl;
- cout << "Exiting.." << endl;
- exit(1);
- }
-}
-
-int Params::GetConfigInt( string param )
-{
- return atoi( params[param].c_str() );
-}
-
-bool Params::GetConfigBool( string param )
-{
- if ( params[param] == "TRUE" )
- {
- return true;
- }
- else
- {
- return false;
- }
-}
-
-string Params::GetConfigString( string param )
-{
- return params[param];
-}
-
-void Params::ShowConfig( string cfgfile )
-{
- cout << endl << "# Using HAVP config: " << cfgfile << endl << endl;
- typedef map<string,string>::const_iterator CI;
- for(CI p = params.begin(); p != params.end(); ++p)
- {
- cout << p->first << "=" << p->second << '\n';
- }
- cout << endl;
-}
-
-void Params::Usage()
-{
- cout << endl << "Usage: havp [Options]" << endl << endl;
- cout << "HAVP Version " << VERSION << endl << endl;
- cout << "Possible options are:" << endl;
- cout << "--help | -h This pamphlet" << endl;
- cout << "--conf-file=FileName | -c Filename Use this Config-File" << endl;
- cout << "--show-config | -s Show configuration HAVP is using" << endl << endl;
-}
-
-bool Params::SetParams( int argvT, char* argcT[] )
-{
- string option, value;
- string::size_type i1, i2;
-
- string cfgfile = CONFIGFILE;
- bool showconf = false;
-
- SetDefaults();
-
- while ( --argvT )
- {
- value = *++argcT;
- i1 = value.find_first_not_of("-");
-
- //No GNU options
- if ( i1 == 1 )
- {
- option = value.substr(i1, 1);
-
- if ( option == "c" )
- {
- --argvT;
-
- if ( argvT == 0 )
- {
- Usage();
- return false;
- }
- value = *++argcT;
- }
- else if ( option == "s" )
- {
- showconf = true;
- }
- else
- {
- Usage();
- return false;
- }
- }
- //GNU options
- else if ( i1 == 2 )
- {
- if ( (i2 = value.find("=")) != string::npos )
- {
- option = value.substr(i1, i2 - i1);
-
- if ( value.size() > i2 + 1 )
- {
- value = value.substr(i2 + 1);
- }
- else
- {
- Usage();
- return false;
- }
- }
- else
- {
- option = value.substr(i1);
- value = "";
- }
- }
- else
- {
- Usage();
- return false;
- }
-
- if ( option == "help" )
- {
- Usage();
- return false;
- }
- else if ( option == "show-config" )
- {
- showconf = true;
- }
- else if ( option == "conf-file" || option == "c" )
- {
- if (value == "")
- {
- Usage();
- return false;
- }
-
- cfgfile = value;
- }
- else if ( showconf == true )
- {
- //Nothing: prevent Usage
- }
- else
- {
- Usage();
- return false;
- }
- }
-
- if ( ReadConfig( cfgfile ) == false )
- {
- return false;
- }
-
- if ( showconf == true )
- {
- ShowConfig( cfgfile );
- return false;
- }
-
- return TestConfig();
-}
-
-//Test that some options are sane
-bool Params::TestConfig()
-{
- if ( Params::GetConfigInt("SERVERNUMBER") < 1 )
- {
- cout << "Invalid Config: SERVERNUMBER needs to be greater than 0" << endl;
- return false;
- }
- if ( Params::GetConfigString("ACCESSLOG").substr(0,1) != "/"
- || (Params::GetConfigString("VIRUSLOG") != "" && Params::GetConfigString("VIRUSLOG").substr(0,1) != "/")
- || Params::GetConfigString("ERRORLOG").substr(0,1) != "/" )
- {
- cout << "Invalid Config: Log paths need to be abolute" << endl;
- return false;
- }
- if ( Params::GetConfigString("SCANTEMPFILE").find("XXXXXX") == string::npos )
- {
- cout << "Invalid Config: SCANTEMPFILE must contain string \"XXXXXX\"" << endl;
- return false;
- }
- if ( Params::GetConfigInt("MAXSERVERS") > 500 )
- {
- cout << "Note: MAXSERVERS is unusually high! You are sure you want this?" << endl;
- }
- if ( Params::GetConfigString("BIND_ADDRESS") == "NULL" ) Params::SetConfig("BIND_ADDRESS","");
- if ( Params::GetConfigString("BIND_ADDRESS") != "" )
- {
- if ( inet_addr( Params::GetConfigString("BIND_ADDRESS").c_str() ) == INADDR_NONE )
- {
- cout << "Invalid Config: Invalid BIND_ADDRESS" << endl;
- return false;
- }
- }
- if ( Params::GetConfigString("SOURCE_ADDRESS") == "NULL" ) Params::SetConfig("SOURCE_ADDRESS","");
- if ( Params::GetConfigString("SOURCE_ADDRESS") != "" )
- {
- if ( inet_addr( Params::GetConfigString("SOURCE_ADDRESS").c_str() ) == INADDR_NONE )
- {
- cout << "Invalid Config: Invalid SOURCE_ADDRESS" << endl;
- return false;
- }
- }
- if ( Params::GetConfigString("PARENTPROXY") != "" && Params::GetConfigInt("PARENTPORT") < 1 )
- {
- cout << "Invalid Config: Invalid PARENTPROXY/PARENTPORT" << endl;
- return false;
- }
- if ( Params::GetConfigInt("TRICKLING") > 0 && Params::GetConfigInt("TRICKLINGBYTES") < 1 )
- {
- cout << "Invalid Config: TRICKLINGBYTES needs to be greater than 0" << endl;
- return false;
- }
-
- return true;
-}
--- a/.pc/05_add_ssltimeout_option.patch/havp/sockethandler.cpp Wed Jun 18 16:19:01 2014 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,654 +0,0 @@
-/***************************************************************************
- sockethandler.cpp - description
- -------------------
- begin : Sa Feb 12 2005
- copyright : (C) 2005 by Christian Hilgers
- email : christian@hilgers.ag
- ***************************************************************************/
-
-/***************************************************************************
- * *
- * This program is free software; you can redistribute it and/or modify *
- * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; either version 2 of the License, or *
- * (at your option) any later version. *
- * *
- ***************************************************************************/
-
-#include "sockethandler.h"
-#include "logfile.h"
-#include "params.h"
-#include "utils.h"
-
-#include <netdb.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <errno.h>
-
-#ifndef INADDR_NONE
-#define INADDR_NONE ((unsigned long) -1)
-#endif
-#ifndef AF_LOCAL
-#define AF_LOCAL AF_UNIX
-#endif
-
-//Create Server Socket
-bool SocketHandler::CreateServer( int portT, in_addr_t bind_addrT )
-{
- int i = 1;
-
- my_s_addr.sin_addr.s_addr = bind_addrT;
- my_s_addr.sin_port = htons(portT);
-
- if ( (sock_fd = socket( AF_INET, SOCK_STREAM, 0 )) < 0 )
- {
- LogFile::ErrorMessage("socket() failed: %s\n", strerror(errno));
- return false;
- }
-
- // Enable re-use Socket
- if ( setsockopt( sock_fd, SOL_SOCKET, SO_REUSEADDR, &i, sizeof(i) ) < 0 )
- {
- LogFile::ErrorMessage("setsockopt() failed: %s\n", strerror(errno));
- return false;
- }
-
- if ( ::bind( sock_fd, (struct sockaddr *) &my_s_addr, sizeof(my_s_addr) ) < 0 )
- {
- LogFile::ErrorMessage("bind() failed: %s\n", strerror(errno));
- return false;
- }
-
- if ( ::listen( sock_fd, MAXCONNECTIONS ) < 0 )
- {
- LogFile::ErrorMessage("listen() failed: %s\n", strerror(errno));
- return false;
- }
-
- return true;
-}
-
-
-//Create Server Socket, convert ASCII address representation into binary one
-bool SocketHandler::CreateServer( int portT, string bind_addrT )
-{
- if ( bind_addrT == "" )
- {
- return CreateServer( portT, INADDR_ANY );
- }
- else
- {
- return CreateServer( portT, inet_addr( Params::GetConfigString("BIND_ADDRESS").c_str() ) );
- }
-}
-
-
-//Connect to Server
-bool SocketHandler::ConnectToServer()
-{
- if ( (sock_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0 )
- {
- LogFile::ErrorMessage("ConnectToServer socket() failed: %s\n", strerror(errno));
- return false;
- }
-
- if ( source_address != "" )
- {
- if ( ::bind(sock_fd, (struct sockaddr *) &l_addr, sizeof(l_addr)) < 0 )
- {
- LogFile::ErrorMessage("ConnectoToServer bind() failed: %s\n", strerror(errno));
- Close();
- return false;
- }
- }
-
- int flags, ret;
-
- //Nonblocking connect to get a proper timeout
- while ( (flags = fcntl(sock_fd, F_GETFL, 0)) < 0 )
- {
- if (errno == EINTR) continue;
-
- LogFile::ErrorMessage("ConnectToServer fcntl() get failed: %s\n", strerror(errno));
- Close();
- return false;
- }
- while ( fcntl(sock_fd, F_SETFL, flags | O_NONBLOCK) < 0 )
- {
- if (errno == EINTR) continue;
-
- LogFile::ErrorMessage("ConnectToServer fcntl() O_NONBLOCK failed: %s\n", strerror(errno));
- Close();
- return false;
- }
-
- while ( (ret = ::connect(sock_fd, (struct sockaddr *) &my_s_addr, sizeof(my_s_addr))) < 0 )
- {
- if (errno == EINTR) continue;
-
- if (errno != EINPROGRESS)
- {
- if (errno != EINVAL) LogFile::ErrorMessage("connect() failed: %s\n", strerror(errno));
- Close();
- return false;
- }
-
- break;
- }
-
- if ( ret != 0 )
- {
- FD_ZERO(&checkfd);
- FD_SET(sock_fd,&checkfd);
- wset = checkfd;
-
- Timeout.tv_sec = CONNTIMEOUT;
- Timeout.tv_usec = 0;
-
- ret = select_eintr(sock_fd+1, &checkfd, &wset, NULL, &Timeout);
-
- if ( ret <= 0 )
- {
- Close();
- return false;
- }
-
- addr_len = sizeof(peer_addr);
-
- if ( getpeername(sock_fd, (struct sockaddr *) &peer_addr, (socklen_t *) &addr_len) < 0 )
- {
- Close();
- return false;
- }
- }
-
- while ( fcntl(sock_fd, F_SETFL, flags) < 0 )
- {
- if (errno == EINTR) continue;
-
- LogFile::ErrorMessage("ConnectToServer fcntl() set failed: %s\n", strerror(errno));
- Close();
- return false;
- }
-
- return true;
-}
-
-
-bool SocketHandler::ConnectToSocket( string SocketPath, int retry )
-{
- strncpy(my_u_addr.sun_path, SocketPath.c_str(), sizeof(my_u_addr.sun_path)-1);
-
- if ( (sock_fd = socket(AF_LOCAL, SOCK_STREAM, 0)) < 0 )
- {
- LogFile::ErrorMessage("ConnectToSocket socket() failed: %s\n", strerror(errno));
- return false;
- }
-
- int tries = 0;
- int ret;
-
- for(;;)
- {
- while ( (ret = ::connect(sock_fd, (struct sockaddr *) &my_u_addr, sizeof(my_u_addr))) < 0 )
- {
- if (errno == EINTR) continue;
-
- if (errno != ENOENT) LogFile::ErrorMessage("ConnectToSocket connect() failed: %s\n", strerror(errno));
- break;
- }
-
- //Success?
- if ( ret == 0 ) return true;
-
- //All retried?
- if ( ++tries > retry ) break;
-
- //Try again in one second
- sleep(1);
- continue;
- }
-
- Close();
- return false;
-}
-
-
-//Accept Client
-bool SocketHandler::AcceptClient( SocketHandler &accept_socketT )
-{
- addr_len = sizeof(my_s_addr);
-
- while ((accept_socketT.sock_fd = ::accept(sock_fd, (sockaddr *) &my_s_addr, (socklen_t *) &addr_len)) < 0)
- {
- if (errno == EINTR) continue;
-
- LogFile::ErrorMessage("accept() failed: %s\n", strerror(errno));
-
- return false;
- }
-
- //Save IP to ToBrowser
- accept_socketT.my_s_addr = my_s_addr;
-
- return true;
-}
-
-//Send String
-bool SocketHandler::Send( const char *sock_outT, int len )
-{
- int total_sent = 0;
- int ret, buffer_count;
-
- do
- {
- Timeout.tv_sec = SENDTIMEOUT;
- Timeout.tv_usec = 0;
- FD_ZERO(&checkfd);
- FD_SET(sock_fd,&checkfd);
-
- ret = select_eintr(sock_fd+1, NULL, &checkfd, NULL, &Timeout);
-
- if (ret <= 0)
- {
- return false;
- }
-
- while ((buffer_count = ::send(sock_fd, sock_outT + total_sent, len - total_sent, 0)) < 0)
- {
- if (errno == EINTR) continue;
-
- return false;
- }
- if (buffer_count == 0)
- {
- return false;
- }
-
- total_sent += buffer_count;
- }
- while (total_sent < len);
-
- return true;
-}
-
-//Send String
-bool SocketHandler::Send( string &sock_outT )
-{
- int total_sent = 0;
- int len = sock_outT.size();
- int ret, buffer_count;
-
- do
- {
- Timeout.tv_sec = SENDTIMEOUT;
- Timeout.tv_usec = 0;
- FD_ZERO(&checkfd);
- FD_SET(sock_fd,&checkfd);
-
- ret = select_eintr(sock_fd+1, NULL, &checkfd, NULL, &Timeout);
-
- if (ret <= 0)
- {
- return false;
- }
-
- while ((buffer_count = ::send(sock_fd, sock_outT.substr(total_sent).c_str(), len - total_sent, 0)) < 0)
- {
- if (errno == EINTR) continue;
-
- return false;
- }
- if (buffer_count == 0)
- {
- return false;
- }
-
- total_sent += buffer_count;
- }
- while (total_sent < len);
-
- return true;
-}
-
-
-//Receive String - Maximal MAXRECV
-//sock_del = false : Do not delete Data from Socket
-ssize_t SocketHandler::Recv( string &sock_inT, bool sock_delT, int timeout )
-{
- if ( RecvBuf.size() > 0 )
- {
- sock_inT.append( RecvBuf );
-
- if ( sock_delT == true )
- {
- ssize_t tempsize = RecvBuf.size();
-
- RecvBuf = "";
-
- return tempsize;
- }
-
- return RecvBuf.size();
- }
-
- char buffer[MAXRECV+1];
- ssize_t buffer_count;
- int ret;
-
- if ( timeout != -1 )
- {
- Timeout.tv_sec = timeout;
- }
- else
- {
- Timeout.tv_sec = RECVTIMEOUT;
- }
- Timeout.tv_usec = 0;
-
- FD_ZERO(&checkfd);
- FD_SET(sock_fd,&checkfd);
-
- ret = select_eintr(sock_fd+1, &checkfd, NULL, NULL, &Timeout);
-
- if (ret <= 0)
- {
- return -1;
- }
-
- while ((buffer_count = ::recv(sock_fd, buffer, MAXRECV, 0)) < 0)
- {
- if (errno == EINTR) continue;
-
- return -1;
- }
-
- if ( sock_delT == false )
- {
- RecvBuf.append( buffer, buffer_count );
- }
-
- if ( buffer_count == 0 )
- {
- return 0;
- }
-
- sock_inT.append( buffer, buffer_count );
-
- return buffer_count;
-}
-
-
-//Receive String of length sock_length
-bool SocketHandler::RecvLength( string &sock_inT, unsigned int sock_lengthT )
-{
- if ( RecvBuf.size() >= sock_lengthT )
- {
- sock_inT.append( RecvBuf.substr( 0, sock_lengthT ) );
-
- RecvBuf.erase( 0, sock_lengthT );
-
- return true;
- }
-
- char buffer[MAXRECV+1];
- ssize_t buffer_count;
- unsigned int received = 0;
-
- if ( RecvBuf.size() > 0 )
- {
- sock_inT.append( RecvBuf );
- received += RecvBuf.size();
-
- RecvBuf = "";
- }
-
- for(;;)
- {
- Timeout.tv_sec = RECVTIMEOUT;
- Timeout.tv_usec = 0;
-
- FD_ZERO(&checkfd);
- FD_SET(sock_fd,&checkfd);
-
- int ret = select_eintr(sock_fd+1, &checkfd, NULL, NULL, &Timeout);
-
- if ( ret <= 0 )
- {
- return false;
- }
-
- while ((buffer_count = ::recv(sock_fd, buffer, MAXRECV, 0)) < 0 && errno == EINTR);
-
- if ( buffer_count < 1 )
- {
- return false;
- }
-
- if ( received + buffer_count >= sock_lengthT )
- {
- string Rest;
- Rest.append( buffer, buffer_count );
-
- unsigned int needed = sock_lengthT - received;
-
- sock_inT.append( Rest.substr( 0, needed ) );
- if ( Rest.size() > needed ) RecvBuf.append( Rest.substr( needed ) );
-
- return true;
- }
-
- sock_inT.append( buffer, buffer_count );
- received += buffer_count;
- }
-
- return true;
-}
-
-
-//Wait and get something from socket until separator
-bool SocketHandler::GetLine( string &lineT, string separator, int timeout )
-{
- lineT = "";
-
- string TempLine;
- string::size_type Position;
-
- do
- {
- if ( Recv( TempLine, false, timeout ) == false )
- {
- return false;
- }
- }
- while ( (Position = TempLine.find( separator )) == string::npos );
-
- TempLine = "";
-
- if ( RecvLength( TempLine, Position + separator.size() ) == false )
- {
- return false;
- }
-
- lineT = TempLine.erase( Position );
-
- return true;
-}
-
-
-//Resolve and set hostname/port for connecting
-bool SocketHandler::SetDomainAndPort( string domainT, int portT )
-{
- if ( domainT == "" ) return false;
- if ( portT < 1 || portT > 65536 ) return false;
-
- int domlen = domainT.length();
-
- if (domlen > 250) domainT = domainT.substr(0, 250);
- my_s_addr.sin_port = htons(portT);
-
- //IP?
- if ( domlen >= 7 && domlen <= 15 && domainT.find_first_not_of("0123456789.") == string::npos )
- {
- LastHost = "";
- if ( inet_aton( domainT.c_str(), &my_s_addr.sin_addr ) != 0 ) return true;
- return false;
- }
-
- //Same host as last time, use next IP
- if ( server && LastHost == domainT )
- {
- if ( ips == 1 ) return true;
-
- if ( ++ip_count == ips ) ip_count = 0;
- memcpy((char *) &my_s_addr.sin_addr.s_addr, server->h_addr_list[ip_count], server->h_length);
-
- return true;
- }
-
- //Resolve host
- if ( (server = gethostbyname( domainT.c_str() )) )
- {
- //Count IPs
- for ( ips = 0; server->h_addr_list[ips] != NULL && server->h_addrtype == AF_INET && ips != 16; ips++ );
-
- if ( !ips ) return false;
-
- memcpy((char *) &my_s_addr.sin_addr.s_addr, server->h_addr_list[0], server->h_length);
-
- ip_count = 0;
- LastHost = domainT;
-
- return true;
- }
-
- LastHost = "";
- return false;
-}
-
-int SocketHandler::IPCount()
-{
- return ips;
-}
-
-string SocketHandler::GetIP()
-{
- string ip = inet_ntoa(my_s_addr.sin_addr);
- return ip;
-}
-
-bool SocketHandler::CheckForData( int timeout )
-{
- if ( RecvBuf.size() > 0 )
- {
- return true;
- }
-
- int ret;
-
- Timeout.tv_sec = timeout;
- Timeout.tv_usec = 0;
-
- FD_ZERO(&checkfd);
- FD_SET(sock_fd,&checkfd);
-
- ret = select_eintr(sock_fd+1, &checkfd, NULL, NULL, &Timeout);
-
- if (ret <= 0)
- {
- return false;
- }
-
- return true;
-}
-
-
-#ifdef SSLTUNNEL
-int SocketHandler::CheckForSSLData( int sockBrowser, int sockServer )
-{
- fd_set readfd;
- int fds;
-
- FD_ZERO(&readfd);
- FD_SET(sockBrowser,&readfd);
- FD_SET(sockServer,&readfd);
-
- if ( sockBrowser > sockServer )
- {
- fds = sockBrowser;
- }
- else
- {
- fds = sockServer;
- }
-
- Timeout.tv_sec = 20;
- Timeout.tv_usec = 0;
-
- int ret = select_eintr(fds+1, &readfd, NULL, NULL, &Timeout);
-
- if (ret <= 0) return 0;
-
- if (FD_ISSET(sockBrowser,&readfd)) return 1;
-
- return 2;
-}
-#endif
-
-
-void SocketHandler::Close()
-{
- //Clear receive buffer
- RecvBuf = "";
-
- //Check that we have a real fd
- if ( sock_fd > -1 )
- {
- while ( ::close(sock_fd) < 0 )
- {
- if (errno == EINTR) continue;
- if (errno == EBADF) break;
-
- //IO error?
- LogFile::ErrorMessage("close() failed: %s\n", strerror(errno));
- }
-
- //Mark socket unused
- sock_fd = -1;
- }
-}
-
-
-//Constructor
-SocketHandler::SocketHandler()
-{
- memset(&my_s_addr, 0, sizeof(my_s_addr));
- my_s_addr.sin_family = AF_INET;
-
- memset(&my_u_addr, 0, sizeof(my_u_addr));
- my_u_addr.sun_family = AF_LOCAL;
-
- ip_count = 0;
- ips = 0;
-
- //No socket exists yet
- sock_fd = -1;
-
- source_address = Params::GetConfigString("SOURCE_ADDRESS");
-
- if ( source_address != "" )
- {
- l_addr.sin_family = AF_INET;
- l_addr.sin_port = htons(0);
- l_addr.sin_addr.s_addr = inet_addr( source_address.c_str() );
- }
-
- RecvBuf.reserve(1500);
- RecvBuf = "";
-}
-
-
-//Destructor
-SocketHandler::~SocketHandler()
-{
-}
--- a/.pc/applied-patches Wed Jun 18 16:19:01 2014 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,3 +0,0 @@
-03_havp.config.patch
-04_params.cpp.patch
-05_add_ssltimeout_option.patch
--- a/etc/havp/havp.config.in Wed Jun 18 16:19:01 2014 +0200
+++ b/etc/havp/havp.config.in Wed Jun 18 16:33:18 2014 +0200
@@ -16,7 +16,7 @@
# You must remove this line for HAVP to start.
# This makes sure you have (hopefully) reviewed the configuration. :)
# Hint: You must enable some scanner! Find them in the end..
-# REMOVETHISLINE deleteme
+REMOVETHISLINE deleteme
#
# For reasons of security it is recommended to run a proxy program
@@ -113,7 +113,7 @@
# These characters are used by system to create unique named files.
#
# Default:
-# SCANTEMPFILE /var/spool/havp/havp-XXXXXX
+# SCANTEMPFILE /var/tmp/havp/havp-XXXXXX
#
# Directory for ClamAV and other scanner created tempfiles.
@@ -237,13 +237,6 @@
# Default:
# FAILSCANERROR true
-# SSL connections may be silent for a while (mostly when "abused"
-# for other communication than HTTP). HAVP disconnects these connections
-# after several seconds.
-#
-# Default:
-# SSLTIMEOUT 20
-
#
# When scanning takes longer than this, it will be aborted.
# Timer is started after HAVP has fully received all data.
@@ -255,13 +248,6 @@
# Default:
# SCANNERTIMEOUT 10
-# SSL connections may be silent for a while (mostly when "abused"
-# for other communication than HTTP). HAVP disconnects these connections
-# after several seconds.
-#
-# Default:
-# SSLTIMEOUT 20
-
#
# Allow HTTP Range requests?
#
@@ -442,14 +428,14 @@
##### ClamAV Library Scanner (libclamav)
#####
-ENABLECLAMLIB true
+ENABLECLAMLIB false
# HAVP uses libclamav hardcoded pattern directory, which usually is
-# /usr/share/clamav. You only need to set CLAMDBDIR, if you are
+# /usr/local/share/clamav. You only need to set CLAMDBDIR, if you are
# using non-default DatabaseDirectory setting in clamd.conf.
#
# Default: NONE
-# CLAMDBDIR /var/lib/clamav
+# CLAMDBDIR /path/to/directory
# Should we block broken executables?
#
@@ -675,3 +661,4 @@
# Default: NONE
# DRWEBSERVER 127.0.0.1
# DRWEBPORT 3000
+
--- a/havp/default.h.in Wed Jun 18 16:19:01 2014 +0200
+++ b/havp/default.h.in Wed Jun 18 16:33:18 2014 +0200
@@ -36,7 +36,6 @@
"USESYSLOG","SYSLOGNAME","SYSLOGFACILITY","SYSLOGLEVEL","SYSLOGVIRUSLEVEL","IGNOREVIRUS", \
"DISPLAYINITIALMESSAGES","DBRELOAD","SCANTEMPFILE","TEMPLATEPATH","DISABLELOCKINGFOR", \
"PARENTPROXY","PARENTPORT","MAXSERVERS","FORWARDED_IP","X_FORWARDED_FOR","FAILSCANERROR", \
- "SSLTIMEOUT", \
"MAXDOWNLOADSIZE","SCANNERTIMEOUT","STREAMUSERAGENT","STREAMSCANSIZE","SCANIMAGES", \
"SKIPMIME","SCANMIME", \
"ENABLECLAMLIB","CLAMDBDIR","CLAMBLOCKBROKEN","CLAMBLOCKMAX","CLAMBLOCKENCRYPTED", \
--- a/havp/params.cpp Wed Jun 18 16:19:01 2014 +0200
+++ b/havp/params.cpp Wed Jun 18 16:33:18 2014 +0200
@@ -70,8 +70,8 @@
SetConfig("WHITELIST", WHITELISTFILE);
SetConfig("BLACKLIST", BLACKLISTFILE);
SetConfig("TEMPLATEPATH", TEMPLATEPATH);
- SetConfig("TEMPDIR", "/var/spool/havp");
- SetConfig("SCANTEMPFILE", "/var/spool/havp/havp-XXXXXX");
+ SetConfig("TEMPDIR", "/var/tmp");
+ SetConfig("SCANTEMPFILE", "/var/tmp/havp/havp-XXXXXX");
SetConfig("PIDFILE", PIDFILE);
SetConfig("TRANSPARENT", "false");
SetConfig("RANGE", "false");
@@ -86,7 +86,6 @@
SetConfig("SCANNERTIMEOUT", "10");
SetConfig("IGNOREVIRUS", "");
SetConfig("DISABLELOCKINGFOR","AVG:ALL");
- SetConfig("SSLTIMEOUT", "20");
//SCANNERS
SetConfig("ENABLECLAMLIB","false");
SetConfig("CLAMDBDIR","");
--- a/havp/sockethandler.cpp Wed Jun 18 16:19:01 2014 +0200
+++ b/havp/sockethandler.cpp Wed Jun 18 16:33:18 2014 +0200
@@ -582,7 +582,7 @@
fds = sockServer;
}
- Timeout.tv_sec = Params::GetConfigInt("SSLTIMEOUT");
+ Timeout.tv_sec = 20;
Timeout.tv_usec = 0;
int ret = select_eintr(fds+1, &readfd, NULL, NULL, &Timeout);