[PATCH] squidclamav: Remove package from IPFire as agreed in dev video call 3rd Jul 2023
- Removal of lfs file - Removal of rootfile - Removal of backup includes file - Removal of three patches - Removal of paks files - Adjustment of make.sh to remove squidclamav
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/backup/includes/squidclamav | 1 - config/rootfiles/packages/squidclamav | 14 -- config/squidclamav/squidclamav.conf | 39 ---- lfs/squidclamav | 95 --------- make.sh | 1 - src/paks/squidclamav/install.sh | 27 --- src/paks/squidclamav/uninstall.sh | 28 --- src/paks/squidclamav/update.sh | 53 ----- .../squidclamav-5.11-dont_use_ipv6.patch | 13 -- ...av-5.11-source-address-parsing-issue.patch | 13 -- ...uidclamav-5.11-squid-helper-protocol.patch | 185 ------------------ 11 files changed, 469 deletions(-) delete mode 100644 config/backup/includes/squidclamav delete mode 100644 config/rootfiles/packages/squidclamav delete mode 100644 config/squidclamav/squidclamav.conf delete mode 100644 lfs/squidclamav delete mode 100644 src/paks/squidclamav/install.sh delete mode 100644 src/paks/squidclamav/uninstall.sh delete mode 100644 src/paks/squidclamav/update.sh delete mode 100644 src/patches/squidclamav-5.11-dont_use_ipv6.patch delete mode 100644 src/patches/squidclamav-5.11-source-address-parsing-issue.patch delete mode 100644 src/patches/squidclamav-5.11-squid-helper-protocol.patch
diff --git a/config/backup/includes/squidclamav b/config/backup/includes/squidclamav deleted file mode 100644 index bacc23b67..000000000 --- a/config/backup/includes/squidclamav +++ /dev/null @@ -1 +0,0 @@ -/etc/squidclamav.conf diff --git a/config/rootfiles/packages/squidclamav b/config/rootfiles/packages/squidclamav deleted file mode 100644 index 5976a0c47..000000000 --- a/config/rootfiles/packages/squidclamav +++ /dev/null @@ -1,14 +0,0 @@ -etc/squidclamav.conf -usr/bin/squidclamav -#usr/libexec/squidclamav -#usr/libexec/squidclamav/clwarn.cgi -#usr/libexec/squidclamav/clwarn.cgi.de_DE -#usr/libexec/squidclamav/clwarn.cgi.en_EN -#usr/libexec/squidclamav/clwarn.cgi.fr_FR -#usr/libexec/squidclamav/clwarn.cgi.pt_BR -#usr/libexec/squidclamav/clwarn.cgi.ru_RU -#usr/share/man/man1/squidclamav.1 -#usr/share/squidclamav -#usr/share/squidclamav/README -var/ipfire/backup/addons/includes/squidclamav -srv/web/ipfire/html/clwarn.cgi diff --git a/config/squidclamav/squidclamav.conf b/config/squidclamav/squidclamav.conf deleted file mode 100644 index 2b8f5dc02..000000000 --- a/config/squidclamav/squidclamav.conf +++ /dev/null @@ -1,39 +0,0 @@ -squid_ip 127.0.0.1 -squid_port 800 -# -logfile /var/log/squid/squidclamav.log -redirect http://127.0.0.1:81/clwarn.cgi -# -debug 0 -stat 0 -# -clamd_local /var/run/clamav/clamd -#clamd_ip 192.168.1.5 -#clamd_port 3310 -# -maxsize 5000000 -maxredir 30 -timeout 60 -trust_cache 1 -# -# Do not scan standard HTTP images -abort ^.*.(ico|gif|png|jpg)$ -abortcontent ^image/.*$ -# -# Do not scan text and javascript files -abort ^.*.(css|xml|xsl|js|html|jsp)$ -abortcontent ^text/.*$ -abortcontent ^application/x-javascript$ -# -# Do not scan streaming videos -abortcontent ^video/mp4$ -abortcontent ^video/x-flv$ -# -# Do not scan pdf and flash -#abort ^.*.(pdf|swf)$ -# -# Do not scan sequence of framed Microsoft Media Server (MMS) data packets -abortcontent ^.*application/x-mms-framed.*$ -# -# White list some sites -whitelist .*.clamav.net diff --git a/lfs/squidclamav b/lfs/squidclamav deleted file mode 100644 index 06133c5de..000000000 --- a/lfs/squidclamav +++ /dev/null @@ -1,95 +0,0 @@ -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -############################################################################### -# Definitions -############################################################################### - -include Config - -SUMMARY = Antivirus redirector for Squid based on ClamAv - -VER = 5.11 - -THISAPP = squidclamav-$(VER) -DL_FILE = $(THISAPP).tar.gz -DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/$(THISAPP) -TARGET = $(DIR_INFO)/$(THISAPP) -PROG = squidclamav -PAK_VER = 22 - -DEPS = clamav - -SERVICES = - -############################################################################### -# Top-level Rules -############################################################################### - -objects = $(DL_FILE) - -$(DL_FILE) = $(DL_FROM)/$(DL_FILE) - -$(DL_FILE)_BLAKE2 = 5f180f49685df355c1f142beac6f10161830b6e274cc9efac81564010f751edead9afce6118ddb5308297b6d3eb621f97a567b4f9cf096e08df833f70e03d24f - -install : $(TARGET) - -check : $(patsubst %,$(DIR_CHK)/%,$(objects)) - -download :$(patsubst %,$(DIR_DL)/%,$(objects)) - -b2 : $(subst %,%_BLAKE2,$(objects)) - -dist: - @$(PAK) - -############################################################################### -# Downloading, checking, b2sum -############################################################################### - -$(patsubst %,$(DIR_CHK)/%,$(objects)) : - @$(CHECK) - -$(patsubst %,$(DIR_DL)/%,$(objects)) : - @$(LOAD) - -$(subst %,%_BLAKE2,$(objects)) : - @$(B2SUM) - -############################################################################### -# Installation Details -############################################################################### - -$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) - @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - $(UPDATE_AUTOMAKE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squidclamav-5.11-dont_use_ipv6.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squidclamav-5.11-squid-helper-protocol.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squidclamav-5.11-source-address-parsing-issue.patch - cd $(DIR_APP) && ./configure --prefix=/usr - cd $(DIR_APP) && make install - install -v -m 664 $(DIR_CONF)/squidclamav/squidclamav.conf /etc/squidclamav.conf - chown -v root:nobody /etc/squidclamav.conf - install -v -m 644 $(DIR_SRC)/config/backup/includes/squidclamav /var/ipfire/backup/addons/includes/squidclamav - chmod 755 /srv/web/ipfire/html/clwarn.cgi - @rm -rf $(DIR_APP) - @$(POSTBUILD) diff --git a/make.sh b/make.sh index db9ee9a97..57b6c6f15 100755 --- a/make.sh +++ b/make.sh @@ -1532,7 +1532,6 @@ buildipfire() { lfsmake2 perl-Authen-SASL lfsmake2 perl-MIME-Lite lfsmake2 perl-Email-Date-Format - lfsmake2 squidclamav lfsmake2 vnstat lfsmake2 iw lfsmake2 wpa_supplicant diff --git a/src/paks/squidclamav/install.sh b/src/paks/squidclamav/install.sh deleted file mode 100644 index 42bd5ba36..000000000 --- a/src/paks/squidclamav/install.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -############################################################################ -# # -# This file is part of the IPFire Firewall. # -# # -# IPFire is free software; you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation; either version 2 of the License, or # -# (at your option) any later version. # -# # -# IPFire is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with IPFire; if not, write to the Free Software # -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -# # -# Copyright (C) 2007 IPFire-Team info@ipfire.org. # -# # -############################################################################ -# -. /opt/pakfire/lib/functions.sh -extract_files -restore_backup ${NAME} -/etc/init.d/squid restart diff --git a/src/paks/squidclamav/uninstall.sh b/src/paks/squidclamav/uninstall.sh deleted file mode 100644 index d2aa435e3..000000000 --- a/src/paks/squidclamav/uninstall.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -############################################################################ -# # -# This file is part of the IPFire Firewall. # -# # -# IPFire is free software; you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation; either version 2 of the License, or # -# (at your option) any later version. # -# # -# IPFire is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with IPFire; if not, write to the Free Software # -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -# # -# Copyright (C) 2007 IPFire-Team info@ipfire.org. # -# # -############################################################################ -# -. /opt/pakfire/lib/functions.sh -/etc/init.d/squid stop -make_backup ${NAME} -remove_files -/etc/init.d/squid start diff --git a/src/paks/squidclamav/update.sh b/src/paks/squidclamav/update.sh deleted file mode 100644 index 43760856c..000000000 --- a/src/paks/squidclamav/update.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash -############################################################################ -# # -# This file is part of the IPFire Firewall. # -# # -# IPFire is free software; you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation; either version 2 of the License, or # -# (at your option) any later version. # -# # -# IPFire is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with IPFire; if not, write to the Free Software # -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -# # -# Copyright (C) 2010 IPFire-Team info@ipfire.org. # -# # -############################################################################ -# -. /opt/pakfire/lib/functions.sh -./uninstall.sh -extract_files - -VERSION=$(cat /opt/pakfire/db/installed/meta-squidclamav | grep Release | cut -d" " -f2) - -if [ "$VERSION" -gt "10" ]; then - restore_backup ${NAME} -fi - -if [ "$VERSION" -lt "11" ]; then - sed -e "s|logfile.*|logfile /var/log/squid/squidclamav.log|g" /etc/squidclamav.conf -fi - -if [ "$VERSION" -lt "16" ]; then - sed -i /etc/squidclamav.conf \ - -e "s/proxy none//g" \ - -e "s/^#squid_ip 127.0.0.1/squid_ip 127.0.0.1/g" \ - -e "s/^#squid_port 3128/squid_port 800/g" \ - -e "s/^#trust_cache 1/trust_cache 1/g" - - # Fix permissions. - chmod 664 /etc/squidclamav.conf - chown root.nobody /etc/squidclamav.conf - - # Regenerate configuration files. - perl /srv/web/ipfire/cgi-bin/proxy.cgi -fi - -/etc/init.d/squid restart diff --git a/src/patches/squidclamav-5.11-dont_use_ipv6.patch b/src/patches/squidclamav-5.11-dont_use_ipv6.patch deleted file mode 100644 index 45889625f..000000000 --- a/src/patches/squidclamav-5.11-dont_use_ipv6.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -Nur a/src/squidclamav.c b/src/squidclamav.c ---- a/src/squidclamav.c 2012-10-29 09:46:06.000000000 +0100 -+++ b/src/squidclamav.c 2013-07-06 19:10:56.375292374 +0200 -@@ -413,6 +413,9 @@ - /* Suppress error: SSL certificate problem, verify that the CA cert is OK */ - curl_easy_setopt (eh, CURLOPT_SSL_VERIFYHOST, 0); - curl_easy_setopt (eh, CURLOPT_SSL_VERIFYPEER, 0); -+ -+ /* Prevent squidclamav from using IPv6 - fix by Nico Prenzel */ -+ curl_easy_setopt (eh, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); - } - } - /* create a squidguard child process and setup pipes */ diff --git a/src/patches/squidclamav-5.11-source-address-parsing-issue.patch b/src/patches/squidclamav-5.11-source-address-parsing-issue.patch deleted file mode 100644 index 4031c733d..000000000 --- a/src/patches/squidclamav-5.11-source-address-parsing-issue.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- squidclamav-5.11/src/pattern.c~ 2014-10-29 13:08:05.658143495 +0000 -+++ squidclamav-5.11/src/pattern.c 2014-10-29 13:08:20.964642365 +0000 -@@ -151,10 +151,6 @@ - return 1; - } - -- /* extract source ipaddress and source fqdn */ -- if (parseSourceAddress(in_buff.src_address, "/") != 0) { -- } -- - if (debug != 0) - logit(log_file, "DEBUG Parsed request: %s %s/%s %s %s\n", in_buff.url, in_buff.ipaddress, in_buff.fqdn, in_buff.ident, in_buff.method); - diff --git a/src/patches/squidclamav-5.11-squid-helper-protocol.patch b/src/patches/squidclamav-5.11-squid-helper-protocol.patch deleted file mode 100644 index e64bcafef..000000000 --- a/src/patches/squidclamav-5.11-squid-helper-protocol.patch +++ /dev/null @@ -1,185 +0,0 @@ -diff -Naur squidclamav-5.11.org/src/squidclamav.c squidclamav-5.11/src/squidclamav.c ---- squidclamav-5.11.org/src/squidclamav.c 2012-10-29 09:46:06.000000000 +0100 -+++ squidclamav-5.11/src/squidclamav.c 2014-06-03 12:26:36.215696508 +0200 -@@ -483,7 +483,7 @@ - aren't appropriate, then just echo back the line from stdin */ - if (buff_status == 1) { - logit(log_file, "DEBUG Invalid input buffer, aborting: %s\n", sbuff); -- puts(""); -+ puts("BH message="Invalid input buffer""); - fflush(stdout); - continue; - } -@@ -496,7 +496,7 @@ - logit(log_file, "DEBUG No squidguard and no antivir check (TRUSTUSER match) for user: %s\n", in_buff.ident); - if (statit == 1) - timeit(g_start, "Total"); -- puts(""); -+ puts("ERR message="TRUSTUSER match""); - fflush(stdout); - continue; - } -@@ -508,7 +508,7 @@ - logit(log_file, "DEBUG No squidguard and no antivir check (TRUSTCLIENT match) for address: %s/%s\n",in_buff.ipaddress, in_buff.fqdn); - if (statit == 1) - timeit(g_start, "Total"); -- puts(""); -+ puts("ERR message="TRUSTCLIENT match""); - fflush(stdout); - continue; - } -@@ -520,7 +520,7 @@ - logit(log_file, "DEBUG No squidguard and no antivir check (WHITELIST match) for url: %s\n", in_buff.url); - if (statit == 1) - timeit(g_start, "Total"); -- puts(""); -+ puts("ERR message="WHITLIST match""); - fflush(stdout); - continue; - } -@@ -536,7 +536,7 @@ - if ((sockd = dconnect ()) < 0) - { - logit(log_file, "ERROR Can't connect to Clamd daemon, fallback to Squid.\n"); -- puts(""); -+ puts("BH message="Cannot connect to clamd""); - fflush(stdout); - continue; - } -@@ -546,7 +546,7 @@ - if (write (sockd, "zINSTREAM", 10) <= 0) - { - logit(log_file, "ERROR Can't write to Clamd socket.\n"); -- puts(""); -+ puts("BG message="Cannot write to clamd socket""); - fflush(stdout); - continue; - } -@@ -614,8 +614,7 @@ - logit(log_file, "Squid Cache purged of url %s.\n", in_buff.url); - } - } -- fprintf (stdout, "%s %s %s %s\n", urlredir, -- in_buff.src_address, in_buff.ident, in_buff.method); -+ fprintf (stdout, "OK rewrite-url="%s"\n", urlredir); - fflush(stdout); - xfree(urlredir); - if (debug != 0) -@@ -675,7 +674,7 @@ - continue operation (so that Squid still works!), - we simply echo stdin to stdout - i.e. "bridge mode" :-) */ - if (bridge_mode == 1) { -- puts(""); -+ puts("ERR message="brigde mode""); - fflush(stdout); - continue; - } -@@ -685,7 +684,7 @@ - if (buff_status == -1) { - if (debug > 2) - logit(log_file, "DEBUG method is not GET skipping virus scan.\n"); -- puts(""); -+ puts("ERR message="method is not GET skipping virus scan""); - fflush(stdout); - continue; - } -@@ -699,7 +698,7 @@ - timeit(g_start, "Total"); - - /* no replacement for the URL was found */ -- puts(""); -+ puts("ERR message="ABORT match""); - fflush(stdout); - continue; - -@@ -750,7 +749,7 @@ - logit(log_file, "DEBUG HIT Cache found, trust cache enabled, skipping...\n"); - if (statit == 1) - timeit(g_start, "Total"); -- puts(""); -+ puts("ERR message="cache hit found""); - fflush(stdout); - continue; - } -@@ -762,7 +761,7 @@ - logit(log_file, "ERROR No content length from url %s\n", in_buff.url); - if (statit == 1) - timeit(g_start, "Total"); -- puts(""); -+ puts("ERR message="no content length from URL""); - fflush(stdout); - continue; - } -@@ -775,7 +774,7 @@ - logit(log_file, "DEBUG No antivir check (Content length is upper than maxsize): %'.2f > %'.2f\n", usize, maxsize); - if (statit == 1) - timeit(g_start, "Total"); -- puts(""); -+ puts("ERR message="content length is upper than maxsize""); - fflush(stdout); - continue; - } -@@ -787,7 +786,7 @@ - in_buff.url); - if (statit == 1) - timeit(g_start, "Total"); -- puts(""); -+ puts("ERR message="no content type from URL""); - fflush(stdout); - continue; - } -@@ -799,7 +798,7 @@ - logit(log_file, "DEBUG No antivir check (ABORTCONTENT match) for content-type: %s\n", content_type); - if (statit == 1) - timeit(g_start, "Total"); -- puts(""); -+ puts("ERR message="ABORTCONTENT match""); - fflush(stdout); - continue; - } -@@ -814,7 +813,7 @@ - if ((sockd = dconnect ()) < 0) - { - logit(log_file, "ERROR Can't connect to Clamd daemon, fallback to Squid.\n"); -- puts(""); -+ puts("BH message="cannot connect clamd daemon""); - fflush(stdout); - continue; - } -@@ -824,7 +823,7 @@ - if (write (sockd, "zINSTREAM", 10) <= 0) - { - logit(log_file, "ERROR Can't write to Clamd socket.\n"); -- puts(""); -+ puts("BH message="cannot write to clamd socket""); - fflush(stdout); - continue; - } -@@ -844,7 +843,7 @@ - close (sockd); - if (debug > 1) - logit(log_file, "DEBUG Connection to clamd closed.\n"); -- puts(""); -+ puts("ERR message="connection to clamd closed""); - fflush(stdout); - if (statit == 1) - timeit(g_start, "Total"); -@@ -892,8 +891,7 @@ - logit(log_file, "Squid Cache purged of url %s.\n", in_buff.url); - } - } -- fprintf (stdout, "%s %s %s %s\n", urlredir, -- in_buff.src_address, in_buff.ident, in_buff.method); -+ fprintf (stdout, "OK rewrite-url="%s"\n", urlredir); - fflush(stdout); - xfree(urlredir); - if (debug != 0) -@@ -911,7 +909,7 @@ - if (virusfound == 0) { - if (debug != 0) - logit(log_file, "DEBUG No virus detected.\n"); -- puts(""); -+ puts("ERR message="no virus detected""); - fflush(stdout); - } - }
Reviewed-by: Peter Müller peter.mueller@ipfire.org
- Removal of lfs file
- Removal of rootfile
- Removal of backup includes file
- Removal of three patches
- Removal of paks files
- Adjustment of make.sh to remove squidclamav
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
config/backup/includes/squidclamav | 1 - config/rootfiles/packages/squidclamav | 14 -- config/squidclamav/squidclamav.conf | 39 ---- lfs/squidclamav | 95 --------- make.sh | 1 - src/paks/squidclamav/install.sh | 27 --- src/paks/squidclamav/uninstall.sh | 28 --- src/paks/squidclamav/update.sh | 53 ----- .../squidclamav-5.11-dont_use_ipv6.patch | 13 -- ...av-5.11-source-address-parsing-issue.patch | 13 -- ...uidclamav-5.11-squid-helper-protocol.patch | 185 ------------------ 11 files changed, 469 deletions(-) delete mode 100644 config/backup/includes/squidclamav delete mode 100644 config/rootfiles/packages/squidclamav delete mode 100644 config/squidclamav/squidclamav.conf delete mode 100644 lfs/squidclamav delete mode 100644 src/paks/squidclamav/install.sh delete mode 100644 src/paks/squidclamav/uninstall.sh delete mode 100644 src/paks/squidclamav/update.sh delete mode 100644 src/patches/squidclamav-5.11-dont_use_ipv6.patch delete mode 100644 src/patches/squidclamav-5.11-source-address-parsing-issue.patch delete mode 100644 src/patches/squidclamav-5.11-squid-helper-protocol.patch
diff --git a/config/backup/includes/squidclamav b/config/backup/includes/squidclamav deleted file mode 100644 index bacc23b67..000000000 --- a/config/backup/includes/squidclamav +++ /dev/null @@ -1 +0,0 @@ -/etc/squidclamav.conf diff --git a/config/rootfiles/packages/squidclamav b/config/rootfiles/packages/squidclamav deleted file mode 100644 index 5976a0c47..000000000 --- a/config/rootfiles/packages/squidclamav +++ /dev/null @@ -1,14 +0,0 @@ -etc/squidclamav.conf -usr/bin/squidclamav -#usr/libexec/squidclamav -#usr/libexec/squidclamav/clwarn.cgi -#usr/libexec/squidclamav/clwarn.cgi.de_DE -#usr/libexec/squidclamav/clwarn.cgi.en_EN -#usr/libexec/squidclamav/clwarn.cgi.fr_FR -#usr/libexec/squidclamav/clwarn.cgi.pt_BR -#usr/libexec/squidclamav/clwarn.cgi.ru_RU -#usr/share/man/man1/squidclamav.1 -#usr/share/squidclamav -#usr/share/squidclamav/README -var/ipfire/backup/addons/includes/squidclamav -srv/web/ipfire/html/clwarn.cgi diff --git a/config/squidclamav/squidclamav.conf b/config/squidclamav/squidclamav.conf deleted file mode 100644 index 2b8f5dc02..000000000 --- a/config/squidclamav/squidclamav.conf +++ /dev/null @@ -1,39 +0,0 @@ -squid_ip 127.0.0.1 -squid_port 800 -# -logfile /var/log/squid/squidclamav.log -redirect http://127.0.0.1:81/clwarn.cgi -# -debug 0 -stat 0 -# -clamd_local /var/run/clamav/clamd -#clamd_ip 192.168.1.5 -#clamd_port 3310 -# -maxsize 5000000 -maxredir 30 -timeout 60 -trust_cache 1 -# -# Do not scan standard HTTP images -abort ^.*.(ico|gif|png|jpg)$ -abortcontent ^image/.*$ -# -# Do not scan text and javascript files -abort ^.*.(css|xml|xsl|js|html|jsp)$ -abortcontent ^text/.*$ -abortcontent ^application/x-javascript$ -# -# Do not scan streaming videos -abortcontent ^video/mp4$ -abortcontent ^video/x-flv$ -# -# Do not scan pdf and flash -#abort ^.*.(pdf|swf)$ -# -# Do not scan sequence of framed Microsoft Media Server (MMS) data packets -abortcontent ^.*application/x-mms-framed.*$ -# -# White list some sites -whitelist .*.clamav.net diff --git a/lfs/squidclamav b/lfs/squidclamav deleted file mode 100644 index 06133c5de..000000000 --- a/lfs/squidclamav +++ /dev/null @@ -1,95 +0,0 @@ -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -###############################################################################
-############################################################################### -# Definitions -###############################################################################
-include Config
-SUMMARY = Antivirus redirector for Squid based on ClamAv
-VER = 5.11
-THISAPP = squidclamav-$(VER) -DL_FILE = $(THISAPP).tar.gz -DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/$(THISAPP) -TARGET = $(DIR_INFO)/$(THISAPP) -PROG = squidclamav -PAK_VER = 22
-DEPS = clamav
-SERVICES =
-############################################################################### -# Top-level Rules -###############################################################################
-objects = $(DL_FILE)
-$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 5f180f49685df355c1f142beac6f10161830b6e274cc9efac81564010f751edead9afce6118ddb5308297b6d3eb621f97a567b4f9cf096e08df833f70e03d24f
-install : $(TARGET)
-check : $(patsubst %,$(DIR_CHK)/%,$(objects))
-download :$(patsubst %,$(DIR_DL)/%,$(objects))
-b2 : $(subst %,%_BLAKE2,$(objects))
-dist:
- @$(PAK)
-############################################################################### -# Downloading, checking, b2sum -###############################################################################
-$(patsubst %,$(DIR_CHK)/%,$(objects)) :
- @$(CHECK)
-$(patsubst %,$(DIR_DL)/%,$(objects)) :
- @$(LOAD)
-$(subst %,%_BLAKE2,$(objects)) :
- @$(B2SUM)
-############################################################################### -# Installation Details -###############################################################################
-$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
- @$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- $(UPDATE_AUTOMAKE)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squidclamav-5.11-dont_use_ipv6.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squidclamav-5.11-squid-helper-protocol.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squidclamav-5.11-source-address-parsing-issue.patch
- cd $(DIR_APP) && ./configure --prefix=/usr
- cd $(DIR_APP) && make install
- install -v -m 664 $(DIR_CONF)/squidclamav/squidclamav.conf /etc/squidclamav.conf
- chown -v root:nobody /etc/squidclamav.conf
- install -v -m 644 $(DIR_SRC)/config/backup/includes/squidclamav /var/ipfire/backup/addons/includes/squidclamav
- chmod 755 /srv/web/ipfire/html/clwarn.cgi
- @rm -rf $(DIR_APP)
- @$(POSTBUILD)
diff --git a/make.sh b/make.sh index db9ee9a97..57b6c6f15 100755 --- a/make.sh +++ b/make.sh @@ -1532,7 +1532,6 @@ buildipfire() { lfsmake2 perl-Authen-SASL lfsmake2 perl-MIME-Lite lfsmake2 perl-Email-Date-Format
- lfsmake2 squidclamav lfsmake2 vnstat lfsmake2 iw lfsmake2 wpa_supplicant
diff --git a/src/paks/squidclamav/install.sh b/src/paks/squidclamav/install.sh deleted file mode 100644 index 42bd5ba36..000000000 --- a/src/paks/squidclamav/install.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -############################################################################ -# # -# This file is part of the IPFire Firewall. # -# # -# IPFire is free software; you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation; either version 2 of the License, or # -# (at your option) any later version. # -# # -# IPFire is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with IPFire; if not, write to the Free Software # -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -# # -# Copyright (C) 2007 IPFire-Team info@ipfire.org. # -# # -############################################################################ -# -. /opt/pakfire/lib/functions.sh -extract_files -restore_backup ${NAME} -/etc/init.d/squid restart diff --git a/src/paks/squidclamav/uninstall.sh b/src/paks/squidclamav/uninstall.sh deleted file mode 100644 index d2aa435e3..000000000 --- a/src/paks/squidclamav/uninstall.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -############################################################################ -# # -# This file is part of the IPFire Firewall. # -# # -# IPFire is free software; you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation; either version 2 of the License, or # -# (at your option) any later version. # -# # -# IPFire is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with IPFire; if not, write to the Free Software # -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -# # -# Copyright (C) 2007 IPFire-Team info@ipfire.org. # -# # -############################################################################ -# -. /opt/pakfire/lib/functions.sh -/etc/init.d/squid stop -make_backup ${NAME} -remove_files -/etc/init.d/squid start diff --git a/src/paks/squidclamav/update.sh b/src/paks/squidclamav/update.sh deleted file mode 100644 index 43760856c..000000000 --- a/src/paks/squidclamav/update.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash -############################################################################ -# # -# This file is part of the IPFire Firewall. # -# # -# IPFire is free software; you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation; either version 2 of the License, or # -# (at your option) any later version. # -# # -# IPFire is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with IPFire; if not, write to the Free Software # -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -# # -# Copyright (C) 2010 IPFire-Team info@ipfire.org. # -# # -############################################################################ -# -. /opt/pakfire/lib/functions.sh -./uninstall.sh -extract_files
-VERSION=$(cat /opt/pakfire/db/installed/meta-squidclamav | grep Release | cut -d" " -f2)
-if [ "$VERSION" -gt "10" ]; then
- restore_backup ${NAME}
-fi
-if [ "$VERSION" -lt "11" ]; then
- sed -e "s|logfile.*|logfile /var/log/squid/squidclamav.log|g" /etc/squidclamav.conf
-fi
-if [ "$VERSION" -lt "16" ]; then
- sed -i /etc/squidclamav.conf \
-e "s/proxy none//g" \-e "s/^#squid_ip 127\.0\.0\.1/squid_ip 127\.0\.0\.1/g" \-e "s/^#squid_port 3128/squid_port 800/g" \-e "s/^#trust_cache 1/trust_cache 1/g"- # Fix permissions.
- chmod 664 /etc/squidclamav.conf
- chown root.nobody /etc/squidclamav.conf
- # Regenerate configuration files.
- perl /srv/web/ipfire/cgi-bin/proxy.cgi
-fi
-/etc/init.d/squid restart diff --git a/src/patches/squidclamav-5.11-dont_use_ipv6.patch b/src/patches/squidclamav-5.11-dont_use_ipv6.patch deleted file mode 100644 index 45889625f..000000000 --- a/src/patches/squidclamav-5.11-dont_use_ipv6.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -Nur a/src/squidclamav.c b/src/squidclamav.c ---- a/src/squidclamav.c 2012-10-29 09:46:06.000000000 +0100 -+++ b/src/squidclamav.c 2013-07-06 19:10:56.375292374 +0200 -@@ -413,6 +413,9 @@
/* Suppress error: SSL certificate problem, verify that the CA cert is OK */curl_easy_setopt (eh, CURLOPT_SSL_VERIFYHOST, 0);curl_easy_setopt (eh, CURLOPT_SSL_VERIFYPEER, 0);-+ -+ /* Prevent squidclamav from using IPv6 - fix by Nico Prenzel */ -+ curl_easy_setopt (eh, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
- }
- }
- /* create a squidguard child process and setup pipes */
diff --git a/src/patches/squidclamav-5.11-source-address-parsing-issue.patch b/src/patches/squidclamav-5.11-source-address-parsing-issue.patch deleted file mode 100644 index 4031c733d..000000000 --- a/src/patches/squidclamav-5.11-source-address-parsing-issue.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- squidclamav-5.11/src/pattern.c~ 2014-10-29 13:08:05.658143495 +0000 -+++ squidclamav-5.11/src/pattern.c 2014-10-29 13:08:20.964642365 +0000 -@@ -151,10 +151,6 @@
return 1;- }
-- /* extract source ipaddress and source fqdn */ -- if (parseSourceAddress(in_buff.src_address, "/") != 0) {
-- }
- if (debug != 0)
- logit(log_file, "DEBUG Parsed request: %s %s/%s %s %s\n", in_buff.url, in_buff.ipaddress, in_buff.fqdn, in_buff.ident, in_buff.method);
diff --git a/src/patches/squidclamav-5.11-squid-helper-protocol.patch b/src/patches/squidclamav-5.11-squid-helper-protocol.patch deleted file mode 100644 index e64bcafef..000000000 --- a/src/patches/squidclamav-5.11-squid-helper-protocol.patch +++ /dev/null @@ -1,185 +0,0 @@ -diff -Naur squidclamav-5.11.org/src/squidclamav.c squidclamav-5.11/src/squidclamav.c ---- squidclamav-5.11.org/src/squidclamav.c 2012-10-29 09:46:06.000000000 +0100 -+++ squidclamav-5.11/src/squidclamav.c 2014-06-03 12:26:36.215696508 +0200 -@@ -483,7 +483,7 @@
aren't appropriate, then just echo back the line from stdin */- if (buff_status == 1) {
logit(log_file, "DEBUG Invalid input buffer, aborting: %s\n", sbuff);-- puts(""); -+ puts("BH message="Invalid input buffer"");
fflush(stdout);continue;- }
-@@ -496,7 +496,7 @@
logit(log_file, "DEBUG No squidguard and no antivir check (TRUSTUSER match) for user: %s\n", in_buff.ident);if (statit == 1)timeit(g_start, "Total");-- puts(""); -+ puts("ERR message="TRUSTUSER match"");
fflush(stdout);continue;- }
-@@ -508,7 +508,7 @@
logit(log_file, "DEBUG No squidguard and no antivir check (TRUSTCLIENT match) for address: %s/%s\n",in_buff.ipaddress, in_buff.fqdn);if (statit == 1)timeit(g_start, "Total");-- puts(""); -+ puts("ERR message="TRUSTCLIENT match"");
fflush(stdout);continue;- }
-@@ -520,7 +520,7 @@
logit(log_file, "DEBUG No squidguard and no antivir check (WHITELIST match) for url: %s\n", in_buff.url);if (statit == 1)timeit(g_start, "Total");-- puts(""); -+ puts("ERR message="WHITLIST match"");
fflush(stdout);continue;- }
-@@ -536,7 +536,7 @@
if ((sockd = dconnect ()) < 0){logit(log_file, "ERROR Can't connect to Clamd daemon, fallback to Squid.\n");-- puts(""); -+ puts("BH message="Cannot connect to clamd"");
fflush(stdout);continue;}-@@ -546,7 +546,7 @@
if (write (sockd, "zINSTREAM", 10) <= 0){logit(log_file, "ERROR Can't write to Clamd socket.\n");-- puts(""); -+ puts("BG message="Cannot write to clamd socket"");
fflush(stdout);continue;}-@@ -614,8 +614,7 @@
logit(log_file, "Squid Cache purged of url %s.\n", in_buff.url);}}-- fprintf (stdout, "%s %s %s %s\n", urlredir, -- in_buff.src_address, in_buff.ident, in_buff.method); -+ fprintf (stdout, "OK rewrite-url="%s"\n", urlredir);
fflush(stdout);xfree(urlredir);if (debug != 0)-@@ -675,7 +674,7 @@
continue operation (so that Squid still works!),we simply echo stdin to stdout - i.e. "bridge mode" :-) */if (bridge_mode == 1) {-- puts(""); -+ puts("ERR message="brigde mode"");
fflush(stdout);continue;}-@@ -685,7 +684,7 @@
- if (buff_status == -1) {
if (debug > 2)logit(log_file, "DEBUG method is not GET skipping virus scan.\n");-- puts(""); -+ puts("ERR message="method is not GET skipping virus scan"");
fflush(stdout);continue;- }
-@@ -699,7 +698,7 @@
timeit(g_start, "Total");/* no replacement for the URL was found */-- puts(""); -+ puts("ERR message="ABORT match"");
fflush(stdout);continue;-@@ -750,7 +749,7 @@
logit(log_file, "DEBUG HIT Cache found, trust cache enabled, skipping...\n");if (statit == 1)timeit(g_start, "Total");-- puts(""); -+ puts("ERR message="cache hit found"");
fflush(stdout);continue;}-@@ -762,7 +761,7 @@
logit(log_file, "ERROR No content length from url %s\n", in_buff.url);if (statit == 1)timeit(g_start, "Total");-- puts(""); -+ puts("ERR message="no content length from URL"");
fflush(stdout);continue;}-@@ -775,7 +774,7 @@
logit(log_file, "DEBUG No antivir check (Content length is upper than maxsize): %'.2f > %'.2f\n", usize, maxsize);if (statit == 1)timeit(g_start, "Total");-- puts(""); -+ puts("ERR message="content length is upper than maxsize"");
fflush(stdout);continue;}-@@ -787,7 +786,7 @@
in_buff.url);if (statit == 1)timeit(g_start, "Total");-- puts(""); -+ puts("ERR message="no content type from URL"");
fflush(stdout);continue;}-@@ -799,7 +798,7 @@
logit(log_file, "DEBUG No antivir check (ABORTCONTENT match) for content-type: %s\n", content_type);if (statit == 1)timeit(g_start, "Total");-- puts(""); -+ puts("ERR message="ABORTCONTENT match"");
fflush(stdout);continue;}-@@ -814,7 +813,7 @@
if ((sockd = dconnect ()) < 0){logit(log_file, "ERROR Can't connect to Clamd daemon, fallback to Squid.\n");-- puts(""); -+ puts("BH message="cannot connect clamd daemon"");
fflush(stdout);continue;}-@@ -824,7 +823,7 @@
if (write (sockd, "zINSTREAM", 10) <= 0){logit(log_file, "ERROR Can't write to Clamd socket.\n");-- puts(""); -+ puts("BH message="cannot write to clamd socket"");
fflush(stdout);continue;}-@@ -844,7 +843,7 @@
close (sockd);if (debug > 1)logit(log_file, "DEBUG Connection to clamd closed.\n");-- puts(""); -+ puts("ERR message="connection to clamd closed"");
fflush(stdout);if (statit == 1)timeit(g_start, "Total");-@@ -892,8 +891,7 @@
logit(log_file, "Squid Cache purged of url %s.\n", in_buff.url);}}-- fprintf (stdout, "%s %s %s %s\n", urlredir, -- in_buff.src_address, in_buff.ident, in_buff.method); -+ fprintf (stdout, "OK rewrite-url="%s"\n", urlredir);
fflush(stdout);xfree(urlredir);if (debug != 0)-@@ -911,7 +909,7 @@
if (virusfound == 0) {if (debug != 0)logit(log_file, "DEBUG No virus detected.\n");-- puts(""); -+ puts("ERR message="no virus detected"");
fflush(stdout);}- }
-
Adolf Belka -
Peter Müller