webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-23 17:32:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

squidclamav: Remove package from IPFire as agreed in dev video call 3rd Jul 2023

Browse Source 
- Removal of lfs file
- Removal of rootfile
- Removal of backup includes file
- Removal of three patches
- Removal of paks files
- Adjustment of make.sh to remove squidclamav

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
This commit is contained in:
Adolf Belka
2023-07-04 15:08:19 +02:00
committed by Peter Müller
parent bf99f427ca
commit a6039dc9d1
11 changed files with 0 additions and 469 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/backup/includes/squidclamav
View File

@@ -1 +0,0 @@
/etc/squidclamav.conf

14
config/rootfiles/packages/squidclamav
View File

@@ -1,14 +0,0 @@
etc/squidclamav.conf
usr/bin/squidclamav
#usr/libexec/squidclamav
#usr/libexec/squidclamav/clwarn.cgi
#usr/libexec/squidclamav/clwarn.cgi.de_DE
#usr/libexec/squidclamav/clwarn.cgi.en_EN
#usr/libexec/squidclamav/clwarn.cgi.fr_FR
#usr/libexec/squidclamav/clwarn.cgi.pt_BR
#usr/libexec/squidclamav/clwarn.cgi.ru_RU
#usr/share/man/man1/squidclamav.1
#usr/share/squidclamav
#usr/share/squidclamav/README
var/ipfire/backup/addons/includes/squidclamav
srv/web/ipfire/html/clwarn.cgi

39
config/squidclamav/squidclamav.conf
View File

@@ -1,39 +0,0 @@
squid_ip 127.0.0.1
squid_port 800
#
logfile /var/log/squid/squidclamav.log
redirect http://127.0.0.1:81/clwarn.cgi
#
debug 0
stat 0
#
clamd_local /var/run/clamav/clamd
#clamd_ip 192.168.1.5
#clamd_port 3310
#
maxsize 5000000
maxredir 30
timeout 60
trust_cache 1
#
# Do not scan standard HTTP images
abort ^.*\.(ico|gif|png|jpg)$
abortcontent ^image\/.*$
#
# Do not scan text and javascript files
abort ^.*\.(css|xml|xsl|js|html|jsp)$
abortcontent ^text\/.*$
abortcontent ^application\/x-javascript$
#
# Do not scan streaming videos
abortcontent ^video\/mp4$
abortcontent ^video\/x-flv$
#
# Do not scan pdf and flash
#abort ^.*\.(pdf|swf)$
#
# Do not scan sequence of framed Microsoft Media Server (MMS) data packets
abortcontent ^.*application\/x-mms-framed.*$
#
# White list some sites
whitelist .*\.clamav.net

95
lfs/squidclamav
View File

@@ -1,95 +0,0 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
SUMMARY = Antivirus redirector for Squid based on ClamAv
VER = 5.11
THISAPP = squidclamav-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = squidclamav
PAK_VER = 22
DEPS = clamav
SERVICES =
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_BLAKE2 = 5f180f49685df355c1f142beac6f10161830b6e274cc9efac81564010f751edead9afce6118ddb5308297b6d3eb621f97a567b4f9cf096e08df833f70e03d24f
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
b2 : $(subst %,%_BLAKE2,$(objects))
dist:
@$(PAK)
###############################################################################
# Downloading, checking, b2sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_BLAKE2,$(objects)) :
@$(B2SUM)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
$(UPDATE_AUTOMAKE)
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squidclamav-5.11-dont_use_ipv6.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squidclamav-5.11-squid-helper-protocol.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squidclamav-5.11-source-address-parsing-issue.patch
cd $(DIR_APP) && ./configure --prefix=/usr
cd $(DIR_APP) && make install
install -v -m 664 $(DIR_CONF)/squidclamav/squidclamav.conf /etc/squidclamav.conf
chown -v root:nobody /etc/squidclamav.conf
install -v -m 644 $(DIR_SRC)/config/backup/includes/squidclamav /var/ipfire/backup/addons/includes/squidclamav
chmod 755 /srv/web/ipfire/html/clwarn.cgi
@rm -rf $(DIR_APP)
@$(POSTBUILD)

1
make.sh
View File

@@ -1532,7 +1532,6 @@ buildipfire() {
lfsmake2 perl-Authen-SASL
lfsmake2 perl-MIME-Lite
lfsmake2 perl-Email-Date-Format
lfsmake2 squidclamav
lfsmake2 vnstat
lfsmake2 iw
lfsmake2 wpa_supplicant

27
src/paks/squidclamav/install.sh
View File

@@ -1,27 +0,0 @@
#!/bin/bash
############################################################################
# #
# This file is part of the IPFire Firewall. #
# #
# IPFire is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2 of the License, or #
# (at your option) any later version. #
# #
# IPFire is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with IPFire; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
# #
# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
# #
############################################################################
#
. /opt/pakfire/lib/functions.sh
extract_files
restore_backup ${NAME}
/etc/init.d/squid restart

28
src/paks/squidclamav/uninstall.sh
View File

@@ -1,28 +0,0 @@
#!/bin/bash
############################################################################
# #
# This file is part of the IPFire Firewall. #
# #
# IPFire is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2 of the License, or #
# (at your option) any later version. #
# #
# IPFire is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with IPFire; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
# #
# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
# #
############################################################################
#
. /opt/pakfire/lib/functions.sh
/etc/init.d/squid stop
make_backup ${NAME}
remove_files
/etc/init.d/squid start

53
src/paks/squidclamav/update.sh
View File

@@ -1,53 +0,0 @@
#!/bin/bash
############################################################################
# #
# This file is part of the IPFire Firewall. #
# #
# IPFire is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2 of the License, or #
# (at your option) any later version. #
# #
# IPFire is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with IPFire; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
# #
# Copyright (C) 2010 IPFire-Team <info@ipfire.org>. #
# #
############################################################################
#
. /opt/pakfire/lib/functions.sh
./uninstall.sh
extract_files
VERSION=$(cat /opt/pakfire/db/installed/meta-squidclamav | grep Release | cut -d" " -f2)
if [ "$VERSION" -gt "10" ]; then
restore_backup ${NAME}
fi
if [ "$VERSION" -lt "11" ]; then
sed -e "s|logfile.*|logfile /var/log/squid/squidclamav.log|g" /etc/squidclamav.conf
fi
if [ "$VERSION" -lt "16" ]; then
sed -i /etc/squidclamav.conf \
-e "s/proxy none//g" \
-e "s/^#squid_ip 127\.0\.0\.1/squid_ip 127\.0\.0\.1/g" \
-e "s/^#squid_port 3128/squid_port 800/g" \
-e "s/^#trust_cache 1/trust_cache 1/g"
# Fix permissions.
chmod 664 /etc/squidclamav.conf
chown root.nobody /etc/squidclamav.conf
# Regenerate configuration files.
perl /srv/web/ipfire/cgi-bin/proxy.cgi
fi
/etc/init.d/squid restart

13
src/patches/squidclamav-5.11-dont_use_ipv6.patch
View File

@@ -1,13 +0,0 @@
diff -Nur a/src/squidclamav.c b/src/squidclamav.c
--- a/src/squidclamav.c 2012-10-29 09:46:06.000000000 +0100
+++ b/src/squidclamav.c 2013-07-06 19:10:56.375292374 +0200
@@ -413,6 +413,9 @@
/* Suppress error: SSL certificate problem, verify that the CA cert is OK */
curl_easy_setopt (eh, CURLOPT_SSL_VERIFYHOST, 0);
curl_easy_setopt (eh, CURLOPT_SSL_VERIFYPEER, 0);
+
+ /* Prevent squidclamav from using IPv6 - fix by Nico Prenzel */
+ curl_easy_setopt (eh, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
}
}
/* create a squidguard child process and setup pipes */

13
src/patches/squidclamav-5.11-source-address-parsing-issue.patch
View File

@@ -1,13 +0,0 @@
--- squidclamav-5.11/src/pattern.c~ 2014-10-29 13:08:05.658143495 +0000
+++ squidclamav-5.11/src/pattern.c 2014-10-29 13:08:20.964642365 +0000
@@ -151,10 +151,6 @@
return 1;
}
- /* extract source ipaddress and source fqdn */
- if (parseSourceAddress(in_buff.src_address, "/") != 0) {
- }
-
if (debug != 0)
logit(log_file, "DEBUG Parsed request: %s %s/%s %s %s\n", in_buff.url, in_buff.ipaddress, in_buff.fqdn, in_buff.ident, in_buff.method);

185
src/patches/squidclamav-5.11-squid-helper-protocol.patch
View File

@@ -1,185 +0,0 @@
diff -Naur squidclamav-5.11.org/src/squidclamav.c squidclamav-5.11/src/squidclamav.c
--- squidclamav-5.11.org/src/squidclamav.c 2012-10-29 09:46:06.000000000 +0100
+++ squidclamav-5.11/src/squidclamav.c 2014-06-03 12:26:36.215696508 +0200
@@ -483,7 +483,7 @@
aren't appropriate, then just echo back the line from stdin */
if (buff_status == 1) {
logit(log_file, "DEBUG Invalid input buffer, aborting: %s\n", sbuff);
- puts("");
+ puts("BH message=\"Invalid input buffer\"");
fflush(stdout);
continue;
}
@@ -496,7 +496,7 @@
logit(log_file, "DEBUG No squidguard and no antivir check (TRUSTUSER match) for user: %s\n", in_buff.ident);
if (statit == 1)
timeit(g_start, "Total");
- puts("");
+ puts("ERR message=\"TRUSTUSER match\"");
fflush(stdout);
continue;
}
@@ -508,7 +508,7 @@
logit(log_file, "DEBUG No squidguard and no antivir check (TRUSTCLIENT match) for address: %s/%s\n",in_buff.ipaddress, in_buff.fqdn);
if (statit == 1)
timeit(g_start, "Total");
- puts("");
+ puts("ERR message=\"TRUSTCLIENT match\"");
fflush(stdout);
continue;
}
@@ -520,7 +520,7 @@
logit(log_file, "DEBUG No squidguard and no antivir check (WHITELIST match) for url: %s\n", in_buff.url);
if (statit == 1)
timeit(g_start, "Total");
- puts("");
+ puts("ERR message=\"WHITLIST match\"");
fflush(stdout);
continue;
}
@@ -536,7 +536,7 @@
if ((sockd = dconnect ()) < 0)
{
logit(log_file, "ERROR Can't connect to Clamd daemon, fallback to Squid.\n");
- puts("");
+ puts("BH message=\"Cannot connect to clamd\"");
fflush(stdout);
continue;
}
@@ -546,7 +546,7 @@
if (write (sockd, "zINSTREAM", 10) <= 0)
{
logit(log_file, "ERROR Can't write to Clamd socket.\n");
- puts("");
+ puts("BG message=\"Cannot write to clamd socket\"");
fflush(stdout);
continue;
}
@@ -614,8 +614,7 @@
logit(log_file, "Squid Cache purged of url %s.\n", in_buff.url);
}
}
- fprintf (stdout, "%s %s %s %s\n", urlredir,
- in_buff.src_address, in_buff.ident, in_buff.method);
+ fprintf (stdout, "OK rewrite-url=\"%s\"\n", urlredir);
fflush(stdout);
xfree(urlredir);
if (debug != 0)
@@ -675,7 +674,7 @@
continue operation (so that Squid still works!),
we simply echo stdin to stdout - i.e. "bridge mode" :-) */
if (bridge_mode == 1) {
- puts("");
+ puts("ERR message=\"brigde mode\"");
fflush(stdout);
continue;
}
@@ -685,7 +684,7 @@
if (buff_status == -1) {
if (debug > 2)
logit(log_file, "DEBUG method is not GET skipping virus scan.\n");
- puts("");
+ puts("ERR message=\"method is not GET skipping virus scan\"");
fflush(stdout);
continue;
}
@@ -699,7 +698,7 @@
timeit(g_start, "Total");
/* no replacement for the URL was found */
- puts("");
+ puts("ERR message=\"ABORT match\"");
fflush(stdout);
continue;
@@ -750,7 +749,7 @@
logit(log_file, "DEBUG HIT Cache found, trust cache enabled, skipping...\n");
if (statit == 1)
timeit(g_start, "Total");
- puts("");
+ puts("ERR message=\"cache hit found\"");
fflush(stdout);
continue;
}
@@ -762,7 +761,7 @@
logit(log_file, "ERROR No content length from url %s\n", in_buff.url);
if (statit == 1)
timeit(g_start, "Total");
- puts("");
+ puts("ERR message=\"no content length from URL\"");
fflush(stdout);
continue;
}
@@ -775,7 +774,7 @@
logit(log_file, "DEBUG No antivir check (Content length is upper than maxsize): %'.2f > %'.2f\n", usize, maxsize);
if (statit == 1)
timeit(g_start, "Total");
- puts("");
+ puts("ERR message=\"content length is upper than maxsize\"");
fflush(stdout);
continue;
}
@@ -787,7 +786,7 @@
in_buff.url);
if (statit == 1)
timeit(g_start, "Total");
- puts("");
+ puts("ERR message=\"no content type from URL\"");
fflush(stdout);
continue;
}
@@ -799,7 +798,7 @@
logit(log_file, "DEBUG No antivir check (ABORTCONTENT match) for content-type: %s\n", content_type);
if (statit == 1)
timeit(g_start, "Total");
- puts("");
+ puts("ERR message=\"ABORTCONTENT match\"");
fflush(stdout);
continue;
}
@@ -814,7 +813,7 @@
if ((sockd = dconnect ()) < 0)
{
logit(log_file, "ERROR Can't connect to Clamd daemon, fallback to Squid.\n");
- puts("");
+ puts("BH message=\"cannot connect clamd daemon\"");
fflush(stdout);
continue;
}
@@ -824,7 +823,7 @@
if (write (sockd, "zINSTREAM", 10) <= 0)
{
logit(log_file, "ERROR Can't write to Clamd socket.\n");
- puts("");
+ puts("BH message=\"cannot write to clamd socket\"");
fflush(stdout);
continue;
}
@@ -844,7 +843,7 @@
close (sockd);
if (debug > 1)
logit(log_file, "DEBUG Connection to clamd closed.\n");
- puts("");
+ puts("ERR message=\"connection to clamd closed\"");
fflush(stdout);
if (statit == 1)
timeit(g_start, "Total");
@@ -892,8 +891,7 @@
logit(log_file, "Squid Cache purged of url %s.\n", in_buff.url);
}
}
- fprintf (stdout, "%s %s %s %s\n", urlredir,
- in_buff.src_address, in_buff.ident, in_buff.method);
+ fprintf (stdout, "OK rewrite-url=\"%s\"\n", urlredir);
fflush(stdout);
xfree(urlredir);
if (debug != 0)
@@ -911,7 +909,7 @@
if (virusfound == 0) {
if (debug != 0)
logit(log_file, "DEBUG No virus detected.\n");
- puts("");
+ puts("ERR message=\"no virus detected\"");
fflush(stdout);
}
}