upstream/opnsense-plugins
1
0
Fork 0
mirror of https://github.com/opnsense/plugins.git synced 2026-05-28 04:34:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security/clamav: add version 0.2 from master

Browse source
This commit is contained in:
Franco Fichtner 2017-08-10 13:21:13 +02:00
parent 20433aa2be
commit 7da490209e
21 changed files with 1038 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -53,6 +53,7 @@ sysutils/smart -- SMART tools
sysutils/vmware -- VMware tools
sysutils/xen -- Xen guest utilities
security/acme-client -- Let's Encrypt client
security/clamav -- Antivirus engine for detecting malicious threats
security/intrusion-detection-content-pt-open -- IDS PT Research ruleset (only for non-commercial use)
security/tinc -- Tinc VPN
www/web-proxy-sso -- Add SSO Active Directory to use in Proxy

8
security/clamav/Makefile Normal file
View file

@ -0,0 +1,8 @@
PLUGIN_NAME= clamav
PLUGIN_VERSION= 0.2
PLUGIN_COMMENT= Antivirus engine for detecting malicious threats
PLUGIN_DEPENDS= clamav
PLUGIN_MAINTAINER= m.muenz@gmail.com
PLUGIN_DEVEL= yes
.include "../../Mk/plugins.mk"

8
security/clamav/pkg-descr Normal file
View file

@ -0,0 +1,8 @@
ClamAV(r) is an open source (GPL) anti-virus engine used in a
variety of situations including email scanning, web scanning,
and end point security. It provides a number of utilities
including a flexible and scalable multi-threaded daemon,
a command line scanner and an advanced tool for automatic
database updates.
WWW: https://www.clamav.net/

62
security/clamav/src/etc/inc/plugins.inc.d/clamav.inc Normal file
View file

@ -0,0 +1,62 @@
<?php
/*
Copyright (C) 2017 Michael Muenz
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
function clamav_services()
{
global $config;
$services = array();
if (isset($config['OPNsense']['clamav']['general']['enabled']) && $config['OPNsense']['clamav']['general']['enabled'] == 1) {
$services[] = array(
'description' => gettext('ClamAV Daemon'),
'configd' => array(
'restart' => array('clamav restart'),
'start' => array('clamav start'),
'stop' => array('clamav stop'),
),
'name' => 'clamd',
'pidfile' => '/var/run/clamav/clamd.pid'
);
}
if (isset($config['OPNsense']['clamav']['freshclam']['enabled']) && $config['OPNsense']['clamav']['freshclam']['enabled'] == 1) {
$services[] = array(
'description' => gettext('freshclam daemon'),
'configd' => array(
'restart' => array('clamav restart'),
'start' => array('clamav start'),
'stop' => array('clamav stop'),
),
'name' => 'freshclam',
'pidfile' => '/var/run/clamav/freshclam.pid'
);
}
return $services;
}

77
security/clamav/src/opnsense/mvc/app/controllers/OPNsense/ClamAV/Api/GeneralController.php Normal file
View file

@ -0,0 +1,77 @@
<?php
/**
* Copyright (C) 2015 - 2017 Deciso B.V.
* Copyright (C) 2017 Michael Muenz
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
namespace OPNsense\ClamAV\Api;
use \OPNsense\Base\ApiControllerBase;
use \OPNsense\ClamAV\General;
use \OPNsense\Core\Config;
class GeneralController extends ApiControllerBase
{
public function getAction()
{
// define list of configurable settings
$result = array();
if ($this->request->isGet()) {
$mdlGeneral = new General();
$result['general'] = $mdlGeneral->getNodes();
}
return $result;
}
public function setAction()
{
$result = array("result"=>"failed");
if ($this->request->isPost()) {
// load model and update with provided data
$mdlGeneral = new General();
$mdlGeneral->setNodes($this->request->getPost("general"));
// perform validation
$valMsgs = $mdlGeneral->performValidation();
foreach ($valMsgs as $field => $msg) {
if (!array_key_exists("validations", $result)) {
$result["validations"] = array();
}
$result["validations"]["general.".$msg->getField()] = $msg->getMessage();
}
// serialize model to config and save
if ($valMsgs->count() == 0) {
$mdlGeneral->serializeToConfig();
Config::getInstance()->save();
$result["result"] = "saved";
}
}
return $result;
}
}

166
security/clamav/src/opnsense/mvc/app/controllers/OPNsense/ClamAV/Api/ServiceController.php Normal file
View file

@ -0,0 +1,166 @@
<?php
/**
* Copyright (C) 2015 - 2017 Deciso B.V.
* Copyright (C) 2017 Michael Muenz
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
namespace OPNsense\ClamAV\Api;
use \OPNsense\Base\ApiControllerBase;
use \OPNsense\Core\Backend;
use \OPNsense\ClamAV\General;
/**
* Class ServiceController
* @package OPNsense\ClamAV
*/
class ServiceController extends ApiControllerBase
{
/**
* load the initial signatures
* @return array
*/
public function freshclamAction()
{
if ($this->request->isPost()) {
$backend = new Backend();
$command = 'clamav freshclam';
if ($this->request->hasPost('action')) {
$command .= ' go';
}
$response = trim($backend->configdRun($command));
return array('status' => $response);
} else {
return array('status' => 'error');
}
}
/**
* start clamav service (in background)
* @return array
*/
public function startAction()
{
if ($this->request->isPost()) {
$backend = new Backend();
$response = $backend->configdRun("clamav start", true);
return array("response" => $response);
} else {
return array("response" => array());
}
}
/**
* stop clamav service
* @return array
*/
public function stopAction()
{
if ($this->request->isPost()) {
$backend = new Backend();
$response = $backend->configdRun("clamav stop");
return array("response" => $response);
} else {
return array("response" => array());
}
}
/**
* restart clamav service
* @return array
*/
public function restartAction()
{
if ($this->request->isPost()) {
$backend = new Backend();
$response = $backend->configdRun("clamav restart");
return array("response" => $response);
} else {
return array("response" => array());
}
}
/**
* retrieve status of clamav
* @return array
* @throws \Exception
*/
public function statusAction()
{
$backend = new Backend();
$mdlGeneral = new General();
$response = $backend->configdRun("clamav status");
if (strpos($response, "not running") > 0) {
if ($mdlGeneral->enabled->__toString() == 1) {
$status = "stopped";
} else {
$status = "disabled";
}
} elseif (strpos($response, "is running") > 0) {
$status = "running";
} elseif ($mdlGeneral->enabled->__toString() == 0) {
$status = "disabled";
} else {
$status = "unkown";
}
return array("status" => $status);
}
/**
* reconfigure clamav, generate config and reload
*/
public function reconfigureAction()
{
if ($this->request->isPost()) {
// close session for long running action
$this->sessionClose();
$mdlGeneral = new General();
$backend = new Backend();
$runStatus = $this->statusAction();
// stop clamav if it is running or not
$this->stopAction();
// generate template
$backend->configdRun('template reload OPNsense/ClamAV');
// (res)start daemon
if ($mdlGeneral->enabled->__toString() == 1) {
$this->startAction();
}
return array("status" => "ok");
} else {
return array("status" => "failed");
}
}
}

39
security/clamav/src/opnsense/mvc/app/controllers/OPNsense/ClamAV/GeneralController.php Normal file
View file

@ -0,0 +1,39 @@
<?php
/*
Copyright (C) 2017 Michael Muenz
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
namespace OPNsense\ClamAV;
class GeneralController extends \OPNsense\Base\IndexController
{
public function indexAction()
{
$this->view->title = gettext("ClamAV settings");
$this->view->generalForm = $this->getForm("general");
$this->view->pick('OPNsense/ClamAV/general');
}
}

180
security/clamav/src/opnsense/mvc/app/controllers/OPNsense/ClamAV/forms/general.xml Normal file
View file

@ -0,0 +1,180 @@
<form>
<field>
<id>general.enabled</id>
<label>Enable clamd service</label>
<type>checkbox</type>
<help>This will activate the clamd service.</help>
</field>
<field>
<id>general.fc_enabled</id>
<label>Enable freshclam service</label>
<type>checkbox</type>
<help>This will activate the freshclam service.</help>
</field>
<field>
<id>general.enabletcp</id>
<label>Enable TCP port</label>
<type>checkbox</type>
<help>This will enable TCP port 3310 in addition to the local socket.</help>
</field>
<field>
<id>general.maxthreads</id>
<label>Maximum number of threads running</label>
<type>text</type>
<help>Maximum number of threads running at the same time.</help>
</field>
<field>
<id>general.maxqueue</id>
<label>Maximum number of queued items</label>
<type>text</type>
<help>Maximum number of queued items (including those being processed by MaxThreads threads). It is recommended to have this value at least twice MaxThreads if possible.</help>
</field>
<field>
<id>general.idletimeout</id>
<label>Idle timeout</label>
<type>text</type>
<help>Waiting for a new job will timeout after this time in seconds.</help>
</field>
<field>
<id>general.maxdirrecursion</id>
<label>Max directory recursion</label>
<type>text</type>
<help>Maximum depth directories are scanned at.</help>
</field>
<field>
<id>general.followdirsym</id>
<label>Follow directory symlinks</label>
<type>checkbox</type>
</field>
<field>
<id>general.followfilesym</id>
<label>Follow regular file symlinks</label>
<type>checkbox</type>
</field>
<field>
<id>general.disablecache</id>
<label>Disable cache</label>
<type>checkbox</type>
<help>This option allows you to disable the caching feature of the engine.</help>
</field>
<field>
<id>general.scanpe</id>
<label>Scan portable executeable</label>
<type>checkbox</type>
<help>PE stands for Portable Executable - it's an executable file format used in all 32 and 64-bit versions of Windows operating systems.</help>
</field>
<field>
<id>general.scanelf</id>
<label>Scan executeable and linking format</label>
<type>checkbox</type>
<help>Executable and Linking Format is a standard format for UN*X executables.</help>
</field>
<field>
<id>general.detectbroken</id>
<label>Detect broken executables</label>
<type>checkbox</type>
<help>With this option clamav will try to detect broken executables (both PE and ELF) and mark them as Broken.</help>
</field>
<field>
<id>general.scanole2</id>
<label>Scan OLE2</label>
<type>checkbox</type>
<help>This option enables scanning of OLE2 files, such as Microsoft Office documents and .msi files.</help>
</field>
<field>
<id>general.ole2blockmarcros</id>
<label>OLE2 block macros</label>
<type>checkbox</type>
<help>With this option enabled OLE2 files with VBA macros, which were not detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".</help>
</field>
<field>
<id>general.scanpdf</id>
<label>Scan PDF files</label>
<type>checkbox</type>
<help>This option enables scanning within PDF files.</help>
</field>
<field>
<id>general.scanswf</id>
<label>Scan SWF</label>
<type>checkbox</type>
<help>This option enables scanning within SWF files.</help>
</field>
<field>
<id>general.scanxmldocs</id>
<label>Scan XMLDOCS</label>
<type>checkbox</type>
<help>This option enables scanning xml-based document files supported by libclamav.</help>
</field>
<field>
<id>general.scanhwp3</id>
<label>Scan HWP3</label>
<type>checkbox</type>
<help>This option enables scanning of HWP3 files.</help>
</field>
<field>
<id>general.scanmailfiles</id>
<label>Decode mail files</label>
<type>checkbox</type>
<help>If you turn off this option, the original files will still be scanned, but without parsing individual messages/attachments.</help>
</field>
<field>
<id>general.scanhtml</id>
<label>Scan HTML</label>
<type>checkbox</type>
<help>Perform HTML normalisation and decryption of MS Script Encoder code.</help>
</field>
<field>
<id>general.scanarchive</id>
<label>Scan archives</label>
<type>checkbox</type>
<help>ClamAV will scan within archives and compressed files.</help>
</field>
<field>
<id>general.arcblockenc</id>
<label>Block encrypted archive</label>
<type>checkbox</type>
<help>Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).</help>
</field>
<field>
<id>general.maxscansize</id>
<label>Max scan size</label>
<type>text</type>
<help>This option sets the maximum amount of data to be scanned for each input file. Archives and other containers are recursively extracted and scanned up to this value.</help>
</field>
<field>
<id>general.maxfilesize</id>
<label>Max file size</label>
<type>text</type>
<help>Files larger than this limit won't be scanned.</help>
</field>
<field>
<id>general.maxrecursion</id>
<label>Max recursion</label>
<type>text</type>
<help>Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR file, all files within it will also be scanned.</help>
</field>
<field>
<id>general.maxfiles</id>
<label>Max files</label>
<type>text</type>
<help>Number of files to be scanned within an archive, a document, or any other container file.</help>
</field>
<field>
<id>general.fc_logverbose</id>
<label>Freshclam log verbose</label>
<type>checkbox</type>
<help>Enable verbose logging.</help>
</field>
<field>
<id>general.fc_databasemirror</id>
<label>Freshclam database mirror</label>
<type>text</type>
<help>database.clamav.net is a round-robin record which points to the most reliable mirrors. DO NOT TOUCH the following line unless you know what you are doing.</help>
</field>
<field>
<id>general.fc_timeout</id>
<label>Freshclam connect timeout</label>
<type>text</type>
<help>Timeout in seconds when connecting to database server.</help>
</field>
</form>

9
security/clamav/src/opnsense/mvc/app/models/OPNsense/ClamAV/ACL/ACL.xml Normal file
View file

@ -0,0 +1,9 @@
<acl>
<page-services-clamav>
<name>Services: ClamAV</name>
<patterns>
<pattern>ui/clamav/*</pattern>
<pattern>api/clamav/*</pattern>
</patterns>
</page-services-clamav>
</acl>

35
security/clamav/src/opnsense/mvc/app/models/OPNsense/ClamAV/General.php Normal file
View file

@ -0,0 +1,35 @@
<?php
/*
Copyright (C) 2017 Michael Muenz
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
namespace OPNsense\ClamAV;
use OPNsense\Base\BaseModel;
class General extends BaseModel
{
}

127
security/clamav/src/opnsense/mvc/app/models/OPNsense/ClamAV/General.xml Normal file
View file

@ -0,0 +1,127 @@
<model>
<mount>//OPNsense/clamav/general</mount>
<description>ClamAV configuration</description>
<version>1.0.0</version>
<items>
<enabled type="BooleanField">
<default>0</default>
<Required>Y</Required>
</enabled>
<fc_enabled type="BooleanField">
<default>0</default>
<Required>Y</Required>
</fc_enabled>
<enabletcp type="BooleanField">
<default>0</default>
<Required>Y</Required>
</enabletcp>
<maxthreads type="IntegerField">
<default>10</default>
<Required>N</Required>
</maxthreads>
<maxqueue type="IntegerField">
<default>100</default>
<Required>N</Required>
</maxqueue>
<idletimeout type="IntegerField">
<default>30</default>
<Required>N</Required>
</idletimeout>
<maxdirrecursion type="IntegerField">
<default>20</default>
<Required>N</Required>
</maxdirrecursion>
<followdirsym type="BooleanField">
<default>0</default>
<Required>N</Required>
</followdirsym>
<followfilesym type="BooleanField">
<default>0</default>
<Required>N</Required>
</followfilesym>
<disablecache type="TextField">
<default>0</default>
<Required>N</Required>
</disablecache>
<scanpe type="BooleanField">
<default>1</default>
<Required>N</Required>
</scanpe>
<scanelf type="BooleanField">
<default>1</default>
<Required>N</Required>
</scanelf>
<detectbroken type="BooleanField">
<default>0</default>
<Required>N</Required>
</detectbroken>
<scanole2 type="BooleanField">
<default>1</default>
<Required>N</Required>
</scanole2>
<ole2blockmarcros type="BooleanField">
<default>0</default>
<Required>N</Required>
</ole2blockmarcros>
<scanpdf type="BooleanField">
<default>1</default>
<Required>N</Required>
</scanpdf>
<scanswf type="BooleanField">
<default>1</default>
<Required>N</Required>
</scanswf>
<scanxmldocs type="BooleanField">
<default>1</default>
<Required>N</Required>
</scanxmldocs>
<scanhwp3 type="BooleanField">
<default>1</default>
<Required>N</Required>
</scanhwp3>
<scanmailfiles type="BooleanField">
<default>1</default>
<Required>N</Required>
</scanmailfiles>
<scanhtml type="BooleanField">
<default>1</default>
<Required>N</Required>
</scanhtml>
<scanarchive type="BooleanField">
<default>1</default>
<Required>N</Required>
</scanarchive>
<arcblockenc type="BooleanField">
<default>0</default>
<Required>N</Required>
</arcblockenc>
<maxscansize type="TextField">
<default>100M</default>
<Required>N</Required>
</maxscansize>
<maxfilesize type="TextField">
<default>25M</default>
<Required>N</Required>
</maxfilesize>
<maxrecursion type="IntegerField">
<default>16</default>
<Required>N</Required>
</maxrecursion>
<maxfiles type="IntegerField">
<default>10000</default>
<Required>N</Required>
</maxfiles>
<fc_logverbose type="BooleanField">
<default>0</default>
<Required>N</Required>
</fc_logverbose>
<fc_databasemirror type="TextField">
<default>database.clamav.net</default>
<Required>Y</Required>
</fc_databasemirror>
<fc_timeout type="TextField">
<default>60</default>
<Required>Y</Required>
</fc_timeout>
</items>
</model>

5
security/clamav/src/opnsense/mvc/app/models/OPNsense/ClamAV/Menu/Menu.xml Normal file
View file

@ -0,0 +1,5 @@
<menu>
<Services>
<ClamAV cssClass="fa fa-stethoscope" url="/ui/clamav/general/index" />
</Services>
</menu>

102
security/clamav/src/opnsense/mvc/app/views/OPNsense/ClamAV/general.volt Normal file
View file

@ -0,0 +1,102 @@
{#
OPNsense® is Copyright © 2014 2017 by Deciso B.V.
This file is Copyright © 2017 by Michael Muenz
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
#}
<div class="alert alert-warning" role="alert" id="dl_sig_alert" style="display:none;min-height:65px;">
<button class="btn btn-primary pull-right" id="dl_sig" type="button">{{ lang._('Download signatures') }} <i id="dl_sig_progress"></i></button>
<div style="margin-top: 8px;">{{ lang._('No signature database found, please download before use. The download will take several minutes and this message will disappear when it has been completed. If you have memory file system enabled where /var is mounted into RAM you have to download this file with every reboot.')}}</div>
</div>
<div class="tab-content content-box tab-content">
<div id="general" class="tab-pane fade in active">
<div class="content-box" style="padding-bottom: 1.5em;">
{{ partial("layout_partials/base_form",['fields':generalForm,'id':'frm_general_settings'])}}
<hr />
<div class="col-md-12">
<button class="btn btn-primary" id="saveAct" type="button"><b>{{ lang._('Save') }}</b><i id="saveAct_progress" class=""></i></button>
</div>
</div>
</div>
</div>
<script type="text/javascript">
function timeoutCheck() {
ajaxCall(url="/api/clamav/service/freshclam", sendData={}, callback=function(data,status) {
if (data['status'] == 'done') {
$("#dl_sig_progress").removeClass("fa fa-spinner fa-pulse");
$("#dl_sig").prop("disabled", false);
$('#dl_sig_alert').hide();
} else {
setTimeout(timeoutCheck, 2500);
}
});
}
$( document ).ready(function() {
var data_get_map = {'frm_general_settings':"/api/clamav/general/get"};
mapDataToFormUI(data_get_map).done(function(data){
formatTokenizersUI();
$('.selectpicker').selectpicker('refresh');
});
ajaxCall(url="/api/clamav/service/status", sendData={}, callback=function(data,status) {
updateServiceStatusUI(data['status']);
});
ajaxCall(url="/api/clamav/service/freshclam", sendData={}, callback=function(data,status) {
if (data['status'] != 'done') {
if (data['status'] == 'running') {
$("#dl_sig_progress").addClass("fa fa-spinner fa-pulse");
$("#dl_sig").prop("disabled", true);
setTimeout(timeoutCheck, 2500);
}
$('#dl_sig_alert').show();
}
});
$("#saveAct").click(function(){
saveFormToEndpoint(url="/api/clamav/general/set", formid='frm_general_settings',callback_ok=function(){
$("#saveAct_progress").addClass("fa fa-spinner fa-pulse");
ajaxCall(url="/api/clamav/service/reconfigure", sendData={}, callback=function(data,status) {
ajaxCall(url="/api/clamav/service/status", sendData={}, callback=function(data,status) {
updateServiceStatusUI(data['status']);
});
$("#saveAct_progress").removeClass("fa fa-spinner fa-pulse");
});
});
});
$("#dl_sig").click(function(){
$("#dl_sig_progress").addClass("fa fa-spinner fa-pulse");
$("#dl_sig").prop("disabled", true);
ajaxCall(url="/api/clamav/service/freshclam", sendData={action:1}, callback_ok=function(){
setTimeout(timeoutCheck, 2500);
});
});
});
</script>

43
security/clamav/src/opnsense/scripts/OPNsense/ClamAV/freshclam.sh Executable file
View file

@ -0,0 +1,43 @@
#!/bin/sh
# Copyright (c) 2017 Franco Fichtner <franco@opnsense.org>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
PIDFILE="/var/run/clamav/freshclam-init.pid"
DBFILE="/var/db/clamav/main.cvd"
COMMAND="${1}"
if [ -f ${DBFILE} ]; then
echo "done"
elif pgrep -qF ${PIDFILE} 2> /dev/null; then
echo "running"
elif [ -z "${COMMAND}" ]; then
echo "missing"
else
daemon -f -p ${PIDFILE} freshclam --quiet
echo "starting"
fi
exit 0

13
security/clamav/src/opnsense/scripts/OPNsense/ClamAV/setup.sh Normal file
View file

@ -0,0 +1,13 @@
#!/bin/sh
mkdir -p /var/run/clamav
chown -R clamav:clamav /var/run/clamav
chmod 750 /var/run/clamav
mkdir -p /var/db/clamav
chown -R clamav:clamav /var/db/clamav
chmod 750 /var/db/clamav
mkdir -p /var/log/clamav
chown -R clamav:clamav /var/log/clamav
chmod 750 /var/log/clamav

35
security/clamav/src/opnsense/service/conf/actions.d/actions_clamav.conf Normal file
View file

@ -0,0 +1,35 @@
[start]
command:/usr/local/opnsense/scripts/OPNsense/ClamAV/setup.sh;/usr/local/etc/rc.d/clamav-freshclam start;/usr/local/etc/rc.d/clamav-clamd start
parameters:
type:script
message:starting ClamAV
[stop]
command:/usr/local/etc/rc.d/clamav-freshclam stop;/usr/local/etc/rc.d/clamav-clamd stop; exit 0
parameters:
type:script
message:stopping ClamAV
[restart]
command:/usr/local/opnsense/scripts/OPNsense/ClamAV/setup.sh;/usr/local/etc/rc.d/clamav-freshclam restart;/usr/local/etc/rc.d/clamav-clamd restart
parameters:
type:script
message:restarting ClamAV
[reconfigure]
command:/usr/local/opnsense/scripts/OPNsense/ClamAV/setup.sh;/usr/local/etc/rc.d/clamav-freshclam restart;/usr/local/etc/rc.d/clamav-clamd restart
parameters:
type:script
message:reconfigure ClamAV
[status]
command:/usr/local/etc/rc.d/clamav-freshclam status;/usr/local/etc/rc.d/clamav-clamd status;exit 0
parameters:
type:script_output
message:request ClamAV status
[freshclam]
command:/usr/local/opnsense/scripts/OPNsense/ClamAV/freshclam.sh
parameters:%s
type:script_output
message:Check or install signatures

4
security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/+TARGETS Normal file
View file

@ -0,0 +1,4 @@
clamav_clamd:/etc/rc.conf.d/clamav_clamd
clamav_freshclam:/etc/rc.conf.d/clamav_freshclam
clamd.conf:/usr/local/etc/clamd.conf
freshclam.conf:/usr/local/etc/freshclam.conf

6
security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/clamav_clamd Normal file
View file

@ -0,0 +1,6 @@
{% if helpers.exists('OPNsense.clamav.general.enabled') and OPNsense.clamav.general.enabled == '1' %}
clamav_clamd_opnsense_bootup_run="/usr/local/opnsense/scripts/OPNsense/ClamAV/setup.sh"
clamav_clamd_enable="YES"
{% else %}
clamav_clamd_enable="NO"
{% endif %}

6
security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/clamav_freshclam Normal file
View file

@ -0,0 +1,6 @@
{% if helpers.exists('OPNsense.clamav.general.fc_enabled') and OPNsense.clamav.general.fc_enabled == '1' %}
clamav_freshclam_opnsense_bootup_run="/usr/local/opnsense/scripts/OPNsense/ClamAV/setup.sh"
clamav_freshclam_enable="YES"
{% else %}
clamav_freshclam_enable="NO"
{% endif %}

84
security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/clamd.conf Normal file
View file

@ -0,0 +1,84 @@
{% if helpers.exists('OPNsense.clamav.general.enabled') and OPNsense.clamav.general.enabled == '1' %}
LogFile /var/log/clamav/clamd.log
LogTime yes
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/db/clamav
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket yes
{% if helpers.exists('OPNsense.clamav.general.enabletcp') and OPNsense.clamav.general.enabletcp == '1' %}
TCPSocket 3310
TCPAddr 127.0.0.1
{% endif %}
{% if helpers.exists('OPNsense.clamav.general.maxthreads') and OPNsense.clamav.general.maxthreads != '' %}
MaxThreads {{ OPNsense.clamav.general.maxthreads }}
{% endif %}
{% if helpers.exists('OPNsense.clamav.general.maxqueue') and OPNsense.clamav.general.maxqueue != '' %}
MaxQueue {{ OPNsense.clamav.general.maxqueue }}
{% endif %}
{% if helpers.exists('OPNsense.clamav.general.idletimeout') and OPNsense.clamav.general.idletimeout != '' %}
IdleTimeout {{ OPNsense.clamav.general.idletimeout }}
{% endif %}
{% if helpers.exists('OPNsense.clamav.general.maxdirrecursion') and OPNsense.clamav.general.maxdirrecursion != '' %}
MaxDirectoryRecursion {{ OPNsense.clamav.general.maxdirrecursion }}
{% endif %}
{% if helpers.exists('OPNsense.clamav.general.followdirsym') and OPNsense.clamav.general.followdirsym == '1' %}
FollowDirectorySymlinks yes
{% endif %}
{% if helpers.exists('OPNsense.clamav.general.followfilesym') and OPNsense.clamav.general.followfilesym == '1' %}
FollowFileSymlinks yes
{% endif %}
User clamav
AllowSupplementaryGroups yes
{% if helpers.exists('OPNsense.clamav.general.scanpe') and OPNsense.clamav.general.scanpe == '1' %}
ScanPE yes
{% endif %}
{% if helpers.exists('OPNsense.clamav.general.scanelf') and OPNsense.clamav.general.scanelf == '1' %}
ScanELF yes
{% endif %}
{% if helpers.exists('OPNsense.clamav.general.detectbroken') and OPNsense.clamav.general.detectbroken == '1' %}
DetectBrokenExecutables yes
{% endif %}
{% if helpers.exists('OPNsense.clamav.general.scanole2') and OPNsense.clamav.general.scanole2 == '1' %}
ScanOLE2 yes
{% endif %}
{% if helpers.exists('OPNsense.clamav.general.ole2blockmarcros') and OPNsense.clamav.general.ole2blockmarcros == '1' %}
OLE2BlockMacros yes
{% endif %}
{% if helpers.exists('OPNsense.clamav.general.scanpdf') and OPNsense.clamav.general.scanpdf == '1' %}
ScanPDF yes
{% endif %}
{% if helpers.exists('OPNsense.clamav.general.scanswf') and OPNsense.clamav.general.scanswf == '1' %}
ScanSWF yes
{% endif %}
{% if helpers.exists('OPNsense.clamav.general.scanxmldocs') and OPNsense.clamav.general.scanxmldocs == '1' %}
ScanXMLDOCS yes
{% endif %}
{% if helpers.exists('OPNsense.clamav.general.scanhwp3') and OPNsense.clamav.general.scanhwp3 == '1' %}
ScanHWP3 yes
{% endif %}
{% if helpers.exists('OPNsense.clamav.general.scanmailfiles') and OPNsense.clamav.general.scanmailfiles == '1' %}
ScanMail yes
{% endif %}
{% if helpers.exists('OPNsense.clamav.general.scanhtml') and OPNsense.clamav.general.scanhtml == '1' %}
ScanHTML yes
{% endif %}
{% if helpers.exists('OPNsense.clamav.general.scanarchive') and OPNsense.clamav.general.scanarchive == '1' %}
ScanArchive yes
{% endif %}
{% if helpers.exists('OPNsense.clamav.general.arcblockenc') and OPNsense.clamav.general.arcblockenc == '1' %}
ArchiveBlockEncrypted yes
{% endif %}
{% if helpers.exists('OPNsense.clamav.general.maxscansize') and OPNsense.clamav.general.maxscansize != '' %}
MaxScanSize {{ OPNsense.clamav.general.maxscansize }}
{% endif %}
{% if helpers.exists('OPNsense.clamav.general.maxfilesize') and OPNsense.clamav.general.maxfilesize != '' %}
MaxFileSize {{ OPNsense.clamav.general.maxfilesize }}
{% endif %}
{% if helpers.exists('OPNsense.clamav.general.maxrecursion') and OPNsense.clamav.general.maxrecursion != '' %}
MaxRecursion {{ OPNsense.clamav.general.maxrecursion }}
{% endif %}
{% if helpers.exists('OPNsense.clamav.general.maxfiles') and OPNsense.clamav.general.maxfiles != '' %}
MaxFiles {{ OPNsense.clamav.general.maxfiles }}
{% endif %}
{% endif %}

28
security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/freshclam.conf Normal file
View file

@ -0,0 +1,28 @@
{% if helpers.exists('OPNsense.clamav.general.fc_enabled') and OPNsense.clamav.general.fc_enabled == '1' %}
DatabaseDirectory /var/db/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogTime yes
{% if helpers.exists('OPNsense.clamav.general.fc_logverbose') and OPNsense.clamav.general.fc_logverbose == '1' %}
LogVerbose yes
{% endif %}
PidFile /var/run/clamav/freshclam.pid
DatabaseOwner clamav
AllowSupplementaryGroups yes
{% if helpers.exists('OPNsense.clamav.general.fc_databasemirror') and OPNsense.clamav.general.fc_databasemirror != '' %}
DatabaseMirror {{ OPNsense.clamav.general.fc_databasemirror }}
{% endif %}
NotifyClamd /usr/local/etc/clamd.conf
{% if helpers.exists('OPNsense.clamav.general.fc_timeout') and OPNsense.clamav.general.fc_timeout != '' %}
ConnectTimeout {{ OPNsense.clamav.general.fc_timeout }}
{% endif %}
{% else %}
{% if helpers.exists('OPNsense.clamav.general.fc_databasemirror') and OPNsense.clamav.general.fc_databasemirror != '' %}
DatabaseMirror {{ OPNsense.clamav.general.fc_databasemirror }}
{% endif %}
{% endif %}