From 7da490209e0c1eb6e3bf6f9f6499ea71e2781f17 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Thu, 10 Aug 2017 13:21:13 +0200
Subject: [PATCH] security/clamav: add version 0.2 from master

---
 README.md                                     |   1 +
 security/clamav/Makefile                      |   8 +
 security/clamav/pkg-descr                     |   8 +
 .../src/etc/inc/plugins.inc.d/clamav.inc      |  62 ++++++
 .../OPNsense/ClamAV/Api/GeneralController.php |  77 ++++++++
 .../OPNsense/ClamAV/Api/ServiceController.php | 166 ++++++++++++++++
 .../OPNsense/ClamAV/GeneralController.php     |  39 ++++
 .../OPNsense/ClamAV/forms/general.xml         | 180 ++++++++++++++++++
 .../app/models/OPNsense/ClamAV/ACL/ACL.xml    |   9 +
 .../app/models/OPNsense/ClamAV/General.php    |  35 ++++
 .../app/models/OPNsense/ClamAV/General.xml    | 127 ++++++++++++
 .../app/models/OPNsense/ClamAV/Menu/Menu.xml  |   5 +
 .../app/views/OPNsense/ClamAV/general.volt    | 102 ++++++++++
 .../scripts/OPNsense/ClamAV/freshclam.sh      |  43 +++++
 .../opnsense/scripts/OPNsense/ClamAV/setup.sh |  13 ++
 .../conf/actions.d/actions_clamav.conf        |  35 ++++
 .../templates/OPNsense/ClamAV/+TARGETS        |   4 +
 .../templates/OPNsense/ClamAV/clamav_clamd    |   6 +
 .../OPNsense/ClamAV/clamav_freshclam          |   6 +
 .../templates/OPNsense/ClamAV/clamd.conf      |  84 ++++++++
 .../templates/OPNsense/ClamAV/freshclam.conf  |  28 +++
 21 files changed, 1038 insertions(+)
 create mode 100644 security/clamav/Makefile
 create mode 100644 security/clamav/pkg-descr
 create mode 100644 security/clamav/src/etc/inc/plugins.inc.d/clamav.inc
 create mode 100644 security/clamav/src/opnsense/mvc/app/controllers/OPNsense/ClamAV/Api/GeneralController.php
 create mode 100644 security/clamav/src/opnsense/mvc/app/controllers/OPNsense/ClamAV/Api/ServiceController.php
 create mode 100644 security/clamav/src/opnsense/mvc/app/controllers/OPNsense/ClamAV/GeneralController.php
 create mode 100644 security/clamav/src/opnsense/mvc/app/controllers/OPNsense/ClamAV/forms/general.xml
 create mode 100644 security/clamav/src/opnsense/mvc/app/models/OPNsense/ClamAV/ACL/ACL.xml
 create mode 100644 security/clamav/src/opnsense/mvc/app/models/OPNsense/ClamAV/General.php
 create mode 100644 security/clamav/src/opnsense/mvc/app/models/OPNsense/ClamAV/General.xml
 create mode 100644 security/clamav/src/opnsense/mvc/app/models/OPNsense/ClamAV/Menu/Menu.xml
 create mode 100644 security/clamav/src/opnsense/mvc/app/views/OPNsense/ClamAV/general.volt
 create mode 100755 security/clamav/src/opnsense/scripts/OPNsense/ClamAV/freshclam.sh
 create mode 100644 security/clamav/src/opnsense/scripts/OPNsense/ClamAV/setup.sh
 create mode 100644 security/clamav/src/opnsense/service/conf/actions.d/actions_clamav.conf
 create mode 100644 security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/+TARGETS
 create mode 100644 security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/clamav_clamd
 create mode 100644 security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/clamav_freshclam
 create mode 100644 security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/clamd.conf
 create mode 100644 security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/freshclam.conf

diff --git a/README.md b/README.md
index 7a367cebd..09cc30d14 100644
--- a/README.md
+++ b/README.md
@@ -53,6 +53,7 @@ sysutils/smart -- SMART tools
 sysutils/vmware -- VMware tools
 sysutils/xen -- Xen guest utilities
 security/acme-client -- Let's Encrypt client
+security/clamav -- Antivirus engine for detecting malicious threats
 security/intrusion-detection-content-pt-open -- IDS PT Research ruleset (only for non-commercial use)
 security/tinc -- Tinc VPN
 www/web-proxy-sso -- Add SSO Active Directory to use in Proxy
diff --git a/security/clamav/Makefile b/security/clamav/Makefile
new file mode 100644
index 000000000..16e48923d
--- /dev/null
+++ b/security/clamav/Makefile
@@ -0,0 +1,8 @@
+PLUGIN_NAME=		clamav
+PLUGIN_VERSION=		0.2
+PLUGIN_COMMENT=		Antivirus engine for detecting malicious threats
+PLUGIN_DEPENDS=		clamav
+PLUGIN_MAINTAINER=	m.muenz@gmail.com
+PLUGIN_DEVEL=		yes
+
+.include "../../Mk/plugins.mk"
diff --git a/security/clamav/pkg-descr b/security/clamav/pkg-descr
new file mode 100644
index 000000000..4fe5a529d
--- /dev/null
+++ b/security/clamav/pkg-descr
@@ -0,0 +1,8 @@
+ClamAV(r) is an open source (GPL) anti-virus engine used in a
+variety of situations including email scanning, web scanning,
+and end point security. It provides a number of utilities
+including a flexible and scalable multi-threaded daemon,
+a command line scanner and an advanced tool for automatic
+database updates.
+
+WWW: https://www.clamav.net/
diff --git a/security/clamav/src/etc/inc/plugins.inc.d/clamav.inc b/security/clamav/src/etc/inc/plugins.inc.d/clamav.inc
new file mode 100644
index 000000000..15c7357f6
--- /dev/null
+++ b/security/clamav/src/etc/inc/plugins.inc.d/clamav.inc
@@ -0,0 +1,62 @@
+<?php
+
+/*
+    Copyright (C) 2017 Michael Muenz
+    All rights reserved.
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+*/
+
+function clamav_services()
+{
+    global $config;
+
+    $services = array();
+
+    if (isset($config['OPNsense']['clamav']['general']['enabled']) && $config['OPNsense']['clamav']['general']['enabled'] == 1) {
+        $services[] = array(
+            'description' => gettext('ClamAV Daemon'),
+            'configd' => array(
+                'restart' => array('clamav restart'),
+                'start' => array('clamav start'),
+                'stop' => array('clamav stop'),
+            ),
+            'name' => 'clamd',
+            'pidfile' => '/var/run/clamav/clamd.pid'
+        );
+    }
+
+    if (isset($config['OPNsense']['clamav']['freshclam']['enabled']) && $config['OPNsense']['clamav']['freshclam']['enabled'] == 1) {
+        $services[] = array(
+            'description' => gettext('freshclam daemon'),
+            'configd' => array(
+                'restart' => array('clamav restart'),
+                'start' => array('clamav start'),
+                'stop' => array('clamav stop'),
+            ),
+            'name' => 'freshclam',
+            'pidfile' => '/var/run/clamav/freshclam.pid'
+        );
+    }
+
+    return $services;
+}
diff --git a/security/clamav/src/opnsense/mvc/app/controllers/OPNsense/ClamAV/Api/GeneralController.php b/security/clamav/src/opnsense/mvc/app/controllers/OPNsense/ClamAV/Api/GeneralController.php
new file mode 100644
index 000000000..704c29577
--- /dev/null
+++ b/security/clamav/src/opnsense/mvc/app/controllers/OPNsense/ClamAV/Api/GeneralController.php
@@ -0,0 +1,77 @@
+<?php
+
+/**
+ *    Copyright (C) 2015 - 2017 Deciso B.V.
+ *    Copyright (C) 2017 Michael Muenz
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\ClamAV\Api;
+
+use \OPNsense\Base\ApiControllerBase;
+use \OPNsense\ClamAV\General;
+use \OPNsense\Core\Config;
+
+class GeneralController extends ApiControllerBase
+{
+    public function getAction()
+    {
+        // define list of configurable settings
+        $result = array();
+        if ($this->request->isGet()) {
+            $mdlGeneral = new General();
+            $result['general'] = $mdlGeneral->getNodes();
+        }
+        return $result;
+    }
+
+    public function setAction()
+    {
+        $result = array("result"=>"failed");
+        if ($this->request->isPost()) {
+            // load model and update with provided data
+            $mdlGeneral = new General();
+            $mdlGeneral->setNodes($this->request->getPost("general"));
+
+            // perform validation
+            $valMsgs = $mdlGeneral->performValidation();
+            foreach ($valMsgs as $field => $msg) {
+                if (!array_key_exists("validations", $result)) {
+                    $result["validations"] = array();
+                }
+                $result["validations"]["general.".$msg->getField()] = $msg->getMessage();
+            }
+
+            // serialize model to config and save
+            if ($valMsgs->count() == 0) {
+                $mdlGeneral->serializeToConfig();
+                Config::getInstance()->save();
+                $result["result"] = "saved";
+            }
+        }
+        return $result;
+    }
+}
diff --git a/security/clamav/src/opnsense/mvc/app/controllers/OPNsense/ClamAV/Api/ServiceController.php b/security/clamav/src/opnsense/mvc/app/controllers/OPNsense/ClamAV/Api/ServiceController.php
new file mode 100644
index 000000000..6d3c648b0
--- /dev/null
+++ b/security/clamav/src/opnsense/mvc/app/controllers/OPNsense/ClamAV/Api/ServiceController.php
@@ -0,0 +1,166 @@
+<?php
+
+/**
+ *    Copyright (C) 2015 - 2017 Deciso B.V.
+ *    Copyright (C) 2017 Michael Muenz
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\ClamAV\Api;
+
+use \OPNsense\Base\ApiControllerBase;
+use \OPNsense\Core\Backend;
+use \OPNsense\ClamAV\General;
+
+/**
+ * Class ServiceController
+ * @package OPNsense\ClamAV
+ */
+class ServiceController extends ApiControllerBase
+{
+    /**
+     * load the initial signatures
+     * @return array
+     */
+    public function freshclamAction()
+    {
+        if ($this->request->isPost()) {
+            $backend = new Backend();
+            $command = 'clamav freshclam';
+            if ($this->request->hasPost('action')) {
+                $command .= ' go';
+            }
+            $response = trim($backend->configdRun($command));
+            return array('status' => $response);
+        } else {
+            return array('status' => 'error');
+        }
+    }
+    /**
+     * start clamav service (in background)
+     * @return array
+     */
+    public function startAction()
+    {
+        if ($this->request->isPost()) {
+            $backend = new Backend();
+            $response = $backend->configdRun("clamav start", true);
+            return array("response" => $response);
+        } else {
+            return array("response" => array());
+        }
+    }
+
+    /**
+     * stop clamav service
+     * @return array
+     */
+    public function stopAction()
+    {
+        if ($this->request->isPost()) {
+            $backend = new Backend();
+            $response = $backend->configdRun("clamav stop");
+            return array("response" => $response);
+        } else {
+            return array("response" => array());
+        }
+    }
+
+    /**
+     * restart clamav service
+     * @return array
+     */
+    public function restartAction()
+    {
+        if ($this->request->isPost()) {
+            $backend = new Backend();
+            $response = $backend->configdRun("clamav restart");
+            return array("response" => $response);
+        } else {
+            return array("response" => array());
+        }
+    }
+
+    /**
+     * retrieve status of clamav
+     * @return array
+     * @throws \Exception
+     */
+    public function statusAction()
+    {
+        $backend = new Backend();
+        $mdlGeneral = new General();
+        $response = $backend->configdRun("clamav status");
+
+        if (strpos($response, "not running") > 0) {
+            if ($mdlGeneral->enabled->__toString() == 1) {
+                $status = "stopped";
+            } else {
+                $status = "disabled";
+            }
+        } elseif (strpos($response, "is running") > 0) {
+            $status = "running";
+        } elseif ($mdlGeneral->enabled->__toString() == 0) {
+            $status = "disabled";
+        } else {
+            $status = "unkown";
+        }
+
+
+        return array("status" => $status);
+    }
+
+    /**
+     * reconfigure clamav, generate config and reload
+     */
+    public function reconfigureAction()
+    {
+        if ($this->request->isPost()) {
+            // close session for long running action
+            $this->sessionClose();
+
+            $mdlGeneral = new General();
+            $backend = new Backend();
+
+            $runStatus = $this->statusAction();
+
+            // stop clamav if it is running or not
+            $this->stopAction();
+
+            // generate template
+            $backend->configdRun('template reload OPNsense/ClamAV');
+
+            // (res)start daemon
+            if ($mdlGeneral->enabled->__toString() == 1) {
+                $this->startAction();
+            }
+
+            return array("status" => "ok");
+        } else {
+            return array("status" => "failed");
+        }
+    }
+}
diff --git a/security/clamav/src/opnsense/mvc/app/controllers/OPNsense/ClamAV/GeneralController.php b/security/clamav/src/opnsense/mvc/app/controllers/OPNsense/ClamAV/GeneralController.php
new file mode 100644
index 000000000..a0df9a70c
--- /dev/null
+++ b/security/clamav/src/opnsense/mvc/app/controllers/OPNsense/ClamAV/GeneralController.php
@@ -0,0 +1,39 @@
+<?php
+
+/*
+    Copyright (C) 2017 Michael Muenz
+    All rights reserved.
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+*/
+
+namespace OPNsense\ClamAV;
+
+class GeneralController extends \OPNsense\Base\IndexController
+{
+    public function indexAction()
+    {
+        $this->view->title = gettext("ClamAV settings");
+        $this->view->generalForm = $this->getForm("general");
+        $this->view->pick('OPNsense/ClamAV/general');
+    }
+}
diff --git a/security/clamav/src/opnsense/mvc/app/controllers/OPNsense/ClamAV/forms/general.xml b/security/clamav/src/opnsense/mvc/app/controllers/OPNsense/ClamAV/forms/general.xml
new file mode 100644
index 000000000..747d2e5ac
--- /dev/null
+++ b/security/clamav/src/opnsense/mvc/app/controllers/OPNsense/ClamAV/forms/general.xml
@@ -0,0 +1,180 @@
+<form>
+    <field>
+        <id>general.enabled</id>
+        <label>Enable clamd service</label>
+        <type>checkbox</type>
+        <help>This will activate the clamd service.</help>
+    </field>
+    <field>
+        <id>general.fc_enabled</id>
+        <label>Enable freshclam service</label>
+        <type>checkbox</type>
+        <help>This will activate the freshclam service.</help>
+    </field>
+    <field>
+        <id>general.enabletcp</id>
+        <label>Enable TCP port</label>
+        <type>checkbox</type>
+        <help>This will enable TCP port 3310 in addition to the local socket.</help>
+    </field>
+    <field>
+        <id>general.maxthreads</id>
+        <label>Maximum number of threads running</label>
+        <type>text</type>
+        <help>Maximum number of threads running at the same time.</help>
+    </field>
+    <field>
+        <id>general.maxqueue</id>
+        <label>Maximum number of queued items</label>
+        <type>text</type>
+        <help>Maximum number of queued items (including those being processed by MaxThreads threads). It is recommended to have this value at least twice MaxThreads if possible.</help>
+    </field>
+    <field>
+        <id>general.idletimeout</id>
+        <label>Idle timeout</label>
+        <type>text</type>
+        <help>Waiting for a new job will timeout after this time in seconds.</help>
+    </field>
+    <field>
+        <id>general.maxdirrecursion</id>
+        <label>Max directory recursion</label>
+        <type>text</type>
+        <help>Maximum depth directories are scanned at.</help>
+    </field>
+    <field>
+        <id>general.followdirsym</id>
+        <label>Follow directory symlinks</label>
+        <type>checkbox</type>
+    </field>
+    <field>
+        <id>general.followfilesym</id>
+        <label>Follow regular file symlinks</label>
+        <type>checkbox</type>
+    </field>
+    <field>
+        <id>general.disablecache</id>
+        <label>Disable cache</label>
+        <type>checkbox</type>
+        <help>This option allows you to disable the caching feature of the engine.</help>
+    </field>
+    <field>
+        <id>general.scanpe</id>
+        <label>Scan portable executeable</label>
+        <type>checkbox</type>
+        <help>PE stands for Portable Executable - it's an executable file format used in all 32 and 64-bit versions of Windows operating systems.</help>
+    </field>
+    <field>
+        <id>general.scanelf</id>
+        <label>Scan executeable and linking format</label>
+        <type>checkbox</type>
+        <help>Executable and Linking Format is a standard format for UN*X executables.</help>
+    </field>
+    <field>
+        <id>general.detectbroken</id>
+        <label>Detect broken executables</label>
+        <type>checkbox</type>
+        <help>With this option clamav will try to detect broken executables (both PE and ELF) and mark them as Broken.</help>
+    </field>
+    <field>
+        <id>general.scanole2</id>
+        <label>Scan OLE2</label>
+        <type>checkbox</type>
+        <help>This option enables scanning of OLE2 files, such as Microsoft Office documents and .msi files.</help>
+    </field>
+    <field>
+        <id>general.ole2blockmarcros</id>
+        <label>OLE2 block macros</label>
+        <type>checkbox</type>
+        <help>With this option enabled OLE2 files with VBA macros, which were not detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".</help>
+    </field>
+    <field>
+        <id>general.scanpdf</id>
+        <label>Scan PDF files</label>
+        <type>checkbox</type>
+        <help>This option enables scanning within PDF files.</help>
+    </field>
+    <field>
+        <id>general.scanswf</id>
+        <label>Scan SWF</label>
+        <type>checkbox</type>
+        <help>This option enables scanning within SWF files.</help>
+    </field>
+    <field>
+        <id>general.scanxmldocs</id>
+        <label>Scan XMLDOCS</label>
+        <type>checkbox</type>
+        <help>This option enables scanning xml-based document files supported by libclamav.</help>
+    </field>
+    <field>
+        <id>general.scanhwp3</id>
+        <label>Scan HWP3</label>
+        <type>checkbox</type>
+        <help>This option enables scanning of HWP3 files.</help>
+    </field>
+    <field>
+        <id>general.scanmailfiles</id>
+        <label>Decode mail files</label>
+        <type>checkbox</type>
+        <help>If you turn off this option, the original files will still be scanned, but without parsing individual messages/attachments.</help>
+    </field>
+    <field>
+        <id>general.scanhtml</id>
+        <label>Scan HTML</label>
+        <type>checkbox</type>
+        <help>Perform HTML normalisation and decryption of MS Script Encoder code.</help>
+    </field>
+    <field>
+        <id>general.scanarchive</id>
+        <label>Scan archives</label>
+        <type>checkbox</type>
+        <help>ClamAV will scan within archives and compressed files.</help>
+    </field>
+    <field>
+        <id>general.arcblockenc</id>
+        <label>Block encrypted archive</label>
+        <type>checkbox</type>
+        <help>Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).</help>
+    </field>
+    <field>
+        <id>general.maxscansize</id>
+        <label>Max scan size</label>
+        <type>text</type>
+        <help>This option sets the maximum amount of data to be scanned for each input file. Archives and other containers are recursively extracted and scanned up to this value.</help>
+    </field>
+     <field>
+        <id>general.maxfilesize</id>
+        <label>Max file size</label>
+        <type>text</type>
+        <help>Files larger than this limit won't be scanned.</help>
+    </field>
+     <field>
+        <id>general.maxrecursion</id>
+        <label>Max recursion</label>
+        <type>text</type>
+        <help>Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR file, all files within it will also be scanned.</help>
+    </field>
+     <field>
+        <id>general.maxfiles</id>
+        <label>Max files</label>
+        <type>text</type>
+        <help>Number of files to be scanned within an archive, a document, or any other container file.</help>
+    </field>
+    <field>
+        <id>general.fc_logverbose</id>
+        <label>Freshclam log verbose</label>
+        <type>checkbox</type>
+        <help>Enable verbose logging.</help>
+    </field>
+    <field>
+        <id>general.fc_databasemirror</id>
+        <label>Freshclam database mirror</label>
+        <type>text</type>
+        <help>database.clamav.net is a round-robin record which points to the most reliable mirrors. DO NOT TOUCH the following line unless you know what you are doing.</help>
+    </field>
+    <field>
+        <id>general.fc_timeout</id>
+        <label>Freshclam connect timeout</label>
+        <type>text</type>
+        <help>Timeout in seconds when connecting to database server.</help>
+    </field>
+</form>
diff --git a/security/clamav/src/opnsense/mvc/app/models/OPNsense/ClamAV/ACL/ACL.xml b/security/clamav/src/opnsense/mvc/app/models/OPNsense/ClamAV/ACL/ACL.xml
new file mode 100644
index 000000000..1edb10b18
--- /dev/null
+++ b/security/clamav/src/opnsense/mvc/app/models/OPNsense/ClamAV/ACL/ACL.xml
@@ -0,0 +1,9 @@
+<acl>
+   <page-services-clamav>
+      <name>Services: ClamAV</name>
+      <patterns>
+         <pattern>ui/clamav/*</pattern>
+         <pattern>api/clamav/*</pattern>
+      </patterns>
+   </page-services-clamav>
+</acl>
diff --git a/security/clamav/src/opnsense/mvc/app/models/OPNsense/ClamAV/General.php b/security/clamav/src/opnsense/mvc/app/models/OPNsense/ClamAV/General.php
new file mode 100644
index 000000000..2c02998f1
--- /dev/null
+++ b/security/clamav/src/opnsense/mvc/app/models/OPNsense/ClamAV/General.php
@@ -0,0 +1,35 @@
+<?php
+
+/*
+    Copyright (C) 2017 Michael Muenz
+    All rights reserved.
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+*/
+
+namespace OPNsense\ClamAV;
+
+use OPNsense\Base\BaseModel;
+
+class General extends BaseModel
+{
+}
diff --git a/security/clamav/src/opnsense/mvc/app/models/OPNsense/ClamAV/General.xml b/security/clamav/src/opnsense/mvc/app/models/OPNsense/ClamAV/General.xml
new file mode 100644
index 000000000..4c329a83f
--- /dev/null
+++ b/security/clamav/src/opnsense/mvc/app/models/OPNsense/ClamAV/General.xml
@@ -0,0 +1,127 @@
+<model>
+    <mount>//OPNsense/clamav/general</mount>
+    <description>ClamAV configuration</description>
+    <version>1.0.0</version>
+    <items>
+        <enabled type="BooleanField">
+            <default>0</default>
+            <Required>Y</Required>
+        </enabled>
+        <fc_enabled type="BooleanField">
+            <default>0</default>
+            <Required>Y</Required>
+        </fc_enabled>
+        <enabletcp type="BooleanField">
+            <default>0</default>
+            <Required>Y</Required>
+        </enabletcp>
+        <maxthreads type="IntegerField">
+            <default>10</default>
+            <Required>N</Required>
+        </maxthreads>
+        <maxqueue type="IntegerField">
+            <default>100</default>
+            <Required>N</Required>
+        </maxqueue>
+        <idletimeout type="IntegerField">
+            <default>30</default>
+            <Required>N</Required>
+        </idletimeout>
+        <maxdirrecursion type="IntegerField">
+            <default>20</default>
+            <Required>N</Required>
+        </maxdirrecursion>
+        <followdirsym type="BooleanField">
+            <default>0</default>
+            <Required>N</Required>
+        </followdirsym>
+        <followfilesym type="BooleanField">
+            <default>0</default>
+	    <Required>N</Required>
+	</followfilesym>
+        <disablecache type="TextField">
+            <default>0</default>
+	    <Required>N</Required>
+	</disablecache>
+        <scanpe type="BooleanField">
+            <default>1</default>
+	    <Required>N</Required>
+	</scanpe>
+        <scanelf type="BooleanField">
+            <default>1</default>
+            <Required>N</Required>
+        </scanelf>
+        <detectbroken type="BooleanField">
+            <default>0</default>
+            <Required>N</Required>
+        </detectbroken>
+        <scanole2 type="BooleanField">
+            <default>1</default>
+            <Required>N</Required>
+        </scanole2>
+        <ole2blockmarcros type="BooleanField">
+            <default>0</default>
+            <Required>N</Required>
+        </ole2blockmarcros>
+        <scanpdf type="BooleanField">
+            <default>1</default>
+            <Required>N</Required>
+        </scanpdf>
+        <scanswf type="BooleanField">
+            <default>1</default>
+            <Required>N</Required>
+        </scanswf>
+        <scanxmldocs type="BooleanField">
+            <default>1</default>
+            <Required>N</Required>
+        </scanxmldocs>
+        <scanhwp3 type="BooleanField">
+            <default>1</default>
+            <Required>N</Required>
+        </scanhwp3>
+        <scanmailfiles type="BooleanField">
+            <default>1</default>
+            <Required>N</Required>
+        </scanmailfiles>
+        <scanhtml type="BooleanField">
+            <default>1</default>
+            <Required>N</Required>
+        </scanhtml>
+        <scanarchive type="BooleanField">
+            <default>1</default>
+            <Required>N</Required>
+        </scanarchive>
+        <arcblockenc type="BooleanField">
+            <default>0</default>
+            <Required>N</Required>
+        </arcblockenc>
+        <maxscansize type="TextField">
+            <default>100M</default>
+            <Required>N</Required>
+        </maxscansize>
+	<maxfilesize type="TextField">
+            <default>25M</default>
+            <Required>N</Required>
+        </maxfilesize>
+	<maxrecursion type="IntegerField">
+            <default>16</default>
+            <Required>N</Required>
+        </maxrecursion>
+	<maxfiles type="IntegerField">
+            <default>10000</default>
+            <Required>N</Required>
+	</maxfiles>
+        <fc_logverbose type="BooleanField">
+            <default>0</default>
+            <Required>N</Required>
+        </fc_logverbose>
+        <fc_databasemirror type="TextField">
+            <default>database.clamav.net</default>
+            <Required>Y</Required>
+        </fc_databasemirror>
+        <fc_timeout type="TextField">
+            <default>60</default>
+            <Required>Y</Required>
+        </fc_timeout>
+	</items>
+</model>
diff --git a/security/clamav/src/opnsense/mvc/app/models/OPNsense/ClamAV/Menu/Menu.xml b/security/clamav/src/opnsense/mvc/app/models/OPNsense/ClamAV/Menu/Menu.xml
new file mode 100644
index 000000000..f5e43ec53
--- /dev/null
+++ b/security/clamav/src/opnsense/mvc/app/models/OPNsense/ClamAV/Menu/Menu.xml
@@ -0,0 +1,5 @@
+<menu>
+  <Services>
+    <ClamAV cssClass="fa fa-stethoscope" url="/ui/clamav/general/index" />
+  </Services>
+</menu>
diff --git a/security/clamav/src/opnsense/mvc/app/views/OPNsense/ClamAV/general.volt b/security/clamav/src/opnsense/mvc/app/views/OPNsense/ClamAV/general.volt
new file mode 100644
index 000000000..5b5aeb2f9
--- /dev/null
+++ b/security/clamav/src/opnsense/mvc/app/views/OPNsense/ClamAV/general.volt
@@ -0,0 +1,102 @@
+{#
+
+OPNsense® is Copyright © 2014 – 2017 by Deciso B.V.
+This file is Copyright © 2017 by Michael Muenz
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+1.  Redistributions of source code must retain the above copyright notice,
+    this list of conditions and the following disclaimer.
+
+2.  Redistributions in binary form must reproduce the above copyright notice,
+    this list of conditions and the following disclaimer in the documentation
+    and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+#}
+
+<div class="alert alert-warning" role="alert" id="dl_sig_alert" style="display:none;min-height:65px;">
+    <button class="btn btn-primary pull-right" id="dl_sig" type="button">{{ lang._('Download signatures') }} <i id="dl_sig_progress"></i></button>
+    <div style="margin-top: 8px;">{{ lang._('No signature database found, please download before use. The download will take several minutes and this message will disappear when it has been completed. If you have memory file system enabled where /var is mounted into RAM you have to download this file with every reboot.')}}</div>
+</div>
+
+<div class="tab-content content-box tab-content">
+    <div id="general" class="tab-pane fade in active">
+        <div class="content-box" style="padding-bottom: 1.5em;">
+            {{ partial("layout_partials/base_form",['fields':generalForm,'id':'frm_general_settings'])}}
+            <hr />
+            <div class="col-md-12">
+                <button class="btn btn-primary"  id="saveAct" type="button"><b>{{ lang._('Save') }}</b><i id="saveAct_progress" class=""></i></button>
+            </div>
+        </div>
+    </div>
+</div>
+
+<script type="text/javascript">
+function timeoutCheck() {
+    ajaxCall(url="/api/clamav/service/freshclam", sendData={}, callback=function(data,status) {
+        if (data['status'] == 'done') {
+            $("#dl_sig_progress").removeClass("fa fa-spinner fa-pulse");
+            $("#dl_sig").prop("disabled", false);
+            $('#dl_sig_alert').hide();
+        } else {
+            setTimeout(timeoutCheck, 2500);
+        }
+    });
+}
+
+$( document ).ready(function() {
+    var data_get_map = {'frm_general_settings':"/api/clamav/general/get"};
+    mapDataToFormUI(data_get_map).done(function(data){
+        formatTokenizersUI();
+        $('.selectpicker').selectpicker('refresh');
+    });
+
+    ajaxCall(url="/api/clamav/service/status", sendData={}, callback=function(data,status) {
+        updateServiceStatusUI(data['status']);
+    });
+
+    ajaxCall(url="/api/clamav/service/freshclam", sendData={}, callback=function(data,status) {
+        if (data['status'] != 'done') {
+            if (data['status'] == 'running') {
+                $("#dl_sig_progress").addClass("fa fa-spinner fa-pulse");
+                $("#dl_sig").prop("disabled", true);
+                setTimeout(timeoutCheck, 2500);
+            }
+            $('#dl_sig_alert').show();
+        }
+    });
+
+    $("#saveAct").click(function(){
+        saveFormToEndpoint(url="/api/clamav/general/set", formid='frm_general_settings',callback_ok=function(){
+        $("#saveAct_progress").addClass("fa fa-spinner fa-pulse");
+            ajaxCall(url="/api/clamav/service/reconfigure", sendData={}, callback=function(data,status) {
+                ajaxCall(url="/api/clamav/service/status", sendData={}, callback=function(data,status) {
+                    updateServiceStatusUI(data['status']);
+                });
+                $("#saveAct_progress").removeClass("fa fa-spinner fa-pulse");
+            });
+        });
+    });
+
+    $("#dl_sig").click(function(){
+        $("#dl_sig_progress").addClass("fa fa-spinner fa-pulse");
+        $("#dl_sig").prop("disabled", true);
+        ajaxCall(url="/api/clamav/service/freshclam", sendData={action:1}, callback_ok=function(){
+            setTimeout(timeoutCheck, 2500);
+        });
+    });
+});
+</script>
diff --git a/security/clamav/src/opnsense/scripts/OPNsense/ClamAV/freshclam.sh b/security/clamav/src/opnsense/scripts/OPNsense/ClamAV/freshclam.sh
new file mode 100755
index 000000000..e54851c70
--- /dev/null
+++ b/security/clamav/src/opnsense/scripts/OPNsense/ClamAV/freshclam.sh
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+# Copyright (c) 2017 Franco Fichtner <franco@opnsense.org>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+PIDFILE="/var/run/clamav/freshclam-init.pid"
+DBFILE="/var/db/clamav/main.cvd"
+COMMAND="${1}"
+
+if [ -f ${DBFILE} ]; then
+       echo "done"
+elif pgrep -qF ${PIDFILE} 2> /dev/null; then
+       echo "running"
+elif [ -z "${COMMAND}" ]; then
+	echo "missing"
+else
+       daemon -f -p ${PIDFILE} freshclam --quiet
+       echo "starting"
+fi
+
+exit 0
diff --git a/security/clamav/src/opnsense/scripts/OPNsense/ClamAV/setup.sh b/security/clamav/src/opnsense/scripts/OPNsense/ClamAV/setup.sh
new file mode 100644
index 000000000..e8c24bb19
--- /dev/null
+++ b/security/clamav/src/opnsense/scripts/OPNsense/ClamAV/setup.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+mkdir -p /var/run/clamav
+chown -R clamav:clamav /var/run/clamav
+chmod 750 /var/run/clamav
+
+mkdir -p /var/db/clamav
+chown -R clamav:clamav /var/db/clamav
+chmod 750 /var/db/clamav
+
+mkdir -p /var/log/clamav
+chown -R clamav:clamav /var/log/clamav
+chmod 750 /var/log/clamav
diff --git a/security/clamav/src/opnsense/service/conf/actions.d/actions_clamav.conf b/security/clamav/src/opnsense/service/conf/actions.d/actions_clamav.conf
new file mode 100644
index 000000000..8e185dfe3
--- /dev/null
+++ b/security/clamav/src/opnsense/service/conf/actions.d/actions_clamav.conf
@@ -0,0 +1,35 @@
+[start]
+command:/usr/local/opnsense/scripts/OPNsense/ClamAV/setup.sh;/usr/local/etc/rc.d/clamav-freshclam start;/usr/local/etc/rc.d/clamav-clamd start
+parameters:
+type:script
+message:starting ClamAV
+
+[stop]
+command:/usr/local/etc/rc.d/clamav-freshclam stop;/usr/local/etc/rc.d/clamav-clamd stop; exit 0
+parameters:
+type:script
+message:stopping ClamAV
+
+[restart]
+command:/usr/local/opnsense/scripts/OPNsense/ClamAV/setup.sh;/usr/local/etc/rc.d/clamav-freshclam restart;/usr/local/etc/rc.d/clamav-clamd restart
+parameters:
+type:script
+message:restarting ClamAV
+
+[reconfigure]
+command:/usr/local/opnsense/scripts/OPNsense/ClamAV/setup.sh;/usr/local/etc/rc.d/clamav-freshclam restart;/usr/local/etc/rc.d/clamav-clamd restart
+parameters:
+type:script
+message:reconfigure ClamAV
+
+[status]
+command:/usr/local/etc/rc.d/clamav-freshclam status;/usr/local/etc/rc.d/clamav-clamd status;exit 0
+parameters:
+type:script_output
+message:request ClamAV status
+
+[freshclam]
+command:/usr/local/opnsense/scripts/OPNsense/ClamAV/freshclam.sh
+parameters:%s
+type:script_output
+message:Check or install signatures
diff --git a/security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/+TARGETS b/security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/+TARGETS
new file mode 100644
index 000000000..8fd952c65
--- /dev/null
+++ b/security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/+TARGETS
@@ -0,0 +1,4 @@
+clamav_clamd:/etc/rc.conf.d/clamav_clamd
+clamav_freshclam:/etc/rc.conf.d/clamav_freshclam
+clamd.conf:/usr/local/etc/clamd.conf
+freshclam.conf:/usr/local/etc/freshclam.conf
diff --git a/security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/clamav_clamd b/security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/clamav_clamd
new file mode 100644
index 000000000..f80cf3395
--- /dev/null
+++ b/security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/clamav_clamd
@@ -0,0 +1,6 @@
+{% if helpers.exists('OPNsense.clamav.general.enabled') and OPNsense.clamav.general.enabled == '1' %}
+clamav_clamd_opnsense_bootup_run="/usr/local/opnsense/scripts/OPNsense/ClamAV/setup.sh"
+clamav_clamd_enable="YES"
+{% else %}
+clamav_clamd_enable="NO"
+{% endif %}
diff --git a/security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/clamav_freshclam b/security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/clamav_freshclam
new file mode 100644
index 000000000..5a2db5b5e
--- /dev/null
+++ b/security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/clamav_freshclam
@@ -0,0 +1,6 @@
+{% if helpers.exists('OPNsense.clamav.general.fc_enabled') and OPNsense.clamav.general.fc_enabled == '1' %}
+clamav_freshclam_opnsense_bootup_run="/usr/local/opnsense/scripts/OPNsense/ClamAV/setup.sh"
+clamav_freshclam_enable="YES"
+{% else %}
+clamav_freshclam_enable="NO"
+{% endif %}
diff --git a/security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/clamd.conf b/security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/clamd.conf
new file mode 100644
index 000000000..c2ae4805d
--- /dev/null
+++ b/security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/clamd.conf
@@ -0,0 +1,84 @@
+{% if helpers.exists('OPNsense.clamav.general.enabled') and OPNsense.clamav.general.enabled == '1' %}
+LogFile /var/log/clamav/clamd.log
+LogTime yes
+PidFile /var/run/clamav/clamd.pid
+DatabaseDirectory /var/db/clamav
+LocalSocket /var/run/clamav/clamd.sock
+FixStaleSocket yes
+{% if helpers.exists('OPNsense.clamav.general.enabletcp') and OPNsense.clamav.general.enabletcp == '1' %}
+TCPSocket 3310
+TCPAddr 127.0.0.1
+{% endif %}
+{% if helpers.exists('OPNsense.clamav.general.maxthreads') and OPNsense.clamav.general.maxthreads != '' %}
+MaxThreads {{ OPNsense.clamav.general.maxthreads }}
+{% endif %}
+{% if helpers.exists('OPNsense.clamav.general.maxqueue') and OPNsense.clamav.general.maxqueue != '' %}
+MaxQueue {{ OPNsense.clamav.general.maxqueue }}
+{% endif %}
+{% if helpers.exists('OPNsense.clamav.general.idletimeout') and OPNsense.clamav.general.idletimeout != '' %}
+IdleTimeout {{ OPNsense.clamav.general.idletimeout }}
+{% endif %}
+{% if helpers.exists('OPNsense.clamav.general.maxdirrecursion') and OPNsense.clamav.general.maxdirrecursion != '' %}
+MaxDirectoryRecursion {{ OPNsense.clamav.general.maxdirrecursion }}
+{% endif %}
+{% if helpers.exists('OPNsense.clamav.general.followdirsym') and OPNsense.clamav.general.followdirsym == '1' %}
+FollowDirectorySymlinks yes
+{% endif %}
+{% if helpers.exists('OPNsense.clamav.general.followfilesym') and OPNsense.clamav.general.followfilesym == '1' %}
+FollowFileSymlinks yes
+{% endif %}
+User clamav
+AllowSupplementaryGroups yes
+{% if helpers.exists('OPNsense.clamav.general.scanpe') and OPNsense.clamav.general.scanpe == '1' %}
+ScanPE yes
+{% endif %}
+{% if helpers.exists('OPNsense.clamav.general.scanelf') and OPNsense.clamav.general.scanelf == '1' %}
+ScanELF yes
+{% endif %}
+{% if helpers.exists('OPNsense.clamav.general.detectbroken') and OPNsense.clamav.general.detectbroken == '1' %}
+DetectBrokenExecutables yes
+{% endif %}
+{% if helpers.exists('OPNsense.clamav.general.scanole2') and OPNsense.clamav.general.scanole2 == '1' %}
+ScanOLE2 yes
+{% endif %}
+{% if helpers.exists('OPNsense.clamav.general.ole2blockmarcros') and OPNsense.clamav.general.ole2blockmarcros == '1' %}
+OLE2BlockMacros yes
+{% endif %}
+{% if helpers.exists('OPNsense.clamav.general.scanpdf') and OPNsense.clamav.general.scanpdf == '1' %}
+ScanPDF yes
+{% endif %}
+{% if helpers.exists('OPNsense.clamav.general.scanswf') and OPNsense.clamav.general.scanswf == '1' %}
+ScanSWF yes
+{% endif %}
+{% if helpers.exists('OPNsense.clamav.general.scanxmldocs') and OPNsense.clamav.general.scanxmldocs == '1' %}
+ScanXMLDOCS yes
+{% endif %}
+{% if helpers.exists('OPNsense.clamav.general.scanhwp3') and OPNsense.clamav.general.scanhwp3 == '1' %}
+ScanHWP3 yes
+{% endif %}
+{% if helpers.exists('OPNsense.clamav.general.scanmailfiles') and OPNsense.clamav.general.scanmailfiles == '1' %}
+ScanMail yes
+{% endif %}
+{% if helpers.exists('OPNsense.clamav.general.scanhtml') and OPNsense.clamav.general.scanhtml == '1' %}
+ScanHTML yes
+{% endif %}
+{% if helpers.exists('OPNsense.clamav.general.scanarchive') and OPNsense.clamav.general.scanarchive == '1' %}
+ScanArchive yes
+{% endif %}
+{% if helpers.exists('OPNsense.clamav.general.arcblockenc') and OPNsense.clamav.general.arcblockenc == '1' %}
+ArchiveBlockEncrypted yes
+{% endif %}
+{% if helpers.exists('OPNsense.clamav.general.maxscansize') and OPNsense.clamav.general.maxscansize != '' %}
+MaxScanSize {{ OPNsense.clamav.general.maxscansize }}
+{% endif %}
+{% if helpers.exists('OPNsense.clamav.general.maxfilesize') and OPNsense.clamav.general.maxfilesize != '' %}
+MaxFileSize {{ OPNsense.clamav.general.maxfilesize }}
+{% endif %}
+{% if helpers.exists('OPNsense.clamav.general.maxrecursion') and OPNsense.clamav.general.maxrecursion != '' %}
+MaxRecursion {{ OPNsense.clamav.general.maxrecursion }}
+{% endif %}
+{% if helpers.exists('OPNsense.clamav.general.maxfiles') and OPNsense.clamav.general.maxfiles != '' %}
+MaxFiles {{ OPNsense.clamav.general.maxfiles }}
+{% endif %}
+
+{% endif %}
diff --git a/security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/freshclam.conf b/security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/freshclam.conf
new file mode 100644
index 000000000..3765f24a8
--- /dev/null
+++ b/security/clamav/src/opnsense/service/templates/OPNsense/ClamAV/freshclam.conf
@@ -0,0 +1,28 @@
+{% if helpers.exists('OPNsense.clamav.general.fc_enabled') and OPNsense.clamav.general.fc_enabled == '1' %}
+
+
+DatabaseDirectory /var/db/clamav
+UpdateLogFile /var/log/clamav/freshclam.log
+
+LogTime yes
+{% if helpers.exists('OPNsense.clamav.general.fc_logverbose') and OPNsense.clamav.general.fc_logverbose == '1' %}
+LogVerbose yes
+{% endif %}
+
+PidFile /var/run/clamav/freshclam.pid
+DatabaseOwner clamav
+AllowSupplementaryGroups yes
+
+{% if helpers.exists('OPNsense.clamav.general.fc_databasemirror') and OPNsense.clamav.general.fc_databasemirror != '' %}
+DatabaseMirror {{ OPNsense.clamav.general.fc_databasemirror }}
+{% endif %}
+NotifyClamd /usr/local/etc/clamd.conf
+{% if helpers.exists('OPNsense.clamav.general.fc_timeout') and OPNsense.clamav.general.fc_timeout != '' %}
+ConnectTimeout {{ OPNsense.clamav.general.fc_timeout }}
+{% endif %}
+
+{% else %}
+{% if helpers.exists('OPNsense.clamav.general.fc_databasemirror') and OPNsense.clamav.general.fc_databasemirror != '' %}
+DatabaseMirror {{ OPNsense.clamav.general.fc_databasemirror }}
+{% endif %}
+{% endif %}