| 0,0 → 1,623 |
|---|
| # |
| # This is the configuration file for HAVP |
| # |
| # All lines starting with a hash (#) or empty lines are ignored. |
| # Uncomment parameters you want to change! |
| # |
| # All parameters configurable in this file are explained and their default |
| # values are shown. If no default value is defined "NONE" is specified. |
| # |
| # General syntax: Parameter Value |
| # Value can be: true/false, number, or path |
| # |
| # Extra spaces and tabs are ignored. |
| # |
| |
| # You must remove this line for HAVP to start. |
| # This makes sure you have (hopefully) reviewed the configuration. :) |
| # Hint: You must enable some scanner! Find them in the end.. |
| # REMOVETHISLINE deleteme |
| |
| # |
| # For reasons of security it is recommended to run a proxy program |
| # without root rights. It is recommended to create user that is not |
| # used by any other program. |
| # |
| # Default: |
| # USER havp |
| # GROUP havp |
| |
| # If this is true HAVP is running as daemon in background. |
| # For testing you may run HAVP at your text console. |
| # |
| # Default: |
| # DAEMON true |
| |
| # |
| # Process id (PID) of the main HAVP process is written to this file. |
| # Be sure that it is writeable by the user under which HAVP is running. |
| # /etc/init.d/havp script requires this to work. |
| # |
| # Default: |
| # PIDFILE /var/run/havp/havp.pid |
| |
| # |
| # For performance reasons several instances of HAVP have to run. |
| # Specify how many servers (child processes) are simultaneously |
| # listening on port PORT for a connection. Minimum value should be |
| # the peak requests-per-second expected + 5 for headroom. For best |
| # performance, you should have atleast 1 CPU core per 16 processes. |
| # |
| # For single user home use, 8 should be minimum. |
| # For 500+ users corporate use, start at 40. |
| # |
| # Value can and should be higher than recommended. Memory and |
| # CPU usage is only affected by the number of concurrent requests. |
| # |
| # More childs are automatically created when needed, up to MAXSERVERS. |
| # |
| # Default: |
| # SERVERNUMBER 8 |
| # MAXSERVERS 100 |
| |
| # |
| # Files where to log requests and info/errors. |
| # Needs to have write permission for HAVP user. |
| # |
| # Default: |
| # ACCESSLOG /var/log/havp/access.log |
| # ERRORLOG /var/log/havp/havp.log |
| |
| # |
| # Syslog can be used instead of logging to file. |
| # For facilities and levels, see "man syslog". |
| # |
| # Default: |
| # USESYSLOG false |
| # SYSLOGNAME havp |
| # SYSLOGFACILITY daemon |
| # SYSLOGLEVEL info |
| # SYSLOGVIRUSLEVEL warning |
| |
| # |
| # true: Log every request to access log |
| # false: Log only viruses to access log |
| # |
| # Default: |
| LOG_OKS false |
| |
| # |
| # Level of HAVP logging |
| # 0 = Only serious errors and information |
| # 1 = Less interesting information is included |
| # |
| # Default: |
| # LOGLEVEL 0 |
| |
| # |
| # Temporary scan file. |
| # This file must reside on a partition for which mandatory |
| # locking is enabled. For Linux, use "-o mand" in mount command. |
| # See "man mount" for details. Solaris does not need any special |
| # steps, it works directly. |
| # |
| # Specify absolute path to a file which name must contain "XXXXXX". |
| # These characters are used by system to create unique named files. |
| # |
| # Default: |
| # SCANTEMPFILE /var/tmp/havp/havp-XXXXXX |
| |
| # |
| # Directory for ClamAV and other scanner created tempfiles. |
| # Needs to be writable by HAVP user. Use ramdisk for best performance. |
| # |
| # Default: |
| # TEMPDIR /var/tmp |
| |
| # |
| # HAVP reloads scanners virus database by receiving a signal |
| # (send SIGHUP to PID from PIDFILE, see "man kill") or after |
| # a specified period of time. Specify here the number of |
| # minutes to wait for reloading. |
| # |
| # This only affects library scanners (clamlib, trophie). |
| # Other scanners must be updated manually. |
| # |
| # Default: |
| # DBRELOAD 60 |
| |
| # |
| # Run HAVP as transparent Proxy? |
| # |
| # If you don't know what this means read the mini-howto |
| # TransparentProxy written by Daniel Kiracofe. |
| # (e.g.: http://www.tldp.org/HOWTO/mini/TransparentProxy.html) |
| # Definitely you have more to do than setting this to true. |
| # You are warned! |
| # |
| # Default: |
| # TRANSPARENT false |
| |
| # |
| # Specify a parent proxy (e.g. Squid) HAVP should use. |
| # |
| # Default: NONE |
| PARENTPROXY localhost |
| PARENTPORT 3128 |
| |
| # |
| # Write X-Forwarded-For: to log instead of connecters IP? |
| # |
| # If HAVP is used as parent proxy by some other proxy, this allows |
| # to write the real users IP to log, instead of proxy IP. |
| # |
| # Default: |
| # FORWARDED_IP false |
| |
| # |
| # Send X-Forwarded-For: header to servers? |
| # |
| # If client sent this header, FORWARDED_IP setting defines the value, |
| # then it is passed on. You might want to keep this disabled for security |
| # reasons. Enable this if you use your own parent proxy after HAVP, so it |
| # will see the original client IP. |
| # |
| # Disabling this also disables Via: header generation. |
| # |
| # Default: |
| # X_FORWARDED_FOR false |
| |
| # |
| # Port HAVP is listening on. |
| # |
| # Default: |
| PORT 8090 |
| |
| # |
| # IP address that HAVP listens on. |
| # Let it be undefined to bind all addresses. |
| # |
| # Default: NONE |
| BIND_ADDRESS 127.0.0.1 |
| |
| # |
| # IP address used for sending outbound packets. |
| # Let it be undefined if you want OS to handle right address. |
| # |
| # Default: NONE |
| # SOURCE_ADDRESS 1.2.3.4 |
| |
| # |
| # Path to template files. |
| # |
| # Default: |
| TEMPLATEPATH /usr/local/etc/havp/templates/fr |
| |
| # |
| # Set to true if you want to prefer Whitelist. |
| # If URL is Whitelisted, then Blacklist is ignored. |
| # Otherwise Blacklist is preferred. |
| # |
| # Default: |
| # WHITELISTFIRST true |
| |
| # |
| # List of URLs not to scan. |
| # |
| # Default: |
| # WHITELIST /usr/local/etc/havp/whitelist |
| |
| # |
| # List of URLs that are denied access. |
| # |
| # Default: |
| # BLACKLIST /usr/local/etc/havp/blacklist |
| |
| # |
| # Is scanner error fatal? |
| # |
| # For example, archive types that are not supported by scanner |
| # may return error. Also if scanner has invalid pattern files etc. |
| # |
| # true: User gets error page |
| # false: No error is reported (viruses might not be detected) |
| # |
| # Default: |
| # FAILSCANERROR true |
| |
| # |
| # When scanning takes longer than this, it will be aborted. |
| # Timer is started after HAVP has fully received all data. |
| # If set too low, complex files/archives might produce timeout. |
| # Timeout is always a fatal error regardless of FAILSCANERROR. |
| # |
| # Time in minutes! |
| # |
| # Default: |
| # SCANNERTIMEOUT 10 |
| |
| # |
| # Allow HTTP Range requests? |
| # |
| # false: Broken downloads can NOT be resumed |
| # true: Broken downloads can be resumed |
| # |
| # Allowing Range is a security risk, because partial |
| # HTTP requests may not be properly scanned. |
| # |
| # Whitelisted sites are allowed to use Range in any case. |
| # |
| # Default: |
| # RANGE false |
| |
| # |
| # Allow HTTP Range request to get the ZIP header first? |
| # |
| # This allows (partial) scanning of ZIP files that are bigger than |
| # MAXSCANSIZE. Scanning is done up to that many bytes into the file. |
| # |
| # Default: |
| # PRELOADZIPHEADER true |
| |
| # |
| # If you really need more performance, you can disable scanning of |
| # JPG, GIF and PNG files. These are probably the most common files |
| # around, so it will save lots of CPU. But be warned, image exploits |
| # exist and more could be found. Think twice if you want to disable! |
| # |
| # Default: |
| # SCANIMAGES true |
| |
| # |
| # Temporary file will grow only up to this size. This means scanner |
| # will scan data until this limit is reached. |
| # |
| # There are two sides to this setting. By limiting the size, you gain |
| # performance, less waiting for big files and less needed temporary space. |
| # But there is slightly higher chance of virus slipping through (though |
| # scanning large archives should not be gateways function, HAVP is more |
| # geared towards small exploit detection etc). |
| # |
| # VALUE IN BYTES NOT KB OR MB!!!! |
| # 0 = No size limit |
| # |
| # Default: |
| # MAXSCANSIZE 5000000 |
| |
| # |
| # Amount of data going to browser that is held back, until it |
| # is scanned. When we know file is clean, this held back data |
| # can be sent to browser. You can safely set bigger value, only |
| # thing you will notice is some "delay" in beginning of download. |
| # Virus found in files bigger than this might not produce HAVP |
| # error page, but result in a "broken" download. |
| # |
| # VALUE IN BYTES NOT KB OR MB!!!! |
| # |
| # Default: |
| # KEEPBACKBUFFER 200000 |
| |
| # |
| # This setting complements KEEPBACKBUFFER. It tells how many Seconds to |
| # initially receive data from server, before sending anything to client. |
| # Even trickling is not done before this time elapses. This way files that |
| # are received fast are more secure and user can get virus report page for |
| # files bigger than KEEPBACKBUFFER. |
| # |
| # Setting to 0 will disable this, and only KEEPBACKBUFFER is used. |
| # |
| # Default: |
| # KEEPBACKTIME 5 |
| |
| # |
| # After Trickling Time (seconds), some bytes are sent to browser |
| # to keep the connection alive. Trickling is not needed if timeouts |
| # are not expected for files smaller than KEEPBACKBUFFER, but it is |
| # recommended to set anyway. |
| # |
| # 0 = No Trickling |
| # |
| # Default: |
| # TRICKLING 30 |
| |
| # |
| # Send this many bytes to browser every TRICKLING seconds, see above |
| # |
| # Default: |
| # TRICKLINGBYTES 1 |
| |
| # |
| # Downloads larger than MAXDOWNLOADSIZE will be blocked. |
| # Only if not Whitelisted! |
| # |
| # VALUE IN BYTES NOT KB OR MB!!!! |
| # 0 = Unlimited Downloads |
| # |
| # Default: |
| # MAXDOWNLOADSIZE 0 |
| |
| # |
| # Space separated list of strings to partially match User-Agent: header. |
| # These are used for streaming content, so scanning is generally not needed |
| # and tempfiles grow unnecessary. Remember when enabled, that user could |
| # fake header and pass some scanning. HTTP Range requests are allowed for |
| # these, so players can seek content. |
| # |
| # You can uncomment here a list of most popular players. |
| # |
| # Default: NONE |
| # STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS |
| |
| # |
| # Bytes to scan from beginning of streams. |
| # When set to 0, STREAMUSERAGENT scanning will be completely disabled. |
| # It is not recommended as there are some exploits for players. |
| # |
| # Default: |
| # STREAMSCANSIZE 20000 |
| |
| # |
| # Disable mandatory locking (dynamic scanning) for certain file types. |
| # This is intended for fixing cases where a scanner forces use of mmap() |
| # call. Mandatory locking might not allow this, so you could get errors |
| # regarding memory allocation or I/O. You can test the "None" option |
| # anyway, as it might even work depending on your OS (some Linux seems |
| # to allow mand+mmap). |
| # |
| # Allowed values: |
| # None |
| # ClamAV:BinHex (mmap forced in all versions, no ETA for fix) |
| # ClamAV:PDF (mmap forced in all versions, no ETA for fix) |
| # ClamAV:ZIP (mmap forced in 0.93.x, should work in 0.94) |
| # AVG:ALL (AVG 8.5 does not work, uses mmap MAP_SHARED) |
| # |
| # Default: |
| # DISABLELOCKINGFOR ClamAV:BinHex ClamAV:PDF ClamAV:ZIP AVG:ALL |
| |
| # |
| # Whitelist specific viruses by case-insensitive substring match. |
| # For example, "Oversized." and "Encrypted." are good candidates, |
| # if you can't disable those checks any other way. |
| # |
| # Default: NONE |
| # IGNOREVIRUS Oversized. Encrypted. Phishing. |
| |
| |
| ##### |
| ##### ClamAV Library Scanner (libclamav) |
| ##### |
| |
| ENABLECLAMLIB true |
| |
| # HAVP uses libclamav hardcoded pattern directory, which usually is |
| # /usr/local/share/clamav. You only need to set CLAMDBDIR, if you are |
| # using non-default DatabaseDirectory setting in clamd.conf. |
| # |
| # Default: NONE |
| # CLAMDBDIR /path/to/directory |
| |
| # Should we block broken executables? |
| # |
| # Default: |
| # CLAMBLOCKBROKEN false |
| |
| # Should we block encrypted archives? |
| # |
| # Default: |
| # CLAMBLOCKENCRYPTED false |
| |
| # Should we block files that go over maximum archive limits? |
| # |
| # Default: |
| # CLAMBLOCKMAX false |
| |
| # Scanning limits? |
| # You can find some additional info from documentation or clamd.conf |
| # |
| # Stop when this many total bytes scanned (MB) |
| # CLAMMAXSCANSIZE 20 |
| # |
| # Stop when this many files have been scanned |
| # CLAMMAXFILES 50 |
| # |
| # Don't scan files over this size (MB) |
| # CLAMMAXFILESIZE 100 |
| # |
| # Maximum archive recursion |
| # CLAMMAXRECURSION 8 |
| |
| |
| ##### |
| ##### ClamAV Socket Scanner (clamd) |
| ##### |
| ##### NOTE: ClamAV Library Scanner should be preferred (less overhead) |
| ##### |
| |
| ENABLECLAMD false |
| |
| # Path to clamd socket |
| # |
| # Default: |
| # CLAMDSOCKET /tmp/clamd |
| |
| # ..OR if you use clamd TCP socket, uncomment to enable use |
| # |
| # Clamd daemon needs to run on the same server as HAVP |
| # |
| # Default: NONE |
| # CLAMDSERVER 127.0.0.1 |
| # CLAMDPORT 3310 |
| |
| |
| ##### |
| ##### F-Prot Socket Scanner |
| ##### |
| |
| ENABLEFPROT false |
| |
| # F-Prot daemon needs to run on same server as HAVP |
| # |
| # Default: |
| # FPROTSERVER 127.0.0.1 |
| # FPROTPORT 10200 |
| |
| # F-Prot options (only for version 6+ !) |
| # |
| # See "fpscand-client.sh --help" for possible options. |
| # |
| # At the moment: |
| # --scanlevel=<n> Which scanlevel to use, 0-4 (2). |
| # --heurlevel=<n> How aggressive heuristics should be used, 0-4 (2). |
| # --archive=<n> Scan inside supported archives n levels deep 1-99 (5). |
| # --adware Instructs the daemon to flag adware. |
| # --applications Instructs the daemon to flag potentially unwanted applications. |
| # |
| # Default: NONE |
| # FPROTOPTIONS --scanlevel=2 --heurlevel=2 |
| |
| |
| ##### |
| ##### AVG Socket Scanner |
| ##### |
| |
| ENABLEAVG false |
| |
| # AVG daemon needs to run on the same server as HAVP |
| # |
| # Default: |
| # AVGSERVER 127.0.0.1 |
| # AVGPORT 55555 |
| |
| |
| ##### |
| ##### Kaspersky Socket Scanner |
| ##### |
| |
| ENABLEAVESERVER false |
| |
| # Path to aveserver socket |
| # |
| # Default: |
| # AVESOCKET /var/run/aveserver |
| |
| |
| ##### |
| ##### Sophos Scanner (Sophie) |
| ##### |
| |
| ENABLESOPHIE false |
| |
| # Path to sophie socket |
| # |
| # Default: |
| # SOPHIESOCKET /var/run/sophie |
| |
| |
| ##### |
| ##### Trend Micro Library Scanner (Trophie) |
| ##### |
| |
| ENABLETROPHIE false |
| |
| # Scanning limits inside archives (filesize = MB): |
| # |
| # Default: |
| # TROPHIEMAXFILES 50 |
| # TROPHIEMAXFILESIZE 10 |
| # TROPHIEMAXRATIO 250 |
| |
| |
| ##### |
| ##### NOD32 Socket Scanner |
| ##### |
| |
| ENABLENOD32 false |
| |
| # Path to nod32d socket |
| # |
| # For 3.0+ version, try /tmp/esets.sock |
| # |
| # Default: |
| # NOD32SOCKET /tmp/nod32d.sock |
| |
| # Used NOD32 Version |
| # |
| # 30 = 3.0+ |
| # 25 = 2.5+ |
| # 21 = 2.x (very old) |
| # |
| # Default: |
| # NOD32VERSION 25 |
| |
| |
| ##### |
| ##### Avast! Socket Scanner |
| ##### |
| |
| ENABLEAVAST false |
| |
| # Path to avastd socket |
| # |
| # Default: |
| # AVASTSOCKET /var/run/avast4/local.sock |
| |
| # ..OR if you use avastd TCP socket, uncomment to enable use |
| # |
| # Avast daemon needs to run on the same server as HAVP |
| # |
| # Default: NONE |
| # AVASTSERVER 127.0.0.1 |
| # AVASTPORT 5036 |
| |
| |
| ##### |
| ##### Arcavir Socket Scanner |
| ##### |
| |
| ENABLEARCAVIR false |
| |
| # Path to arcavird socket |
| # |
| # For version 2008, default socket is /var/run/arcad.ctl |
| # |
| # Default: |
| # ARCAVIRSOCKET /var/run/arcavird.socket |
| |
| # Used Arcavir version |
| # 2007 = Version 2007 and earlier |
| # 2008 = Version 2008 and later |
| # |
| # Default: |
| # ARCAVIRVERSION 2007 |
| |
| |
| ##### |
| ##### DrWeb Socket Scanner |
| ##### |
| |
| ENABLEDRWEB false |
| |
| # Enable heuristic scanning? |
| # |
| # Default: |
| # DRWEBHEURISTIC true |
| |
| # Enable malware detection? |
| # (Adware, Dialer, Joke, Riskware, Hacktool) |
| # |
| # Default: |
| # DRWEBMALWARE true |
| |
| # Path to drwebd socket |
| # |
| # Default: |
| # DRWEBSOCKET /var/drweb/run/.daemon |
| |
| # ..OR if you use drwebd TCP socket, uncomment to enable use |
| # |
| # DrWeb daemon needs to run on the same server as HAVP |
| # |
| # Default: NONE |
| # DRWEBSERVER 127.0.0.1 |
| # DRWEBPORT 3000 |
| |