diff options
| author | Chris Rees <crees@FreeBSD.org> | 2011-12-01 20:01:57 +0000 |
|---|---|---|
| committer | Chris Rees <crees@FreeBSD.org> | 2011-12-01 20:01:57 +0000 |
| commit | 1364ce516020d38868d4c5ddc6d89fc9ca28e9d3 (patch) | |
| tree | 505e1ab089f7fb39ed60f64d72ec8f64f4a65d4b /security | |
| parent | 1c95eb09af354255b5a80e01727efa0fed55e8d8 (diff) | |
| download | ports-1364ce516020d38868d4c5ddc6d89fc9ca28e9d3.tar.gz ports-1364ce516020d38868d4c5ddc6d89fc9ca28e9d3.zip | |
Scannedonly is a samba VFS module and a scanning daemon that ensure that only
files that have been scanned for viruses are visible and accessible to the end
user.
Scannedonly was developed because of scalability problems with samba-vscan: high
server loads when (the same) files were requested often, and timeouts when large
zip files were requested. Scannedonly doesn't have these problems, but it does
introduce some other issues. Choose the product that suits you best.
Scannedonly is available under the open source GPL licence. The source code
repository is available on Sourceforge.
WWW: http://olivier.sessink.nl/scannedonly/
PR: ports/154202
Submitted by: girald@etcom.ufrgs.br
Feature safe: yes
Notes
Notes:
svn path=/head/; revision=286739
Diffstat (limited to 'security')
| -rw-r--r-- | security/Makefile | 1 | ||||
| -rw-r--r-- | security/scannedonly/Makefile | 86 | ||||
| -rw-r--r-- | security/scannedonly/distinfo | 2 | ||||
| -rw-r--r-- | security/scannedonly/files/scannedonly.in | 33 | ||||
| -rw-r--r-- | security/scannedonly/pkg-descr | 13 | ||||
| -rw-r--r-- | security/scannedonly/pkg-message | 11 |
6 files changed, 146 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile index 285e88a38ceb..c593b141c2ce 100644 --- a/security/Makefile +++ b/security/Makefile @@ -769,6 +769,7 @@ SUBDIR += scamp SUBDIR += scanhill SUBDIR += scanlogd + SUBDIR += scannedonly SUBDIR += scanssh SUBDIR += scrypt SUBDIR += seahorse diff --git a/security/scannedonly/Makefile b/security/scannedonly/Makefile new file mode 100644 index 000000000000..b9d7f6e9bcd5 --- /dev/null +++ b/security/scannedonly/Makefile @@ -0,0 +1,86 @@ +# New ports collection makefile for: scannedonly +# Date created: 20 January 2011 +# Whom: girald@etcom.ufrgs.br +# +# $FreeBSD$ +# + +PORTNAME= scannedonly +PORTVERSION= 0.21 +CATEGORIES= security +MASTER_SITES= http://olivier.sessink.nl/scannedonly/ + +MAINTAINER= girald@etcom.ufrgs.br +COMMENT= A Samba VFS virus scanning daemon + +LICENSE= GPLv2 + +LIB_DEPENDS= clamav:${PORTSDIR}/security/clamav +RUN_DEPENDS= ${LOCALBASE}/bin/clamdscan:${PORTSDIR}/security/clamav \ + smbd:${PORTSDIR}/${SAMBA_PORT} +BUILD_DEPENDS+= smbd:${PORTSDIR}/${SAMBA_PORT} + +CONFIGURE_ARGS+=--with-samba-vfs-dir=${PREFIX}/lib/samba/vfs +GNU_CONFIGURE= yes +USE_GMAKE= yes +USE_RC_SUBR= ${PORTNAME} +LDFLAGS+= -L${LOCALBASE}/lib +CFLAGS+= -I${LOCALBASE}/include + +.include <bsd.port.options.mk> + +.if exists(${LOCALBASE}/sbin/smbd) +SAMBA_VERSION!= ${LOCALBASE}/sbin/smbd --version | ${CUT} -d ' ' -f 2 +.else +SAMBA_VERSION?= 3.6 +.endif + +SAMBA_PORT?= net/samba${SAMBA_VERSION:C/([0-9]*)\.([0-9]*).*/\1\2/} + +# If samba34 is installed, we need the sources from samba. +# We don't if samba3[56] is installed. +# http://olivier.sessink.nl/scannedonly/faq.html +.if ${SAMBA_PORT} == net/samba34 +BUILD_DEPENDS+= ${NONEXISTENT}:${PORTSDIR}/${SAMBA_PORT}:configure +CONFIGURE_ARGS+=\ + --with-samba-source=${WRKDIR}/../../../${SAMBA_PORT}/work/samba-${SAMBA_VERSION}/source3 +USE_AUTOTOOLS= autoconf +.endif + +PLIST_FILES= sbin/scannedonlyd_clamav \ + bin/scannedonly_prescan +.if ${SAMBA_PORT} == net/samba34 +PLIST_FILES+= lib/samba/vfs/scannedonly.so +PLIST_DIRS= lib/samba/vfs \ + lib/samba +.endif +MAN8= ${PORTNAME}_prescan.8 \ + ${PORTNAME}d_clamav.8 +MANCOMPRESSED= yes + +# Hackery to avoid death for non-obvious reasons if detected +# SAMBA_VERSION doesn't match the PORTVERSION of samba in ports +pre-everything:: +.if ${SAMBA_PORT} == net/samba34 + @if [ "$$(${MAKE} -C ${PORTSDIR}/${SAMBA_PORT} -V PORTVERSION)" \ + != "${SAMBA_VERSION}" ] ; \ + then ${ECHO_MSG} -n "==> Bailing. Version of Samba on system is "; \ + ${ECHO_MSG} "${SAMBA_VERSION}, which does not match" ; \ + ${ECHO_MSG} " that in ports. Please update Samba and try again." ; \ + ${FALSE} ; \ + fi +.endif + +post-patch: + @${REINPLACE_CMD} \ + -e 's|/var/lib/scannedonly/scan|/var/run/scannedonlyd.sock|g' \ + ${WRKSRC}/man/scannedonly_prescan.8 \ + ${WRKSRC}/py/scannedonlyd.py \ + ${WRKSRC}/src/vfs_scannedonly.c \ + ${WRKSRC}/src/scannedonly_prescan.c \ + ${WRKSRC}/src/scannedonlyd_clamav.c + +post-install: + @${CAT} ${PKGMESSAGE} + +.include <bsd.port.mk> diff --git a/security/scannedonly/distinfo b/security/scannedonly/distinfo new file mode 100644 index 000000000000..f36ebe62f82f --- /dev/null +++ b/security/scannedonly/distinfo @@ -0,0 +1,2 @@ +SHA256 (scannedonly-0.21.tar.gz) = 20601c0466034cc250ded1a16d737451cfbe05fbcaf4f667ff25fe004bd1340e +SIZE (scannedonly-0.21.tar.gz) = 80148 diff --git a/security/scannedonly/files/scannedonly.in b/security/scannedonly/files/scannedonly.in new file mode 100644 index 000000000000..744943d8c3e5 --- /dev/null +++ b/security/scannedonly/files/scannedonly.in @@ -0,0 +1,33 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: scannedonly +# REQUIRE: LOGIN clamd +# BEFORE: mail +# KEYWORD: shutdown + +# +# Add the following lines to /etc/rc.conf to enable the scannedonly daemon: +# +# scannedonly_clamav_enable="YES" +# scannedonly_clamav_flags="<set as needed>" +# +# See scannedonlyd_clamav(1) for flags +# + +. /etc/rc.subr + +name=scannedonly_clamav +rcvar=`set_rcvar` + +command=%%PREFIX%%/sbin/scannedonlyd_clamav +pidfile=/var/run/scannedonlyd_clamav.pid +command_args="--pidfile ${pidfile}" + +# read settings, set default values +load_rc_config "$name" +: ${scannedonly_clamav_enable="NO"} + +run_rc_command "$1" diff --git a/security/scannedonly/pkg-descr b/security/scannedonly/pkg-descr new file mode 100644 index 000000000000..08a7a886ef6a --- /dev/null +++ b/security/scannedonly/pkg-descr @@ -0,0 +1,13 @@ +Scannedonly is a samba VFS module and a scanning daemon that ensure that only +files that have been scanned for viruses are visible and accessible to the end +user. + +Scannedonly was developed because of scalability problems with samba-vscan: high +server loads when (the same) files were requested often, and timeouts when large +zip files were requested. Scannedonly doesn't have these problems, but it does +introduce some other issues. Choose the product that suits you best. + +Scannedonly is available under the open source GPL licence. The source code +repository is available on Sourceforge. + +WWW: http://olivier.sessink.nl/scannedonly/ diff --git a/security/scannedonly/pkg-message b/security/scannedonly/pkg-message new file mode 100644 index 000000000000..d32606b10e5a --- /dev/null +++ b/security/scannedonly/pkg-message @@ -0,0 +1,11 @@ +************************************************** +* WARNING! * +* * +* Make sure you've enough socker buffer size. * +* Consider increasing kern.ipc.maxsockbuf adding * +* at least the following sysctl setting to * +* /etc/sysctl.conf: * +* * +* kern.ipc.maxsockbuf=589824 * +* * +************************************************** |