Name: havp
Version: 0.92
Release: alt1.M60P.1
Summary: (HTTP Antivirus Proxy) is a proxy with anti-virus scanner
License: GPL
Group: System/Servers
Url: http://www.server-side.de
Source: http://havp.hege.li/download/%name-%version.tar
Source1: havp.init
Source2: havp_spool_disk.config
Source3: havp_README.ALT.txt
Patch0: %name-%version-alt.patch
Packager: Slava Dubrovskiy <dubrsl@altlinux.ru>
Summary(ru_RU.UTF8): Прокси сервер с антивирусным сканированием трафика
Requires: clamav-freshclam
BuildPreReq: libssl-devel zlib-devel
# Automatically added by buildreq on Wed Jun 13 2007
BuildRequires: gcc-c++ libclamav-devel
%description
The main aims are continuous, non-blocking downloads and smooth scanning
of dynamic and password protected HTTP traffic. Havp antivirus proxy has
a parent and transparent proxy mode. It can be used with squid or standalone.
%description -l ru_RU.UTF8
Основная цель: - прозрачное антивирусное сканирование HTTP трафика.
Может работать как родительский или прозрачный прокси сервер.
Может использоваться со сквидом или автономно.
Поддерживает такие антивирусы:
- ClamAV through libclamav (используется по умолчанию)
- ClamAV through clamd
- Kaspersky (aveserver daemon)
- Trend Micro (Trophie)
- AVG
- F-Prot
- NOD32
- Sophos (необходима пересборка с библиотекой)
%prep
%setup -q
%patch0 -p1
find %_builddir/%name-%version/etc/%name -type d -print0 | xargs -r0 chmod 755
find %_builddir/%name-%version/etc/%name -type f -print0 | xargs -r0 chmod 644
# HAVP 0.92a - security fix
sed "s|^\*sourceforge.net|*.sourceforge.net|" -i %_builddir/%name-%version/%_sysconfdir/%name/whitelist
sed "s|^# \*server-side.de|# *.server-side.de|" -i %_builddir/%name-%version/%_sysconfdir/%name/whitelist
%build
%configure --localstatedir=/var --enable-ssl-tunnel
%make_build
%install
%make DESTDIR=%buildroot install
%__mkdir_p %buildroot%_logdir/%name
%__mkdir_p %buildroot%_spooldir/%name
%__mkdir_p %buildroot%_var/run/%name
%__mkdir_p %buildroot%_initrddir
%__mkdir_p %buildroot%_sysconfdir/logrotate.d
%__install -p -m 755 %SOURCE1 %buildroot%_initrddir/havp
%__install -p -m 640 etc/havp/havp.config %buildroot%_sysconfdir/%name/havp.config
%__install -p -m 640 %SOURCE2 %buildroot%_sysconfdir/%name/spool_disk.config
%__install -p -m 644 %SOURCE3 README.ALT
%__cat << EOF > %buildroot%_sysconfdir/logrotate.d/havp
/var/log/havp/access.log {
create 644 root havp
weekly
rotate 5
copytruncate
compress
notifempty
missingok
}
/var/log/havp/havp.log {
create 644 root havp
weekly
rotate 5
copytruncate
compress
notifempty
missingok
postrotate
/sbin/service havp reload >/dev/null
endscript
}
EOF
%pre
/usr/sbin/groupadd -r -f %name &> /dev/null ||:
/usr/sbin/useradd -r -g %name -d /dev/null -c 'Proxy with antivirus scan' -s /dev/null -n %name &> /dev/null ||:
%post
%post_service %name
%preun
%preun_service %name
%postun
%files
%doc ChangeLog INSTALL COPYING README.ALT
%_sbindir/*
%config %_initrddir/%name
%config %_sysconfdir/logrotate.d/*
%_sysconfdir/%name/%name.config.default
%config(noreplace) %verify(not md5 size mtime) %_sysconfdir/%name/%name.config
%config(noreplace) %verify(not md5 size mtime) %_sysconfdir/%name/spool_disk.config
%config(noreplace) %verify(not md5 size mtime) %_sysconfdir/%name/whitelist
%config(noreplace) %verify(not md5 size mtime) %_sysconfdir/%name/blacklist
%config(noreplace) %verify(not md5 size mtime) %_sysconfdir/%name//templates/*/*
%dir %_sysconfdir/%name/templates
%dir %_sysconfdir/%name/templates/*
%dir %attr(750,root,%name) %_sysconfdir/%name
%dir %attr(775,root,%name) %_var/run/%name
%dir %attr(2770,root,%name) %_spooldir/%name
%dir %attr(3770,%name,root) %_logdir/%name
%changelog
* Thu Mar 10 2016 Sergey Y. Afonin <asy@altlinux.ru> 0.92-alt1.M60P.1
- NMU: rebuilt with libclamav.so.7
* Thu Dec 03 2015 Sergey Y. Afonin <asy@altlinux.ru> 0.92-alt2
- applied security fix from 0.92a
* Wed Apr 17 2013 Dmitry V. Levin (QA) <qa_ldv@altlinux.org> 0.92-alt1.qa1
- NMU: rebuilt for debuginfo.
* Tue Jul 27 2010 Slava Dubrovskiy <dubrsl@altlinux.org> 0.92-alt1
- Update to 0.92
+ Add SCANMIME and SKIPMIME options
+ Add TIMEFORMAT option
+ Add VIRUSLOG option
+ Add PARENTUSER/PARENTPASSWORD (thanks to James Brotchie)
+ DISABLELOCKINGFOR default has changed in favor of ClamAV 0.96,
it only contains AVG:ALL now
* Tue Jul 20 2010 Slava Dubrovskiy <dubrsl@altlinux.org> 0.91-alt2
- Remove packages-info-i18n-common
* Tue Aug 11 2009 Slava Dubrovskiy <dubrsl@altlinux.org> 0.91-alt1
- Update to 0.91
+ Fix possible segfault on dns lookups (thanks Gavin McCullagh)
+ Fix compiling with gcc 4.4
+ Support AVG version 8.5 (default AVGPORT 54322) (thanks Markus Wigge)
* Thu Jun 25 2009 Slava Dubrovskiy <dubrsl@altlinux.org> 0.90-alt2
- Rebuild with new clamav
* Mon May 11 2009 Slava Dubrovskiy <dubrsl@altlinux.org> 0.90-alt1
- Update to 0.90
+ ClamAV library 0.95 support (recompile needed)
+ Support NOD32 version 3 (set NOD32VERSION 30 in config)
+ Add PRELOADZIPHEADER config (Squid 3.x might not work if enabled)
+ Add SYSLOGVIRUSLEVEL config
- Switch to git
- Fix build with gcc4.4
* Thu Sep 11 2008 Slava Dubrovskiy <dubrsl@altlinux.org> 0.89-alt1
- Update to 0.89
+ Fix possible retry loop and hang (thanks to Peter Warasin @ endian.it)
+ Always send Via: header, fixes some IIS problems (e.g. MSNBC)
- Convert spec to UTF8
* Thu Apr 17 2008 Slava Dubrovskiy <dubrsl@altlinux.org> 0.88-alt1
- Update to 0.88
+ ClamAV library 0.93 support (new option CLAMMAXSCANSIZE)
+ CLAMMAXFILESIZE default is now 100MB (so 0.93 even starts scanning big files)
+ Fix random seed issue (ClamAV generated some temporary file errors)
+ Added DISABLELOCKINGFOR config (fix for ZIP handling in ClamAV 0.93)
+ Arcavir version 2008 support (set ARCAVIRVERSION)
+ Log scanner errors to errorlog
+ Relaxed SSL/CONNECT port limits
(It is _not_ recommended to use --enable-ssl-tunnel, you should use Squid)
- Convert README.ALT from koi8-r to utf8
* Tue Feb 19 2008 Slava Dubrovskiy <dubrsl@altlinux.org> 0.87-alt1
- Update %name-%version-alt.patch
- Update to 0.87
+ DrWeb scanner support
+ F-Prot support for v6.0 added (also check FPROTOPTIONS)
+ If false, X_FORWARDED_FOR drops also Via: header for privacy
+ Fix Avast and AVG bugs
+ Templates support <!--url--> and <!--clientip--> tags
+ Uses supplementary groups for user if defined
+ Added TRICKLINGBYTES config
+ Reduced *MAXFILES settings to 50 for performance
+ Add missing HTTP methods (MKACTIVITY, CHECKOUT, MERGE)
* Wed Jun 13 2007 Slava Dubrovskiy <dubrsl@altlinux.org> 0.86-alt1
- Update to 0.86
- Add patch %name-%version-alt.patch
- Move %_datadir/templates to %_sysconfdir/%name/
+ Experimental support for chunked Transfer-Encoding, fixes some broken sites
+ Added IGNOREVIRUS config for whitelisting virus names
+ Added CLAMBLOCKBROKEN config
+ HAVP is killed if database reloading fails for Library Scanner
+ Log URL when crashed scanner process detected, for troubleshooting
+ Build system updated (--prefix --sbindir --sysconfdir --localstatedir)
* Thu Mar 01 2007 Slava Dubrovskiy <dubrsl@altlinux.org> 0.85-alt1
- Add --prefix=/ in %%configure
* Wed Feb 28 2007 Slava Dubrovskiy <dubrsl@altlinux.org> 0.85-alt0
- Update to 0.85
+ Added support for ClamAV 0.90 library
* Thu Jan 25 2007 Slava Dubrovskiy <dubrsl@altlinux.ru> 0.84-alt0
- Update to 0.84
+ Fix bug in tcp buffer, requests could leak to other clients sometimes
+ Support for multiple IPs in hostnames, all are tried if necessary
+ Pass Proxy-Authorization header to parent proxy (thanks Mateus)
+ Ignore scanner errors if MAXSCANSIZE reached (thanks Vittorio)
+ Default for MAXSCANSIZE 5000000, not suggested to be 0 anymore
* Thu Dec 21 2006 Slava Dubrovskiy <dubrsl@altlinux.ru> 0.83-alt1
- Change Requires: clamav -> clamav-freshclam
* Thu Oct 19 2006 Slava Dubrovskiy <dubrsl@altlinux.ru> 0.83-alt0
- Update to 0.83
- Fix #10159, #10162
* Fri Sep 15 2006 Slava Dubrovskiy <dubrsl@altlinux.ru> 0.82-alt0
- Update to 0.82
- Improved ZIP handling (header pre-fetch, scans ZIPs larger than MAXSCANSIZE)
- Added SCANIMAGES config
- Ignore RAR errors from clamd
- Fixes to HTTP header handling
- Added syslog logging option
- Signal HUP re-opens logfiles, making rotation possible
- Fixed binding to low ports (<1024)
- Fixed FreeBSD, downloads that took longer than TRICKLING did not work
- Experimental FreeBSD support (no mandatory locking, KEEPBACK not supported!)
- Avast! scanner support
- Added MAXDOWNLOADSIZE config
- Added X_FORWARD_FOR config to control the header
- Added some archive scanning parameters for Trophie
- Added TCP support for clamd
- Ignore RAR errors from ClamAV (use ClamAV-devel if you want to scan RARv3)
- Fixed bug in socket buffer, sometimes caused nasty effects with POST etc.
- Fixed KeepAlive for HTTP/1.1 clients, now on by default
- Access logging format changed a bit
* Mon Apr 10 2006 Slava Dubrovskiy <dubrsl@altlinux.ru> 0.79-alt0
- update to 0.79
- MULTIPLE SCANNER SUPPORT! (see havp.config how to enable scanners)
- NOD32, Sophos and Clamd scanner support
- Parentproxy error on SSL tunneling is passed to browser
- Whitelisted sites can use HTTP Range requests (for Windowsupdate..)
- Added STREAMUSERAGENT/STREAMSCANSIZE config to reduce stream scanning
- Added SCANNERTIMEOUT option to catch scanners gone wild
- Added scanning options for ClamLib
* Thu Mar 30 2006 Slava Dubrovskiy <dubrsl@altlinux.ru> 0.78-alt1
- Change BIND_ADDRESS "NULL" to BIND_ADDRESS "127.0.0.1" as default
- Change stop priority to 9
* Tue Mar 14 2006 Slava Dubrovskiy <dubrsl@altlinux.ru> 0.78-alt0
- update to 0.78
- Added TEMPDIR, LOGLEVEL, FAILSCANERROR and WHITELISTFIRST config
- KEEPBACKTIME config added to complement KEEPBACKBUFFER setting
- Basic HTTP Keep-Alive support, improves network performance
- HTTPS/SSL tunneling support
- FTP is supported when FTP supporting parent proxy is used
- Logging improved
- Added reload-lists in %_initrddir/%name
* Mon Mar 06 2006 Slava Dubrovskiy <dubrsl@altlinux.ru> 0.77-alt1
- Add mount in loop
- Add REDME.ALT
* Wed Mar 01 2006 Slava Dubrovskiy <dubrsl@altlinux.ru> 0.77-alt0
- initial build