http://forum.pfsense.org/index.php?topic=1352.0

Updated HAVP, works with current ClamAV package. Should hit CVS any time now.

raj

@clamothe:

wow..  i just realised that I forgot to install pfsense on my HD, and I was running it off livecd for the past two weeks lol, thanks tho

update: Okay I have it installed on my HD now.  I'm looking at packages, but the list is limited.. how do I install lighttpd?  I don't see a package upload either.  I ssh'd in and did pkg_add -r http://pfsense.org/packages/All/lighttpd-1.4.11.tbz ala freebsd, and it installed fine, but there's no gui element installed.

Lighttpd alredy installed - this system package - WebGUI worked in them

type pkg_info - you see all installed FreeBSD packages. But this not some WebGui packages list. InWebGUI you can see users packages and can't see system packages.

Hi,
When I go to "Service"–>"Clamav"
The page show a follow error:
Warning: Invalid argument supplied for foreach() in /usr/local/www/pkg_edit.php on line 326
How I to do?
Thanks a lot.

http://forum.pfsense.org/index.php?topic=1352.0

http://forum.pfsense.org/index.php?topic=1352.0

The installed package tab will show new versions.

OK, so that's the case thnx!
I'll try BETA 4 :)

I found out why it wasn't working.
The "Allow DNS server list to be overridden by DHCP/PPP on WAN" option was enabled in the "System: General Setup" menu.

FreeRADIUS is marked as broken.  Surely you dont' expect something marked as broken to work!?

@freeseacher:

@billm:

It's likely that pfflowd is only counting stuff that matches state.  Retransmits that got dropped for whatever reason likely don't add to the flow numbers it retains.

pfflowd gets it's data from pfsync - I don't believe it maintains a table of inflight flows, I'm pretty sure it gets it's data from the state teardown messages.  So, the data comes directly from the PF state entry which means only data that pf forwarded itself.

–Bill

rules for pf was
pass any in keep-state
pass any out keep-state

is there someting to miss ?

Yes, my point ;)

Not all packets in a given TCP flow will be considered "in state".  Consider out of window packets, out of sequence window packets (stuff that's been ack'd and had data past it acked, but was retransmitted all the same).  "normal" TCP communications do have packets that will get blocked.  I'm reasonably confident that those packets will not cound against the PF byte count for that flow.  The easiest way to determine that is to see if the PF byte count more closely matches that of the file(s) that were transferred.  If it's under, then there's a bug somewhere, if it's over, but over by less than the other accounting types (ng_netflow is going to get all packets regardless of whether pf blocks it) then it's not a bug per se, you just have to understand what/where you're monitoring.

–Bill

thanks a lot Sullrich, it's OK now  ;)

Fernando is working on it but there is no ETA.

Hi,

I have made a clamav package, it's not complete as yet and I have not added any web gui for starting or stopping or for other options in config files. As of now you can just test it from command line by running clamscan. The actual use for clamscan is for havp. As of now havp has experimental FreeBSD support and I am working on packaging it for FreeBSD. In the mean time pl test the clamav package. This is my first stab at packaging some thing for pfSense, so there will be lot's of things that can be improved.

raj

I am posting the clamav section from pkg_config.xml and the package configuration files.

          <package><name>clamav</name>           <website>http://www.clamav.net/</website>           <descr>Opensource anti virus</descr>           <category>Services</category>           <config_file>http://agni.linuxense.com/packages/config/clamav.xml</config_file>           <depends_on_package_base_url>http://ftp13.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/All</depends_on_package_base_url>           <depends_on_package>clamav-0.87.tbz</depends_on_package>           <version>0.1</version>           <status>BETA</status>           <maintainer>raj@linuxense.com</maintainer>           <configurationfile>clamav.xml</configurationfile>           <logging><facilityname>clamav</facilityname>                 <logfilename>clamav.log</logfilename></logging></package>

config.xml

<packagegui><name>clamav</name>         <version>0.1</version>         <title>ClamAV: Settings</title>         <include_file>/usr/local/pkg/clamav.inc</include_file>         <service><name>clamav</name>                 <rcfile>/usr/local/etc/rc.d/clamav.sh</rcfile></service>         <additional_files_needed><prefix>/usr/local/pkg/</prefix>             <chmod>0755</chmod>             http://agni.linuxense.com/packages/config/clamav.inc</additional_files_needed>         <custom_php_install_command>clamav_install_command();</custom_php_install_command>         <custom_php_deinstall_command>clamav_deinstall_command();</custom_php_deinstall_command>         <custom_delete_php_command>sync_package_clamav();</custom_delete_php_command>         <custom_php_resync_config_command>sync_package_clamav();</custom_php_resync_config_command>         <custom_add_php_command>sync_package_clamav();</custom_add_php_command></packagegui>

clamav.inc

function sync_package_clamav() {         conf_mount_rw();         config_lock();         global $config;         $start = "/usr/local/sbin/clamd &\n";         $stop  = "/usr/bin/killall clamd\n" .         "sleep 2";         write_rcfile(array(                           "file" => "clamav.sh",                           "start" => $start,                           "stop" =>  $stop                           )                     );         conf_mount_ro();         config_unlock();         mwexec("killall -HUP cron");         mwexec("/usr/local/etc/rc.d/clamav.sh stop");         mwexec("/usr/local/etc/rc.d/clamav.sh start"); } function clamav_install_command() {         global $config, $g;         mwexec ("mkdir -p /var/db/clamav");         mwexec ("/usr/local/bin/freshclam");         sync_package_clamav(); } function clamav_deinstall_command() {         global $config, $g;         conf_mount_rw();         unlink_if_exists("/usr/local/etc/rc.d/clamav.sh");         unlink_if_exists("/var/db/clamav/daily.cvd");         unlink_if_exists("/var/db/clamav/main.cvd");         unlink_if_exists("/var/db/clamav");         conf_mount_ro(); } ?>

and this command line wiil not work?

php pkg_mgr_install.php?id=packagename

Yep, thats about it in a nutshell.

@Aderium:

Add spam trap E-mail address:

if I add a spamtrap email called spamtrap@mydomain.com do I also need to create such user in my email server ?

No, basically if a email address is the to: address then SpamD knowns to add this servers IP to the trapped database and then further connections from that mail server will be trapped in a great tarpit which looks like a 110 baud modem communication, wasting the cpu cycles of the mail server in question.  It's neat.

@Aderium:

nextMTA

my internal ip address for mailserver is 10.1.10.10  is this the IP I would add to nextMTA ?

Yep.

Install http://pfsense.com/~sullrich/SpamDOutlookAlpha/SpamD.msi . It will add the outlook plugin. You also need to have SpamD package installed at your pfSense of course.

@ronnieredd:

Excuse me? Why am I making you click dozens of forums? Did I do something wrong? If so, I'm sorry. Please do elaborate.

13 packages plus the existing dozen or so forums makes for dozens of forums.  I'm old enough to remember and use BBS's, yet I still prefer email - I can sort and filter my inbox based on what I choose to read.  Which means more time spent on email worth replying to.  More forums split the attention the developers (who are still the primary support - although a few souls have certainly stepped up and chipped in on the support from) leaving us with less time to write code.  Until a package becomes enough of a nuisance filling the existing packages forum, it's really not worth splitting it out.

–Bill

PS. wut sullrich and hoba said