Dansguardian package for 2.0

sgirard

I recently upgraded to pfSense 2.1 and am having trouble with the DansGuardian package.

I noticed that the "Denied Access" page was not rendering the correct html from the Report File text box under the Report and Log tab.

It appears the DansGuardian package 2.12.0.3  v.0.1.8 on my system is writing the Report File html to this location:
/usr/local/share/dansguardian/languages/ukenglish/template.html

But on pfSense 2.1, the DansGuardian package is using this location for the Access Denied html:
/usr/pbi/dansguardian-amd64/share/dansguardian/languages/ukenglish/template.html

bryan.paradis recommended that I create a symlink to the file managed by the web gui:
https://forum.pfsense.org/index.php/topic,73058.msg398551.html#msg398551

It seems to me that a reinstall of Dans Guardian will overwrite the symlink. I also have concerns that changes to my ACLs may not be working correctly, but I have not completed extensive testing yet.

Is this issue something you are already aware of, or could it be unique to my system? The system is a Netgate 7451 upgraded to 2.1-RELEASE (amd64) using the web interface for Firmware Update.

bryan.paradis

Hey marcelloc,

Looks like here you pass the dansguardian_dir to $dg_dir when creating dansguardianfx.conf.

#dansguardian.inc
$dg_dir=DANSGUARDIAN_DIR;
		include("/usr/local/pkg/dansguardianfx.conf.template");
		file_put_contents($dansguardian_dir."/dansguardianf".$count.".conf", $dgf, LOCK_EX);

#dansguardian.conf.template
languagedir = '{$dg_dir}/share/dansguardian/languages'

# language to use from languagedir.
language = '{$reportlanguage}'

This will reference the pbi directory but in the php code below as you can see it isn't referencing the dansguardian_dir thus not referencing the pbi folder which is being set as the path in the conf file.

#log report
	if ($dansguardian_log['report_file']=="" && file_exists("/usr/local/share/dansguardian/languages/".$reportlanguage."/template.html")){
		$report_file=file_get_contents("/usr/local/share/dansguardian/languages/".$reportlanguage."/template.html");
		$report_file=preg_replace('/<.*(html|head)>/','',$report_file);
		$config['installedpackages']['dansguardianlog']['config'][0]['report_file']=base64_encode($report_file);
		$dansguardian_log['report_file']=base64_encode($report_file);
		$load_samples++;

And

#dansguardian.inc
#Create report template
	if (is_dir("/usr/local/share/dansguardian/languages/".$reportlanguage)) 
		file_put_contents("/usr/local/share/dansguardian/languages/".$reportlanguage."/template.html",dg_text_area_decode($dansguardian_log['report_file']),LOCK_EX);

dansguardian_dir needs to be appended to the front of the paths

Lines 927-928

if (is_dir(DANSGUARDIAN_DIR."/usr/local/share/dansguardian/languages/".$reportlanguage)) 
		file_put_contents(DANSGUARDIAN_DIR."/usr/local/share/dansguardian/languages/".$reportlanguage."/template.html",dg_text_area_decode($dansguardian_log['report_file']),LOCK_EX);

Lines 694-695

#dansguardian.inc
	if ($dansguardian_log['report_file']=="" && file_exists(DANSGUARDIAN_DIR."/usr/local/share/dansguardian/languages/".$reportlanguage."/template.html")){
		$report_file=file_get_contents(DANSGUARDIAN_DIR."/usr/local/share/dansguardian/languages/".$reportlanguage."/template.html");

Update: Nevermind looks like they are already symlinked on a fresh install I am not sure why sgirard had a problem in the first place  :-X Though I suppose it could be cleaned up considering you are setting the path based on what pfversion is running already?

[2.1-RELEASE][root@pfsense.localdomain]/usr/local/share/dansguardian/languages/ukenglish(15): ls -la
total 3
drwxr-xr-x   2 root  wheel   512 Feb 25 06:45 .
drwxr-xr-x  29 root  wheel  1024 Feb 25 06:45 ..
lrwxr-xr-x   1 root  wheel    87 Feb 25 06:45 fancydmtemplate.html -> /usr/pbi/dansguardian-amd64/share/dansguardian/languages/ukenglish/fancydmtemplate.html
lrwxr-xr-x   1 root  wheel    75 Feb 25 06:45 messages -> /usr/pbi/dansguardian-amd64/share/dansguardian/languages/ukenglish/messages
lrwxr-xr-x   1 root  wheel    80 Feb 25 06:45 template.html -> /usr/pbi/dansguardian-amd64/share/dansguardian/languages/ukenglish/template.html

cnd.fflv

Hi there.

Is there any way to put timeframe in DG?

I need to block access for certain users to certain sites. For example, users in DG group "office" are not allowed to access social nets and web-videos at working hours. Outside working hours they can.

Can I do that in DG itself or need to use FW rules or Squidguard along with it?

Thanks.

cirkit

https://forum.pfsense.org/index.php?topic=67066.0

Pistolero

Hola Marcelo!

Just saw that there is a new version on DG for download in the package manager. Can you please provide a changelog? Has the missing  CLAMAV issue been corrected in this new package?

Thanks!

F.

Cino

@Pistolero:

Hola Marcelo!

Just saw that there is a new version on DG for download in the package manager. Can you please provide a changelog? Has the missing  CLAMAV issue been corrected in this new package?

Thanks!

F.

There were a bunch of pbi's that were updated.. I think these are the lastest freebsd ports and not from the developers

https://github.com/pfsense/pfsense-packages/commit/62559c79ad7d5033b285ca0dc65bccf0f88f72bd

Pistolero

Ha… so likely CLAMD is still not in that package :( Bummer.

Thanks for the info!

@Cino:

@Pistolero:

Hola Marcelo!

Just saw that there is a new version on DG for download in the package manager. Can you please provide a changelog? Has the missing  CLAMAV issue been corrected in this new package?

Thanks!

F.

There were a bunch of pbi's that were updated.. I think these are the lastest freebsd ports and not from the developers

https://github.com/pfsense/pfsense-packages/commit/62559c79ad7d5033b285ca0dc65bccf0f88f72bd

pfsense-lover

Can someone please explain why DG is not being compiled with CLAMAV support yet again?

Cino

Marcelo is probably busy right now work.. He does this on his own time..

pfsense-lover

The "core team" now compile the packages. DG has been compiled without ClamAV support for almost 3 months now. See this post https://forum.pfsense.org/index.php?topic=75005.msg417411#msg417411

The "core team" are not contactable. I am not sure how/who to escalate too.

This experience has been very disappointing.

Cino

if you really need ClamAV, use Squid 3-Dev. Works for me using i386 firmware..

I've read the link you sent but still dont get this statement: The "core team" now compile the packages.

try https://lists.pfsense.org/mailman/listinfo/dev if you want to send an email to the pfsense developers or post a bug on redmine.pfsense.org