Quote:
|
Originally Posted by gani
Post your /etc/dansguardian/dansguardian.conf and let us see if there are invalid parameters.
--------
|
This conf file looks ok.
Maybe problem is in one of the banned* files.
# DansGuardian config file for version 2.8.0 with Anti-Virus plug-in 6.4.2
# **NOTE** as of version 2.7.5 most of the list files are now in dansguardianf1.conf
# Web Access Denied Reporting (does not affect logging)
#
# -1 = log, but do not block - Stealth mode
# 0 = just say 'Access Denied'
# 1 = report why but not what denied phrase
# 2 = report fully
# 3 = use HTML template file (accessdeniedaddress ignored) - recommended
#
reportinglevel = 3
# Language dir where languages are stored for internationalisation.
# The HTML template within this dir is only used when reportinglevel
# is set to 3. When used, DansGuardian will display the HTML file instead of
# using the perl cgi script. This option is faster, cleaner
# and easier to customise the access denied page.
# The language file is used no matter what setting however.
#
languagedir = '/etc/dansguardian/languages'
# language to use from languagedir.
language = 'ukenglish'
# Logging Settings
#
# 0 = none 1 = just denied 2 = all text based 3 = all requests
# DG default: 2
# DGAV default: 3
loglevel = 3
# Log Exception Hits
# Log if an exception (user, ip, URL, phrase) is matched and so
# the page gets let through. Can be useful for diagnosing
# why a site gets through the filter. on | off
logexceptionhits = on
# Log File Format
# 1 = DansGuardian format 2 = CSV-style format
# 3 = Squid Log File Format 4 = Tab delimited
logfileformat = 1
# Log file location
#
# Defines the log directory and filename.
#loglocation = '/var/log/dansguardian/access.log'
# Network Settings
#
# the IP that DansGuardian listens on. If left blank DansGuardian will
# listen on all IPs. That would include all NICs, loopback, modem, etc.
# Normally you would have your firewall protecting this, but if you want
# you can limit it to only 1 IP. Yes only one.
filterip = #0.0.0.0
# the port that DansGuardian listens to.
filterport = 8080
# the ip of the proxy (default is the loopback - i.e. this server)
proxyip = 127.0.0.1
# the port DansGuardian connects to proxy on
proxyport = 9999
# accessdeniedaddress is the address of your web server to which the cgi
# dansguardian reporting script was copied
# Do NOT change from the default if you are not using the cgi.
#
accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
# Non standard delimiter (only used with accessdeniedaddress)
# Default is enabled but to go back to the original standard mode dissable it.
nonstandarddelimiter = on
# Banned image replacement
# Images that are banned due to domain/url/etc reasons including those
# in the adverts blacklists can be replaced by an image. This will,
# for example, hide images from advert sites and remove broken image
# icons from banned domains.
# 0 = off
# 1 = on (default)
usecustombannedimage = 1
custombannedimagefile = '/etc/dansguardian/transparent1x1.gif'
# Filter groups options
# filtergroups sets the number of filter groups. A filter group is a set of content
# filtering options you can apply to a group of users. The value must be 1 or more.
# DansGuardian will automatically look for dansguardianfN.conf where N is the filter
# group. To assign users to groups use the filtergroupslist option. All users default
# to filter group 1. You must have some sort of authentication to be able to map users
# to a group. The more filter groups the more copies of the lists will be in RAM so
# use as few as possible.
filtergroups = 1
filtergroupslist = '/etc/dansguardian/filtergroupslist'
# Authentication files location
bannediplist = '/etc/dansguardian/bannediplist'
exceptioniplist = '/etc/dansguardian/exceptioniplist'
banneduserlist = '/etc/dansguardian/banneduserlist'
exceptionuserlist = '/etc/dansguardian/exceptionuserlist'
# Show weighted phrases found
# If enabled then the phrases found that made up the total which excedes
# the naughtyness limit will be logged and, if the reporting level is
# high enough, reported. on | off
showweightedfound = on
# Weighted phrase mode
# There are 3 possible modes of operation:
# 0 = off = do not use the weighted phrase feature.
# 1 = on, normal = normal weighted phrase operation.
# 2 = on, singular = each weighted phrase found only counts once on a page.
#
weightedphrasemode = 2
# Positive result caching for text URLs
# Caches good pages so they don't need to be scanned again
# 0 = off (recommended for ISPs with users with disimilar browsing)
# 1000 = recommended for most users (DG)
# 3000 = recommended when urlcacheonly is on (DGAV)
# 5000 = suggested max upper limit
urlcachenumber = 3000
#
# Age before they are stale and should be ignored in seconds
# 0 = never
# 900 = recommended = 15 mins
urlcacheage = 900
# Smart and Raw phrase content filtering options
# Smart is where the multiple spaces and HTML are removed before phrase filtering
# Raw is where the raw HTML including meta tags are phrase filtered
# CPU usage can be effectively halved by using setting 0 or 1
# 0 = raw only
# 1 = smart only
# 2 = both (default)
phrasefiltermode = 2
# Lower casing options
# When a document is scanned the uppercase letters are converted to lower case
# in order to compare them with the phrases. However this can break Big5 and
# other 16-bit texts. If needed preserve the case. As of version 2.7.0 accented
# characters are supported.
# 0 = force lower case (default)
# 1 = do not change case
preservecase = 0
# Hex decoding options
# When a document is scanned it can optionally convert %XX to chars.
# If you find documents are getting past the phrase filtering due to encoding
# then enable. However this can break Big5 and other 16-bit texts.
# 0 = disabled (default)
# 1 = enabled
hexdecodecontent = 0
# Force Quick Search rather than DFA search algorithm
# The current DFA implementation is not totally 16-bit character compatible
# but is used by default as it handles large phrase lists much faster.
# If you wish to use a large number of 16-bit character phrases then
# enable this option.
# 0 = off (default)
# 1 = on (Big5 compatible)
forcequicksearch = 0
# Reverse lookups for banned site and URLs.
# If set to on, DansGuardian will look up the forward DNS for an IP URL
# address and search for both in the banned site and URL lists. This would
# prevent a user from simply entering the IP for a banned address.
# It will reduce searching speed somewhat so unless you have a local caching
# DNS server, leave it off and use the Blanket IP Block option in the
# bannedsitelist file instead.
reverseaddresslookups = off
# Reverse lookups for banned and exception IP lists.
# If set to on, DansGuardian will look up the forward DNS for the IP
# of the connecting computer. This means you can put in hostnames in
# the exceptioniplist and bannediplist.
# It will reduce searching speed somewhat so unless you have a local DNS server,
# leave it off.
reverseclientiplookups = off
# Build bannedsitelist and bannedurllist cache files.
# This will compare the date stamp of the list file with the date stamp of
# the cache file and will recreate as needed.
# If a bsl or bul .processed file exists, then that will be used instead.
# It will increase process start speed by 300%. On slow computers this will
# be significant. Fast computers do not need this option. on | off
createlistcachefiles = on
# POST protection (web upload and forms)
# does not block forms without any file upload, i.e. this is just for
# blocking or limiting uploads
# measured in kibibytes after MIME encoding and header bumph
# use 0 for a complete block
# use higher (e.g. 512 = 512Kbytes) for limiting
# use -1 for no blocking
#maxuploadsize = 512
#maxuploadsize = 0
maxuploadsize = -1
# Max content filter page size
# Sometimes web servers label binary files as text which can be very
# large which causes a huge drain on memory and cpu resources.
# To counter this, you can limit the size of the document to be
# filtered and get it to just pass it straight through.
# This setting also applies to content regular expression modification.
# The size is in Kibibytes - eg 2048 = 2Mb
# use 0 for no limit
maxcontentfiltersize = 256
# Username identification methods (used in logging)
# You can have as many methods as you want and not just one. The first one
# will be used then if no username is found, the next will be used.
# * proxyauth is for when basic proxy authentication is used (no good for
# transparent proxying).
# * ntlm is for when the proxy supports the MS NTLM authentication
# protocol. (Only works with IE5.5 sp1 and later). **NOT IMPLEMENTED**
# * ident is for when the others don't work. It will contact the computer
# that the connection came from and try to connect to an identd server
# and query it for the user owner of the connection.
usernameidmethodproxyauth = on
usernameidmethodntlm = off # **NOT IMPLEMENTED**
usernameidmethodident = off
# Preemptive banning - this means that if you have proxy auth enabled and a user accesses
# a site banned by URL for example they will be denied straight away without a request
# for their user and pass. This has the effect of requiring the user to visit a clean
# site first before it knows who they are and thus maybe an admin user.
# This is how DansGuardian has always worked but in some situations it is less than
# ideal. So you can optionally disable it. Default is on.
# As a side effect disabling this makes AD image replacement work better as the mime
# type is know.
preemptivebanning = on
# Misc settings
# if on it adds an X-Forwarded-For: <clientip> to the HTTP request
# header. This may help solve some problem sites that need to know the
# source ip. on | off
forwardedfor = off
# if on it uses the X-Forwarded-For: <clientip> to determine the client
# IP. This is for when you have squid between the clients and DansGuardian.
# Warning - headers are easily spoofed. on | off
usexforwardedfor = off
# if on it logs some debug info regarding fork()ing and accept()ing which
# can usually be ignored. These are logged by syslog. It is safe to leave
# it on or off
logconnectionhandlingerrors = on
# Fork pool options
# sets the maximum number of processes to sporn to handle the incomming
# connections. Max value usually 250 depending on OS.
# On large sites you might want to try 180.
maxchildren = 120
# sets the minimum number of processes to sporn to handle the incomming connections.
# On large sites you might want to try 32.
minchildren = 8
# sets the minimum number of processes to be kept ready to handle connections.
# On large sites you might want to try 8.
minsparechildren = 4
# sets the minimum number of processes to sporn when it runs out
# On large sites you might want to try 10.
preforkchildren = 6
# sets the maximum number of processes to have doing nothing.
# When this many are spare it will cull some of them.
# On large sites you might want to try 64.
maxsparechildren = 32
# sets the maximum age of a child process before it croaks it.
# This is the number of connections they handle before exiting.
# On large sites you might want to try 10000.
maxagechildren = 500
# Process options
# (Change these only if you really know what you are doing).
# These options allow you to run multiple instances of DansGuardian on a single machine.
# Remember to edit the log file path above also if that is your intention.
# IPC filename
#
# Defines IPC server directory and filename used to communicate with the log process.
ipcfilename = '/tmp/.dguardianipc'
# URL list IPC filename
#
# Defines URL list IPC server directory and filename used to communicate with the URL
# cache process.
urlipcfilename = '/tmp/.dguardianurlipc'
# PID filename
#
# Defines process id directory and filename.
#pidfilename = '/var/run/dansguardian.pid'
# Disable daemoning
# If enabled the process will not fork into the background.
# It is not usually advantageous to do this.
# on|off ( defaults to off )
nodaemon = off
# Disable logging process
# on|off ( defaults to off )
nologger = off
# Daemon runas user and group
# This is the user that DansGuardian runs as. Normally the user/group nobody.
# Uncomment to use. Defaults to the user set at compile time.
# daemonuser = 'nobody'
# daemongroup = 'nobody'
# Soft restart
# When on this disables the forced killing off all processes in the process group.
# This is not to be confused with the -g run time option - they are not related.
# on|off ( defaults to off )
softrestart = off
# ANTIVIRUS SETTINGS
# --------------------
# OPTION: virusscan
# If on, we scan all downloaded content using embedded virus engine.
# Supported engines of this version are ClamAV, ClamDScan, KAV, KAV5, Trophie, Sophie.
# If off, we don't scan any downloaded content.
# See
http://sourceforge.net/projects/dgav/ for more details.
virusscan = on
# OPTION: virusengine
# Set the embedded virus scan engine to be used (clamav, clamdscan, kav, aveserver, trophie, sophie).
virusengine = 'clamav'
# OPTION: tricklelength
# With tricklelength you can choose between three different trickle modes:
# a) If set to -1, the scanner will send 1 byte per delay period
# to the client to keep a download connection alive.
# When the whole file is downloaded and scanned, the client will
# receive all remaining bytes, if the file was clean.
# b) If set to less than -1 (eg. -1024) the scanner will send,
# after firsttrickledelay seconds, a proportional amount of data
# to the client (e.g 1024 bytes per downloaded megabyte); after
# followingtrickledelay seconds again a proportional amount
# of data is sent to the client and so on. When the whole file is
# downloaded and scanned, the client will receive all remaining
# bytes, if the file was clean.
# Recommended value: -1024 (1024 bytes per downloaded megabyte)
# c) If set to a positive integer value it enables immediate delivery
# to the client. The value set means minimum number of bytes of the
# downloaded file that will be held and delivered after virus scan.
# If clean, the remaining bytes will be sent to the client.
# If infected, file downloaded will be incomplete and a warning message
# will be sent to the postmaster and possibly the user.
# Recommended minimum positive value: 32768 (32 kbytes)
#
# NOTE:
# only trickle modes a) and b) allow for limited mime-header
# rewriting; eg. if a zip file (application/zip) is downloaded
# and contains a virus it's mime-type is rewritten to text/html
# which in turn forces the browser to display the warning page;
# be aware however, that this is only possible for downloads
# that finish within firsttrickledelay seconds!
tricklelength = 32768
# OPTION: forkscanlength
# Specifies maximum file size, in bytes, that is scanned w/o parallel trickling.
# Files larger than 'forkscan_length' will be scanned in the background,
# while a foreground process trickles data to the client in order to keep
# connection alive.
# This heavily depends on the available CPU speed. Slow CPUs need smaller values.
# The size is in Kibibytes - eg 2048 = 2Mb
forkscanlength = 32768
# OPTION: firsttrickledelay
# Delay in seconds to deliver the first byte to the client.
# This option only applies if tricklelength is set to -1.
firsttrickledelay = 10
# OPTION: follwingtrickledelay
# Delay in seconds to deliver subsequent bytes to the client.
# This option only applies if tricklelength is set to -1.
followingtrickledelay = 10
# OPTION: maxcontentscansize
# Set the maximum size of a content to be virus scanned.
# Content size above this value will not be scanned against viruses.
# The size is in Kibibytes - eg 2048 = 2Mb
# To have no limit, use 0 (zero).
maxcontentscansize = 41904304
# OPTION: virusscanexceptions
# If off, antivirus scanner will ignore DG exception sites and urls.
virusscanexceptions = on
# OPTION: urlcachecleanonly
# If off, url cache will contain entries of text only urls.
# Keeping it off, preserves original Dansguardian feature and
# downloaded content will be always scanned by antivirus.
# When turned on, urlcache will be loaded only with content
# found to be good and that is virus free.
# Thus, content of urls found in urlcache WILL NOT BE SCANNED AGAIN.
urlcachecleanonly = on
# OPTION: virusscannertimeout
# The maximum length of time the commercial virus scanner is allowed to run
# for 1 batch of messages (in seconds).
virusscannertimeout = 60
# OPTION: notify
# Sets who receives email notification when a virus is found.
# Users must be authenticated to be able to receive messages.
# Email address for users will be formed by the authentication name received by DG
# plus @emaildomain (see option below)
# 0 = disabled
# 1 = user only
# 2 = postmaster only
# 3 = postmaster and users (default)
notify = 0
# OPTION: emaildomain
# Set email domain to use when notifying users of an infected file.
# This is just the domain name part, after the @
emaildomain = 'your.domain.com'
# OPTION: postmaster
# Set email address of who to notify about any infections found.
# Should put your full domain name here too.
postmaster = 'postmaster@your.domain.com'
# OPTION: emailserver
# Set the address and port of the Mail Server to send notifications through.
#
emailserver = '127.0.0.1:25'
# OPTION: downloaddir
# Set where the files are downloaded to before they are scanned.
# Since version 6.4.2 it is strongly recommended to define a directory path
# TO BE USED ONLY BY DGAV.
# YOU WILL LOOSE FILES inside this directory path if it is used for any other purpose.
downloaddir = '/tmp/dgvirus'
# CLAMAV SETTINGS
# --------------------
# OPTION: clmaxfiles
# Set maximum number of files inside a compressed file
# default: 1500 files
clmaxfiles = 1500
# OPTION: clmaxreclevel
# Set maximum recursion level to perform scan on a compressed file
# that is inside a compressed file
# default: 3 levels
clmaxreclevel = 3
# OPTION: clmaxfilesize
# Set maximum file size of a file inside a compressed file
# default: 10485760 = 10 Mbytes
clmaxfilesize = 10485760
# OPTION: clblockencryptedarchives
# Treat encrypted compressed file as virus infected content.
# default: off
clblockencryptedarchives = off
# OPTION: cldetectbroken
# Activate improved detection of broken executable files.
# default: off
cldetectbroken = off
# CLAMDSCAN SETTINGS
# --------------------
# OPTION: clamdsocket
# Set the name of a local clamd socket (file)
# or the hostname
ort of a remote clamd server
# default: '/tmp/clamd'
clamdsocket = '/tmp/clamd'
# KASPERSKY 5 SETTINGS
# --------------------
# OPTION: avesocket
# Set name of the local socket file
# default: '/var/run/aveserver'
avesocket = '/var/run/aveserver'
# TROPHIE SETTINGS
# --------------------
# OPTION: trophiesocket
# Set name of the local socket file
# default: '/var/run/trophie'
trophiesocket = '/var/run/trophie'
# SOPHIE SETTINGS
# --------------------
# OPTION: sophiesocket
# Set name of the local socket file
# default: '/var/run/sophie'
sophiesocket = '/var/run/sophie'
# ICAP SETTINGS (experimental)
# ----------------------------
# OPTION: icapsocket
# Set hostname
ort of the icap server
# default: 'localhost:1344'
icapsocket = 'localhost:1344'
# OPTION: icapservice
# Set the icap service to be used
# default: 'icap://localhost/avscan'
icapservice = 'icap://localhost/avscan'
