5 files changed, 145 insertions, 0 deletions

diff --git a/security/scannedonly/Makefile b/security/scannedonly/Makefile
new file mode 100644
index 000000000000..b9d7f6e9bcd5
--- /dev/null
+++ b/security/scannedonly/Makefile
@@ -0,0 +1,86 @@
+# New ports collection makefile for:	scannedonly
+# Date created:				20 January 2011
+# Whom:					girald@etcom.ufrgs.br
+#
+# $FreeBSD$
+#
+
+PORTNAME=	scannedonly
+PORTVERSION=	0.21
+CATEGORIES=	security
+MASTER_SITES=	http://olivier.sessink.nl/scannedonly/
+
+MAINTAINER=	girald@etcom.ufrgs.br
+COMMENT=	A Samba VFS virus scanning daemon
+
+LICENSE=	GPLv2
+
+LIB_DEPENDS=	clamav:${PORTSDIR}/security/clamav
+RUN_DEPENDS=	${LOCALBASE}/bin/clamdscan:${PORTSDIR}/security/clamav \
+		smbd:${PORTSDIR}/${SAMBA_PORT}
+BUILD_DEPENDS+=	smbd:${PORTSDIR}/${SAMBA_PORT}
+
+CONFIGURE_ARGS+=--with-samba-vfs-dir=${PREFIX}/lib/samba/vfs
+GNU_CONFIGURE=	yes
+USE_GMAKE=	yes
+USE_RC_SUBR=	${PORTNAME}
+LDFLAGS+=	-L${LOCALBASE}/lib
+CFLAGS+=	-I${LOCALBASE}/include
+
+.include <bsd.port.options.mk>
+
+.if exists(${LOCALBASE}/sbin/smbd)
+SAMBA_VERSION!=	${LOCALBASE}/sbin/smbd --version | ${CUT} -d ' ' -f 2
+.else
+SAMBA_VERSION?=	3.6
+.endif
+
+SAMBA_PORT?=	net/samba${SAMBA_VERSION:C/([0-9]*)\.([0-9]*).*/\1\2/}
+
+# If samba34 is installed, we need the sources from samba.
+# We don't if samba3[56] is installed.
+# http://olivier.sessink.nl/scannedonly/faq.html
+.if ${SAMBA_PORT} == net/samba34
+BUILD_DEPENDS+=	${NONEXISTENT}:${PORTSDIR}/${SAMBA_PORT}:configure
+CONFIGURE_ARGS+=\
+	--with-samba-source=${WRKDIR}/../../../${SAMBA_PORT}/work/samba-${SAMBA_VERSION}/source3
+USE_AUTOTOOLS=	autoconf
+.endif
+
+PLIST_FILES=	sbin/scannedonlyd_clamav \
+		bin/scannedonly_prescan
+.if ${SAMBA_PORT} == net/samba34
+PLIST_FILES+=	lib/samba/vfs/scannedonly.so
+PLIST_DIRS=	lib/samba/vfs \
+		lib/samba
+.endif
+MAN8=		${PORTNAME}_prescan.8 \
+		${PORTNAME}d_clamav.8
+MANCOMPRESSED=	yes
+
+# Hackery to avoid death for non-obvious reasons if detected
+# SAMBA_VERSION doesn't match the PORTVERSION of samba in ports
+pre-everything::
+.if ${SAMBA_PORT} == net/samba34
+	@if [ "$$(${MAKE} -C ${PORTSDIR}/${SAMBA_PORT} -V PORTVERSION)" \
+		!= "${SAMBA_VERSION}" ] ; \
+	    then ${ECHO_MSG} -n "==> Bailing.  Version of Samba on system is "; \
+		${ECHO_MSG} "${SAMBA_VERSION}, which does not match" ; \
+		${ECHO_MSG} "    that in ports.  Please update Samba and try again." ; \
+		${FALSE} ; \
+	    fi
+.endif
+
+post-patch:
+	@${REINPLACE_CMD} \
+	    -e 's|/var/lib/scannedonly/scan|/var/run/scannedonlyd.sock|g' \
+	${WRKSRC}/man/scannedonly_prescan.8	\
+	${WRKSRC}/py/scannedonlyd.py		\
+	${WRKSRC}/src/vfs_scannedonly.c		\
+	${WRKSRC}/src/scannedonly_prescan.c	\
+	${WRKSRC}/src/scannedonlyd_clamav.c
+
+post-install:
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.mk>
diff --git a/security/scannedonly/distinfo b/security/scannedonly/distinfo
new file mode 100644
index 000000000000..f36ebe62f82f
--- /dev/null
+++ b/security/scannedonly/distinfo
@@ -0,0 +1,2 @@
+SHA256 (scannedonly-0.21.tar.gz) = 20601c0466034cc250ded1a16d737451cfbe05fbcaf4f667ff25fe004bd1340e
+SIZE (scannedonly-0.21.tar.gz) = 80148
diff --git a/security/scannedonly/files/scannedonly.in b/security/scannedonly/files/scannedonly.in
new file mode 100644
index 000000000000..744943d8c3e5
--- /dev/null
+++ b/security/scannedonly/files/scannedonly.in
@@ -0,0 +1,33 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: scannedonly
+# REQUIRE: LOGIN clamd
+# BEFORE: mail
+# KEYWORD: shutdown
+
+#
+# Add the following lines to /etc/rc.conf to enable the scannedonly daemon:
+#
+# scannedonly_clamav_enable="YES"
+# scannedonly_clamav_flags="<set as needed>"
+#
+# See scannedonlyd_clamav(1) for flags
+#
+
+. /etc/rc.subr
+
+name=scannedonly_clamav
+rcvar=`set_rcvar`
+
+command=%%PREFIX%%/sbin/scannedonlyd_clamav
+pidfile=/var/run/scannedonlyd_clamav.pid
+command_args="--pidfile ${pidfile}"
+
+# read settings, set default values
+load_rc_config "$name"
+: ${scannedonly_clamav_enable="NO"}
+
+run_rc_command "$1"
diff --git a/security/scannedonly/pkg-descr b/security/scannedonly/pkg-descr
new file mode 100644
index 000000000000..08a7a886ef6a
--- /dev/null
+++ b/security/scannedonly/pkg-descr
@@ -0,0 +1,13 @@
+Scannedonly is a samba VFS module and a scanning daemon that ensure that only
+files that have been  scanned for viruses are visible and accessible to the end
+user.
+
+Scannedonly was developed because of scalability problems with samba-vscan: high
+server loads when (the same) files were requested often, and timeouts when large
+zip files were requested. Scannedonly doesn't have these problems, but it does
+introduce some other issues.  Choose the product that suits you best.
+
+Scannedonly is available under the open source GPL licence. The source code
+repository is available on Sourceforge.
+
+WWW: http://olivier.sessink.nl/scannedonly/
diff --git a/security/scannedonly/pkg-message b/security/scannedonly/pkg-message
new file mode 100644
index 000000000000..d32606b10e5a
--- /dev/null
+++ b/security/scannedonly/pkg-message
@@ -0,0 +1,11 @@
+**************************************************
+*                   WARNING!                     *
+*                                                *
+* Make sure you've enough socker buffer size.    *
+* Consider increasing kern.ipc.maxsockbuf adding *
+* at least the following sysctl setting to       *
+* /etc/sysctl.conf:                              *
+*                                                *
+* kern.ipc.maxsockbuf=589824                     *
+*                                                *
+**************************************************