Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/app-antivirus/antivir-webgate/files/1.3.0_p12/avwebgate.conf
diff options
context:
space:
mode:
Diffstat (limited to 'app-antivirus/antivir-webgate/files/1.3.0_p12/avwebgate.conf')
-rw-r--r--app-antivirus/antivir-webgate/files/1.3.0_p12/avwebgate.conf346
1 files changed, 346 insertions, 0 deletions
diff --git a/app-antivirus/antivir-webgate/files/1.3.0_p12/avwebgate.conf b/app-antivirus/antivir-webgate/files/1.3.0_p12/avwebgate.conf
new file mode 100644
index 0000000..08afed0
--- /dev/null
+++ b/app-antivirus/antivir-webgate/files/1.3.0_p12/avwebgate.conf
@@ -0,0 +1,346 @@
+#
+# sample AvWebGate configuration file
+#
+
+# This file shows the available options to configure AvWebGate.
+# Lines beginning with '#' are comments and are ignored. If you
+# want to change the value of an option, please uncomment the
+# line. Otherwise default values (shown here) are used, unless
+# otherwise indicated.
+
+# Used to specify the location of the antivir binary, the VDF,
+# the keyfile, and some other files.
+AntiVirDir %AVHOMEDIR%
+
+# Template directory
+TemplateDir %AVHOMEDIR%/avwebgate.tpl
+
+# Maximum number of open files
+OpenMax 1024
+
+# Processes
+NumDaemons 16
+DNSHelpers 8
+
+# Timeouts
+ClientTimeout 60
+ServerTimeout 300
+
+# Specify the port on which AvWebGate listens for HTTP requests.
+# Web-based FTP requests are also handled on this port. In addition
+# to the port number, you may optionally specify a hostname or IP
+# address to which AvWebGate binds the socket. If you do not specify
+# any port(s), AvWebGate listens on port 8080 for HTTP requests by
+# default. If you specify at least one of FTPPort or ICAPPort,
+# AvWebGate does not open a port for HTTP requests as long as
+# HTTPPort is commented out (default).
+# Usage: HTTPPort [hostname_or_ip:]port
+# Note: If you have installed AvWebGate as a parent proxy on the
+# same machine as your existing proxy, it is recommended to
+# use "HTTPPort 127.0.0.1:8080" for example. If a hostname
+# or IP is not given, then the port will be bound to all
+# interfaces.
+HTTPPort 127.0.0.1:80
+
+# AvWebGate can be used as a "real" FTP proxy (talking FTP to the
+# clients). In order to enable this feature, you need to specify
+# a port on which AvWebGate listens for FTP connections. In addition
+# to the port number, you may optionally specify a hostname or IP
+# address to which AvWebGate binds the socket. If you specify an
+# FTPPort, AvWebGate does not open a port for HTTP requests unless
+# HTTPPort is specified explicitly (uncommented).
+# Usage: FTPPort [hostname_or_ip:]port
+#FTPPort 127.0.0.1:2121
+
+# AvWebGate can be used as an ICAP server. To enable ICAP support,
+# you need to specify a port, optionally along with a hostname or
+# IP address, to which AvWebGate binds the socket. If you specify an
+# ICAPPort, AvWebGate does not open a port for HTTP requests unless
+# HTTPPort is specified explicitly (uncommented).
+# Usage: ICAPPort [hostname_or_ip:]port
+# AvWebGate supports ICAP version "1.0"
+#ICAPPort 127.0.0.1:1344
+
+# AvWebGate will switch the user and group as soon as possible after
+# the startup. You may specify a user and/or group to which AvWebGate
+# will switch to. Note that you must run AvWebGate as root initially.
+# If you don't want AvWebGate to start as root initially, you must
+# specify the current user/group here, otherwise the start will
+# fail.
+User %AVUSER%
+Group %AVGROUP%
+
+# AvWebGate is able to tunnel requests performed over SSL (HTTPS).
+# Because the data can not be decrypted, the data will NOT be
+# scanned. However, the handshake is checked to determine if it
+# is a valid SSL handshake. Although this adds an extra security
+# check, this does not solve the underlaying problem, SSL data will
+# NOT be checked, AvWebGate does not interfere with the transaction,
+# but merely forwards the data.
+# Attention: HTTPS data will _NOT_ be scanned.
+AllowHTTPSTunnel 1
+
+# Allows AvWebGate to establish a tunnel connection to any port
+# allowed for HTTP if a CONNECT method request is received.
+# WARNING: USE THIS OPTION WITH CAUTION. AvWebGate does not
+# check the data transferred over the tunnel connection! Use
+# "AllowHTTPSTunnel" instead if you want to limit the allowed
+# connections to the ports 443 (HTTPS) and 563 (SNEWS).
+AllowHTTPConnect 1
+
+# For security reasons, AvWebGate restricts HTTPS connections to
+# IANA-assigned ports 443 (HTTPS) and 563 (SNEWS). If you want to
+# allow HTTPS connections to non-standard ports, you can do so by
+# adding the desired ports to this list. Each port will be separated
+# by a comma or a whitespace.
+AllowedHTTPConnectPorts 443 873
+
+# It is possible to limit the maximum number of allowed simultaneous
+# connections AvWebGate accepts.
+MaxConnections 256
+
+# In order to prevent client timeouts with large downloads, AvWebGate
+# must send the client keepalive messages. There are three different
+# methods for timeout prevention. If the client was identified as
+# a browser, the progress status is sent as refreshing HTML pages.
+# The RefreshInterval specifies the number of seconds between
+# status updates. This method of timeout prevention can be disabled
+# by setting RefreshInterval to 0. If RefreshInterval is not
+# specified, this method of timeout prevention is disabled.
+#RefreshInterval 10
+#RefreshDelay 3
+#RefreshTimeout 60
+#RefreshSkipFileExtensions htm,html,shtml,css,gif,jpg,jpeg,png,swf,flv
+
+# If the refresh method is not used (because it is disabled or
+# the client is a non-browser) redirect messages can be sent to the
+# client. The RedirectInterval specifies the delay time in seconds
+# for sending redirect messages. This method of timeout prevention
+# can be disabled by settings RedirectInterval to 0. If
+# RedirectInterval is not specified, this method of timeout
+# prevention is disabled.
+# Note: This method does not work with every client. Use the
+# KeepaliveInterval option instead if problems occur.
+#RedirectInterval 10
+
+# If the refresh and redirect methods are not used (because they
+# are disabled or they are not appropriate) extended header data can
+# be sent to the client to prevent timeouts. The KeepaliveInterval
+# specifies the delay time in seconds for sending extended header
+# data. This method of timeout prevention can be disabled by
+# setting KeepaliveInterval to 0.
+KeepaliveInterval 10
+KeepaliveMode header
+#KeepaliveMode trickle
+#KeepaliveDelay 30
+
+# Used for Refresh and Redirect client timeout prevention methods
+#ProgressAutoSend 1
+#ProgressFilesizeThreshold 20MB
+#ProgressHoldTime 3600
+#ProgressHoldTimeAfterGetFile 1800
+#ProgressHost proxy.example.com
+
+# If you want to use an optional parent HTTP proxy, AvWebGate needs
+# information to connect to the proxy where the requests are forwarded.
+# You can also specify a username and password if they are needed for
+# the proxy.
+#HTTPProxyServer 127.0.0.1
+#HTTPProxyPort 3128
+#HTTPProxyUsername username
+#HTTPProxyPassword password
+
+# If you want to use an optional parent FTP proxy, you need to specify
+# the hostname or IP address of that proxy along with the port number
+# on which the proxy is accepting "real" FTP connections.
+#FTPProxyServer your.proxy
+#FTPProxyPort 8080
+
+# You can change the directory where temporary files are stored
+# (for example, while they are being scanned).
+TemporaryDir %AVTMPDIR%
+
+# By default, all files in archives are going to be extracted
+# and scanned. Limits can be specified with ArchiveMaxSize,
+# ArchiveMaxRecursion and ArchiveMaxRatio. It is NOT recommended
+# that this option is disabled (value of 0).
+ArchiveScan 1
+
+# If ArchiveMaxSize is 0, all files in archives will be extracted,
+# otherwise files only up to the given size will be extracted.
+ArchiveMaxSize 100MB
+
+# If ArchiveMaxRecursion is 0, recursive archives are going to be
+# unpacked with an unlimited recursion depth, otherwise recursive
+# archives are going to be unpacked up to the given recursion
+# depth.
+ArchiveMaxRecursion 20
+
+# If ArchiveMaxRatio is 0, archives will always be unpacked completely,
+# otherwise they will only be unpacked completely if the compression
+# ratio is below the specified value.
+ArchiveMaxRatio 150
+
+# If BlockSuspiciousArchive is enabled, archives that reach one
+# of the limits above will be blocked.
+BlockSuspiciousArchive 0
+
+# If BlockEncryptedArchive is enabled, encrypted archives will
+# be blocked.
+BlockEncryptedArchive 0
+
+# If BlockPartialArchive is enabled, multi-volume archives will
+# be blocked.
+BlockPartialArchive 0
+
+# AvWebGate will block files that have one of the specified file
+# extensions. Note that filenames in archives will also be matched.
+# The extensions can be separated by either space, comma or semicolon.
+# There is no default value for this directive.
+#BlockExtensions exe scr pif
+
+# By default, blocked files are discarded. In order to move the
+# concerning files to a quarantine directory, you may specify a
+# directory where the files will be moved to.
+MoveConcerningFilesTo %AVSPOOLDIR%/quarantine
+
+# Concerning activity may also be logged to a specified file
+# (in addition to syslog). You must specify the file. If this
+# directive is not specified, logging will only occur through
+# syslog.
+#LogFile /var/log/avwebgate.log
+
+# It is possible to specify the amount of events that are logged by
+# AvWebGate (0-7). 0 logs only critical information, whereas 7 will
+# log everything (including debugging output). A value of 4 or 5 is
+# recommended.
+LogLevel 4
+DebugLevel 4
+
+# Regardless of the above configuration settings, AvWebGate will
+# always log important information using syslog. It is possible
+# to specify which syslog facility you would like AvWebGate to
+# use.
+SyslogFacility daemon
+
+# You can receive email notifications of alerts using this
+# directive. You must specify the email address to which the
+# notification will be sent. There is no default value for
+# this directive.
+#EmailTo hostmaster@example.com
+
+# AvWebGate can add an X-Forwarded-For header to the HTTP request
+# including the IP address of the originating client. This
+# is useful if a subsequent proxy (parent) wants to use the
+# original client address in access controls, logs etc.
+AddXForwardedForHeader 0
+
+# You can restrict access to selected clients or (sub)networks
+# based on their IP addresses. A network address can be specified
+# with a '/' and a number of bits to match (e.g. 192.168.1.0/24).
+# If the number of bits is not specified, the netmask will be
+# determined from the given address (for example, 192.168.0.0 is
+# treated the same as 192.168.0.0/16).
+# Note: If you do not specify any IP addresses, access is granted
+# to everybody. If you specify one or more IP addresses,
+# access is allowed only to the specified addresses and
+# is denied for all others.
+#AllowClientAddresses 127.0.0.0/8 192.168.0.0/16
+AllowClientAddresses 127.0.0.0/8
+
+# WebGate can deny access to specific user agents. You can specify
+# one or more user agent string that will be denied access. The
+# main purpose is to avoid unnecessary traffic generated by clients
+# issuing range requests (such as Microsoft's BITS
+# "Background Intelligent Transfer Service") or streaming services
+# (such as Apple's iTunes). Range requests and data streaming are
+# only permitted if specified in an AclConfigFile.
+ForbiddenUserAgents BITS iTunes
+
+# You can limit connections to selected destination ports. You
+# may specify one or more single ports (e.g 21 and 80) or port
+# ranges. You can specify ranges with a '-' between two port
+# numbers (e.g. 1025-65535). Note that there are no whitespaces
+# allowed between the two port numbers when specifying a range.
+# Note: If you do not specify at least one port, connections
+# will be allowed to all destination ports.
+AllowDestinationPorts 21 80 443 873 1025-65535
+
+# WebGate can also support more complex rules by implementing a Squid-like
+# access control scheme. To use the access control scheme you must create
+# a new configuration file containing the rules describing the desired
+# behavior and have AclConfigFile contain the path to it. The syntax
+# supported by the access control scheme is described in the Manual.
+AclConfigFile %AVCONFDIR%/avwebgate.acl
+
+# List of categories that are blocked by WebGate when Avira Web Access
+# and Content Control library is enabled. Categories can be specified
+# as single categories (e.g 1 and 3 ) or category ranges. You can
+# specify ranges with a '-' between to category numbers.
+# To use the URL filtering capabilities of WebGate a valid WebGate Suite
+# license must be installed
+# Note: For a list of all categories please consult the Manual
+#WSBlockCategories 0-2 12 14 61
+
+# These settings allow for the detection of certain categories of software
+# which are not viruses but might not be wanted. Here is a description of
+# the categories.
+# ADSPY: Software that displays advertising pop-ups or software that very
+# often without the user's consent sends user specific data to
+# third parties and might therefore be unwanted.
+# APPL: The term APPL/ denotes an application of dubious origin or which
+# might be hazardous to use.
+# BDC: Is the Control software for backdoors. Control software for
+# backdoors are generally harmless.
+# DIAL: A Dial-Up program for connections that charge a fee. Its use might
+# lead to huge costs for the user.
+# GAME: It concerns a game that causes no damage on your computer.
+# HEUR-DBLEXT: File has an executable file extension but hides it behind a
+# harmless one.
+# JOKE: A harmless joke program is present as file.
+# PCK: File has been compressed with an unusual runtime compression tool.
+# Please make sure that this file comes from a trustworthy source.
+# PHISH: Faked Emails that are supposed to prompt the victim to reveal
+# confidential information such as user accounts, passwords or
+# online-banking data on certain websites.
+# SPR: Software that maybe able to compromise the security of your system,
+# initiate unwanted program activities, damage your privacy or spy
+# out your user behaviour and might therefore be unwanted.
+# Detection can be enabled/disabled with yes/no parameters respectively.
+DetectADSPY yes
+DetectAPPL yes
+DetectBDC yes
+DetectDIAL yes
+DetectGAME yes
+DetectHEUR-DBLEXT yes
+DetectJOKE yes
+DetectPCK yes
+DetectPHISH yes
+DetectSPR yes
+
+# AntiVir is capable of using heuristics to determine if a file
+# may be malicious. This allows new or unknown malicious code to
+# be detected before you have had a chance to perform an update.
+# There are two types of heuristics that AntiVir uses. The
+# first, HeuristicsMacro, only deals with macros in office
+# documents. This can be enabled/disabled with yes/no respectively.
+# The second, HeuristicsLevel, deals with all types of files and
+# can be set to a certain level of intensity (0-3). 0 means
+# disabled and 3 means full intensity.
+# Note: Be aware that setting the HeuristicsLevel too high could
+# result in false alerts.
+HeuristicsMacro yes
+HeuristicsLevel 2
+
+# Uncomment this directive to allow the GUI to communicate with
+# AvWebGate. If this is enabled, AvWebGate will open an extra
+# TCP Port on the loopback interface. This should only be used
+# if you intend to use the GUI.
+#GuiSupport yes
+
+# These are SSL Parameters used for secure communication with
+# the GUI.
+#GuiCertFile /usr/lib/AntiVir/gui/cert/server.pem
+#GuiCertPass antivir_default
+#GuiCAFile /usr/lib/AntiVir/gui/cert/cacert.pem
+#GuiRandFile /dev/urandom