Sophie: squidclamav-5.3-2mdv2010.1 x86

squidclamav-5.3-2mdv2010.1.x86_64.rpm

2010-03-23 version 5.3

- Fix random squidguard redirection on wrong user by setting chained
program pipe line buffered. Thanks to Russ Wheatcroft for the report.
- SquidClamav now logs chained program redirection with the original
user and ip address. Only if logredir configuration option is enabled.

ERRATA: This patch was not applied on v5.2.
- Add workaround for Squid < 3.0 which made maxsize control fail on
location redirection so that content-length checked was always from
the redirection page. Thanks to Andre Struempfel for the report.

2010-03-01 version 5.2

- Fix configure and install on FreeBSD.
- Fix chained program zombies on BSD system.
- Add russian translation of clwarn.cgi. Thanks to Philipp (Zoonman)
for the contribution.
- Fix error on debug printing of maxsize (using int instead of double).

2010-02-18 version 5.1

- Fix overriding of old SquidClamav configuration file during install.
- Fix process name return for squidguard fork that always be squidGuard
even if you're using an other redirector.
- Fix configure and install on OpenBSD.
- Change link to squidclamav site in CGIs.

2010-02-12 version 5.0

This major release version upgrade is du to some major change in design
so that your old configuration will not be compatible. Here is the list
of changes:

- Now SquidClamav will scan all downloaded files by default. you just
have to configure what you don't want to scan. The default configuration
file comes with predefined exclusion to help.
- SquidClamav now use extended regex so that you can have multiple
pattern in a single line. For example to exclude images you can use the
following lines:
abort ^.*\.(png|gif|jpg|ico)$
abortcontent ^image\/.*$
- SquidClamav is now able to perform failover on clamd connection. You
can set up to 5 clamd ip addresses separated by a coma for the
'clamd_ip' configuration directive. Thanks to Tuomas Haarala for the
feature request.
- The "whitelist" configuration directive now also abort the call
to the chained program (squidguard or other) as well as aborting
virus scan. This is the difference with "abort" directive that only
disable virus scanning.
- There's also two new configuration directive:
'trustuser' => allow to abort chained program and virus scan
for a given ident username.
'trustclient' => allow to abort chained program and virus scan
for a given client source ip address or dns name.
- The 'force' configuration directive have been removed as all is scan
by default.
- Memory and speed has been improved.
- Source tree has been clarified and normalyzed. squidclamav.c has been
renamed in pattern.c and main.c in squidclamav.c
- Add bootstrap.sh file to create configure and makefile from scratch.
- Documentation has been reviewed and write man file squidclamav.1
- Add packaging support for RPM, SlackBuild and Debian package. See
packaging/ directory.
- Remove code for call to chained program in command line if bidirectional
pipe failed.
- Fix install on OpenSolaris complaining about missing -lnsl and -lsocket
library at compile time.
- SquidClamav has now his dedicated web site at http://squidclamav.darold.net/

UPGRADE: SquidClamv v5.0 is not compatible with v4.x configuration file.

-------------------------------------------------------------------------------

2010-01-27 version 4.3

UPGRADE from v4.2 is mandatory!!!!

- Fix a silly v5 backport patch that break virus scan and crash
squidclamav. Thanks to Gordan Bobic for the report.
- Remove scanning abort when content type is no set in the header.

2010-01-27 version 4.2

Note: This is the last version of 4.x branch. New 5.x branch will introduce
major code rewrite and many changes in design. It will also include packaging
support for RPM, SlackBuild and debian package.

- Change default path to log file, now: /var/log/squid/squidclamav.log
as squidclamav is run as squid user it has all right to write here.
- Add 'maxsize' configuration directive to skip virus scanning if
content lenght is upper than maxsize in bytes.
- Remove sigusr1 signal handler to force squidclamav to reread config
file. You may use 'squid -k reconfigure' instead.
- Remove limit to 128 regex pattern in configuration file, now it
dynamically reallocate memory following needs.
- Fix memory leak where regex pattern were still reachable.
- Fix memory leak where object of Curl handle were still reachable.
- Force case insensitive pattern matching so 'aborti', 'contenti' and
'regexi' are now obsolete. Backward compatibility is still preserved.
- Remove force configuration directive so that even with bad header
the stream will always be scanned.
- Fix non working Content-Type abort scanning du to \r in http header
response. Thank to Gordan Bobic for the report.
- Fix 3 memory leaks occuring under bridge mode condition.
- Add support to command line options:
--version => Shown squidclamav version and exit.
--config file => Specify an alternate config file.
--help => Shown squidclamav program usage.
--debug level => Set debug level (overriding the config option).
- Fix undetected existing of alternate config file if a default config
file exists.
- When opening a secure url with Curl you may get the following error:
"SSL certificate problem, verify that the CA cert is OK". This has
been fixed by stopping CURL from verifying the peer's certificate.

UPGRADE: ./configure && make && make install, and override squidclamav binary.

2009-12-04 version 4.1

- Fix case where squidclamav timed out during header collection on
some advertising and metrics sites that do not handle correctly the
HEAD http request. This has been fixed with a timeout for header
retrieving of 1 second. Thank to Helge for the report.
- Remove extra space or tabulation from values in configuration file.

2009-03-04 version 4.0
- Fix libcurl header that prevent download from squid cache. Libcurl
always set http header with Pragma: no-cache. UPGRADE please. Thanks
to Sujith H from Elinanetworks Pvt. Ltd for the report and testing.
- Add configuration option 'trust_cache' to disable virus scanning
if the requested file hits squid cache. In a fresh squid cache the
file may have already been scanned. By default this option is set
to 0 (untrusted cache) for backward compatibility.
- Configuration option 'proxy' has been replaced by 'squid_ip' and
'squid_port'. Consider this option as obsolete and use it only if you
want squidclamav to not use proxy at all with this option set to 'none'.
The backward compatibility is preserved.
- Made change in squidclamav.conf.dist to reflect the above changes and
add/activate by default a scan all option 'content ^.*\/.*$'.

2008-12-16 version 3.9
- Add SIGUSR1 signal catch to force squidclamav to reread his config
file without need of reconfigure squid (killall -10 squidclamav).
- Add a second level of debug to have better output, value: 0,1 or 2.
- Some little code cleanup.

2008-12-01 version 3.8
- Fix segfault introduce in previous version when squidGuard is not
chained. Thanks to Leonardo Humberto Liporati for report and patch.
- Add User Agent anonymizing, see new configuration option 'useragent'.
Thanks to Leonardo Humberto Liporati for idea and patch. This can be
really helpfull with HTTP Error 505: Version Not Supported.
- Add configuration option 'maxredir' to allow Curl to follow
more redirect location than the default (3). Now default is 10.
Thanks to FranÃ§ois Van Ingelgomfor the report.
- Add configuration option 'abortcontent' and 'abortcontenti' to bypass
virus checking on some pattern matching content type. Thanks to Leonardo
Humberto Liporati for idea and patch.
- The pattern_compare() method has been split in two dedicated method
related to pattern matching in URL and pattern matching in Content Type.
- Update documentation with more explaination on configuration and
usage.
- Add missing acknowledgement in README file.

2008-10-16 version 3.7
- Add bi-directional pipe to squidGuard or other redirector to improve
speed and security. Great thanks to Dale Laushman from The Uptime Group
for the patch.

2008-09-30 version 3.6
- Test compatibility with squid 2.7 and 3.0.
- Little change documentation to reflex compatibility
with squid 2.7 and 3.0.

2008-03-28 version 3.5
- Fix implicit declaration of free() in util.c
- Fix libc double free error.
- Fix buffer overflow with in_buff->src_addr in main.c.
- Fix memory leak on regexp compiled pattern.
- Fix memory leak on Curl handle.
Many thanks to Rainer Schöpf from Proteosys.com for his great help.

2008-03-26 version 3.4
- Drop use of Gnu strnlen() not portable on Mac OS X and replaced by
xstrnlen() self implemented in util.c
- Fix missing update version in source code.
- Change config.c filename to scconfig.c
- Rerun GNU tools (autoconf...) on project dir

2008-03-14 version 3.3
- Rewrite all with more secure code.
- Fix squidclamav crash when a bad path to squidguard is given.

2007-11-07 version 3.2
- Fix some memory leak and bad coding.
- Better quoting for squidguard command line call.
- Fix buffer overflow detection on gcc 4

2007-08-19 version 3.1
- Replace call to ftime by gettimeofday for better portability
under freeBSD-like that required SquidClamAv to be compiled
with -lcompat and then at end broke regexp.
- Fix some translation in brazilian CGI.
- Add domain whitelist exclusion from virus scanning and SquidGuard
chainning. See 'whitelist' keyword in configuration file.

2006-08-25 version 3.0
- Clean code, fix buffer overflow and memory leak in regex code
- Add possibility to chain a program like squidguard
- Better log reading (DEBUG LOG STAT ERROR PANIC flags)
- Add time statistic for chained program call.
- Improve speed and memory.
- GNU normalisation (automake, autoconf, configure, ...)
- update documentation -> all in REAME file.

2006-08-18 version 2.5
- Clean some code and definitivly removed regex from package.
Include Linux distro standard regex.h file instead.
- Add statistics for global url processing and virus scanning.

2006-08-18 version 2.4
- Review documentation to match Squid 2.6 configuration change
- Squidclamav now break in debug mode to dump the HTTP error
coming during virus scan stage.
- Fix possible buffer overflow when reading squid input.

2006-06-08 version 2.3
- Fix download abort when size exceed clamd scan max size.
- Add Ip address and ident of a user with an infected download

2005-12-28 version 2.2
- Fix bug in clamd_local config option parsing
- Add option to force virus scan of URL with "no header".

2005-12-20 version 2.1
- Add Clamd local unix socket support
- Run automake -a -c in regex distribution
- Add use of proxy disabling by setting proxy option to none

2005-12-14 version 2.0
- Improve speed with the use of clamd daemon
- Remove support of libclamav: too slow.
- All option are now set in the configuration file (debug, etc.)
- Remove size limit check, let do this better by squid and clamd
- No more use of tmpfile

2005-03-31 version 1.5
- Add option -fno-builtin-log to prevent compilation warning
- Add more configuration options:
log_file => set up path to log file (default: /usr/local/squidclamav/logs/squidclamav.log)
proxy => set up proxy URL (default: http://127.0.0.1:3128)
debug => set up debug mode (default: 0)
clamd_ip => Ip addresse of the clamd daemon (default use libclamav)
clamd_port => port of the clamd daemon (default 3310)
timeout => libcurl transfer timeout (default 60 second)
- Add command line option to squidclamav to change default configuration
file.

2005-02-22 version 1.4
- Fix cache and display of http header.
- Improve speed: use the proxy for data, use only one curl handle, etc.
- Add ClamAv Virus database reload on demand.
- Modify documentation

2005-02-22 version 1.3
- Add german translation for clwarn.cgi. Thanks to Michael Labuschke.
- Add logging of the pid of the squidclamav process
- Fix null content lenght that terminated abnormaly squidclamav
- Add logging of Ip source and ident when virus is detected.
- Add logging of Ip source and ident when size limit exceed.

2005-02-11 version 1.2
- Add more installation instruction related to Squid configuration
- Add recquirement of libcurl >= 7.12.1

2005-02-10 version 1.1
- Fix bug with curl.
- Add support for size limit redirection.

2005-02-08 version 1.0

- Initial release