Scannedonly is a samba VFS module and a scanning daemon that ensure that only

files that have been  scanned for viruses are visible and accessible to the end
user.

Scannedonly was developed because of scalability problems with samba-vscan: high
server loads when (the same) files were requested often, and timeouts when large
zip files were requested. Scannedonly doesn't have these problems, but it does
introduce some other issues.  Choose the product that suits you best.

Scannedonly is available under the open source GPL licence. The source code
repository is available on Sourceforge.

WWW: http://olivier.sessink.nl/scannedonly/

PR:		ports/154202
Submitted by:	girald@etcom.ufrgs.br
Feature safe:	yes

security/Makefile

@@ -769,6 +769,7 @@
     SUBDIR += scamp
     SUBDIR += scanhill
     SUBDIR += scanlogd
+    SUBDIR += scannedonly
     SUBDIR += scanssh
     SUBDIR += scrypt
     SUBDIR += seahorse

security/scannedonly/Makefile

@@ -0,0 +1,86 @@
+# New ports collection makefile for:	scannedonly
+# Date created:				20 January 2011
+# Whom:					girald@etcom.ufrgs.br
+#
+# $FreeBSD$
+#
+
+PORTNAME=	scannedonly
+PORTVERSION=	0.21
+CATEGORIES=	security
+MASTER_SITES=	http://olivier.sessink.nl/scannedonly/
+
+MAINTAINER=	girald@etcom.ufrgs.br
+COMMENT=	A Samba VFS virus scanning daemon
+
+LICENSE=	GPLv2
+
+LIB_DEPENDS=	clamav:${PORTSDIR}/security/clamav
+RUN_DEPENDS=	${LOCALBASE}/bin/clamdscan:${PORTSDIR}/security/clamav \
+		smbd:${PORTSDIR}/${SAMBA_PORT}
+BUILD_DEPENDS+=	smbd:${PORTSDIR}/${SAMBA_PORT}
+
+CONFIGURE_ARGS+=--with-samba-vfs-dir=${PREFIX}/lib/samba/vfs
+GNU_CONFIGURE=	yes
+USE_GMAKE=	yes
+USE_RC_SUBR=	${PORTNAME}
+LDFLAGS+=	-L${LOCALBASE}/lib
+CFLAGS+=	-I${LOCALBASE}/include
+
+.include <bsd.port.options.mk>
+
+.if exists(${LOCALBASE}/sbin/smbd)
+SAMBA_VERSION!=	${LOCALBASE}/sbin/smbd --version | ${CUT} -d ' ' -f 2
+.else
+SAMBA_VERSION?=	3.6
+.endif
+
+SAMBA_PORT?=	net/samba${SAMBA_VERSION:C/([0-9]*)\.([0-9]*).*/\1\2/}
+
+# If samba34 is installed, we need the sources from samba.
+# We don't if samba3[56] is installed.
+# http://olivier.sessink.nl/scannedonly/faq.html
+.if ${SAMBA_PORT} == net/samba34
+BUILD_DEPENDS+=	${NONEXISTENT}:${PORTSDIR}/${SAMBA_PORT}:configure
+CONFIGURE_ARGS+=\
+	--with-samba-source=${WRKDIR}/../../../${SAMBA_PORT}/work/samba-${SAMBA_VERSION}/source3
+USE_AUTOTOOLS=	autoconf
+.endif
+
+PLIST_FILES=	sbin/scannedonlyd_clamav \
+		bin/scannedonly_prescan
+.if ${SAMBA_PORT} == net/samba34
+PLIST_FILES+=	lib/samba/vfs/scannedonly.so
+PLIST_DIRS=	lib/samba/vfs \
+		lib/samba
+.endif
+MAN8=		${PORTNAME}_prescan.8 \
+		${PORTNAME}d_clamav.8
+MANCOMPRESSED=	yes
+
+# Hackery to avoid death for non-obvious reasons if detected
+# SAMBA_VERSION doesn't match the PORTVERSION of samba in ports
+pre-everything::
+.if ${SAMBA_PORT} == net/samba34
+	@if [ "$$(${MAKE} -C ${PORTSDIR}/${SAMBA_PORT} -V PORTVERSION)" \
+		!= "${SAMBA_VERSION}" ] ; \
+	    then ${ECHO_MSG} -n "==> Bailing.  Version of Samba on system is "; \
+		${ECHO_MSG} "${SAMBA_VERSION}, which does not match" ; \
+		${ECHO_MSG} "    that in ports.  Please update Samba and try again." ; \
+		${FALSE} ; \
+	    fi
+.endif
+
+post-patch:
+	@${REINPLACE_CMD} \
+	    -e 's|/var/lib/scannedonly/scan|/var/run/scannedonlyd.sock|g' \
+	${WRKSRC}/man/scannedonly_prescan.8	\
+	${WRKSRC}/py/scannedonlyd.py		\
+	${WRKSRC}/src/vfs_scannedonly.c		\
+	${WRKSRC}/src/scannedonly_prescan.c	\
+	${WRKSRC}/src/scannedonlyd_clamav.c
+
+post-install:
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.mk>

security/scannedonly/distinfo

@@ -0,0 +1,2 @@
+SHA256 (scannedonly-0.21.tar.gz) = 20601c0466034cc250ded1a16d737451cfbe05fbcaf4f667ff25fe004bd1340e
+SIZE (scannedonly-0.21.tar.gz) = 80148

security/scannedonly/files/scannedonly.in

@@ -0,0 +1,33 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: scannedonly
+# REQUIRE: LOGIN clamd
+# BEFORE: mail
+# KEYWORD: shutdown
+
+#
+# Add the following lines to /etc/rc.conf to enable the scannedonly daemon:
+#
+# scannedonly_clamav_enable="YES"
+# scannedonly_clamav_flags="<set as needed>"
+#
+# See scannedonlyd_clamav(1) for flags
+#
+
+. /etc/rc.subr
+
+name=scannedonly_clamav
+rcvar=`set_rcvar`
+
+command=%%PREFIX%%/sbin/scannedonlyd_clamav
+pidfile=/var/run/scannedonlyd_clamav.pid
+command_args="--pidfile ${pidfile}"
+
+# read settings, set default values
+load_rc_config "$name"
+: ${scannedonly_clamav_enable="NO"}
+
+run_rc_command "$1"

security/scannedonly/pkg-descr

@@ -0,0 +1,13 @@
+Scannedonly is a samba VFS module and a scanning daemon that ensure that only
+files that have been  scanned for viruses are visible and accessible to the end
+user.
+
+Scannedonly was developed because of scalability problems with samba-vscan: high
+server loads when (the same) files were requested often, and timeouts when large
+zip files were requested. Scannedonly doesn't have these problems, but it does
+introduce some other issues.  Choose the product that suits you best.
+
+Scannedonly is available under the open source GPL licence. The source code
+repository is available on Sourceforge.
+
+WWW: http://olivier.sessink.nl/scannedonly/

security/scannedonly/pkg-message

@@ -0,0 +1,11 @@
+**************************************************
+*                   WARNING!                     *
+*                                                *
+* Make sure you've enough socker buffer size.    *
+* Consider increasing kern.ipc.maxsockbuf adding *
+* at least the following sysctl setting to       *
+* /etc/sysctl.conf:                              *
+*                                                *
+* kern.ipc.maxsockbuf=589824                     *
+*                                                *
+**************************************************