##-------------------------------]
## Dansguardian Konfiguration 
## www.dansguardian.org 
## 
## Stefan Bauer 
## info@edv-fix.de
##-------------------------------]


reportinglevel = 3
languagedir = '/etc/dansguardian/languages'
language = 'german'
loglevel = 3
logexceptionhits = off
logfileformat = 1
loglocation = '/var/log/dansguardian/access.log'


# Network Settings
# 
# the IP that DansGuardian listens on.  If left blank DansGuardian will
# listen on all IPs.  That would include all NICs, loopback, modem, etc.
# Normally you would have your firewall protecting this, but if you want
# you can limit it to only 1 IP.  Yes only one.
filterip = 169.254.0.100

# Dansguardian nimmt Anfrgen auf diesem Port an 
filterport = 3128 

# Die Ip auf welcher Squid lauscht
proxyip = 127.0.0.1

# Wir verbinden uns mit Squid auf folgendem Port 
proxyport = 8080 

# Fehlerseite bei einer speziell gesetzten Meldung
accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'


# laengst vergessene Einstellungen
nonstandarddelimiter = on

# Wir ersetzen blockierte Seiten mit einem Standard-Bild
usecustombannedimage = 1
custombannedimagefile = '/etc/dansguardian/transparent1x1.gif'

# Wir definieren eine Gruppe mit gleichem Filter-Verhalten 
filtergroups = 1
filtergroupslist = '/etc/dansguardian/filtergroupslist'

# Wir definieren Benutzer die Dinge duerfen oder nicht 
bannediplist = '/etc/dansguardian/bannediplist'
exceptioniplist = '/etc/dansguardian/exceptioniplist'
banneduserlist = '/etc/dansguardian/banneduserlist'
exceptionuserlist = '/etc/dansguardian/exceptionuserlist'

showweightedfound = on

weightedphrasemode = 2

# Speicher Verhalten der Inhalte für andere Benutzer
urlcachenumber = 3000

 Wir halten die gespeicherten Inhalte für Sekunden (15Min)
urlcacheage = 900

# Der Inhalt wird auf das noetigste reduziert bevor wir Ihn ueberpruefen
phrasefiltermode = 0 


# Lower casing options
# When a document is scanned the uppercase letters are converted to lower case
# in order to compare them with the phrases.  However this can break Big5 and
# other 16-bit texts.  If needed preserve the case.  As of version 2.7.0 accented
# characters are supported.
# 0 = force lower case (default)
# 1 = do not change case
preservecase = 0



# Hex decoding options
# When a document is scanned it can optionally convert %XX to chars.
# If you find documents are getting past the phrase filtering due to encoding
# then enable.  However this can break Big5 and other 16-bit texts.
# 0 = disabled (default)
# 1 = enabled
hexdecodecontent = 0



# Force Quick Search rather than DFA search algorithm
# The current DFA implementation is not totally 16-bit character compatible
# but is used by default as it handles large phrase lists much faster.
# If you wish to use a large number of 16-bit character phrases then
# enable this option.
# 0 = off (default)
# 1 = on (Big5 compatible)
forcequicksearch = 0



# Reverse lookups for banned site and URLs.
# If set to on, DansGuardian will look up the forward DNS for an IP URL
# address and search for both in the banned site and URL lists.  This would
# prevent a user from simply entering the IP for a banned address.
# It will reduce searching speed somewhat so unless you have a local caching
# DNS server, leave it off and use the Blanket IP Block option in the
# bannedsitelist file instead.
reverseaddresslookups = off

reverseclientiplookups = off

createlistcachefiles = off 


# webmailer
#maxuploadsize = 512
#maxuploadsize = 0
maxuploadsize = -1

maxcontentfiltersize = 2048 
usernameidmethodproxyauth = on

# Preemptive banning - this means that if you have proxy auth enabled and a user accesses
# a site banned by URL for example they will be denied straight away without a request
# for their user and pass.  This has the effect of requiring the user to visit a clean
# site first before it knows who they are and thus maybe an admin user.
# This is how DansGuardian has always worked but in some situations it is less than
# ideal.  So you can optionally disable it.  Default is on.
# As a side effect disabling this makes AD image replacement work better as the mime
# type is know.
preemptivebanning = on



forwardedfor = on 
usexforwardedfor = on

logconnectionhandlingerrors = on



# Fork pool options

# sets the maximum number of processes to sporn to handle the incomming
# connections.  Max value usually 250 depending on OS.
# On large sites you might want to try 180.
maxchildren = 120


# sets the minimum number of processes to sporn to handle the incomming connections.
# On large sites you might want to try 32.
minchildren = 4 


# sets the minimum number of processes to be kept ready to handle connections.
# On large sites you might want to try 8.
minsparechildren = 4


# sets the minimum number of processes to sporn when it runs out
# On large sites you might want to try 10.
preforkchildren = 6


# sets the maximum number of processes to have doing nothing.
# When this many are spare it will cull some of them.
# On large sites you might want to try 64.
maxsparechildren = 32


# sets the maximum age of a child process before it croaks it.
# This is the number of connections they handle before exiting.
# On large sites you might want to try 10000.
maxagechildren = 500



# Process options
# (Change these only if you really know what you are doing).
# These options allow you to run multiple instances of DansGuardian on a single machine.
# Remember to edit the log file path above also if that is your intention.

ipcfilename = '/tmp/.dguardianipc'
urlipcfilename = '/tmp/.dguardianurlipc'

#pidfilename = '/var/run/dansguardian.pid'

nodaemon = off
nologger = off

softrestart = on 

virusscan = on

virusengine = 'clamav'

tricklelength = -1 

# OPTION: forkscanlength
# Specifies maximum file size, in bytes, that is scanned w/o parallel trickling.
# Files larger than 'forkscan_length' will be scanned in the background,
# while a foreground process trickles data to the client in order to keep
# connection alive.
# This heavily depends on the available CPU speed. Slow CPUs need smaller values.
# The size is in Kibibytes - eg 2048 = 2Mb
forkscanlength = 32768

# OPTION: firsttrickledelay
# Delay in seconds to deliver the first byte to the client.
# This option only applies if tricklelength is set to -1.
firsttrickledelay = 10

# OPTION: follwingtrickledelay
# Delay in seconds to deliver subsequent bytes to the client.
# This option only applies if tricklelength is set to -1.
followingtrickledelay = 10

# OPTION: maxcontentscansize
# Set the maximum size of a content to be virus scanned.
# Content size above this value will not be scanned against viruses.
# The size is in Kibibytes - eg 2048 = 2Mb
# To have no limit, use 0 (zero).
maxcontentscansize = 41904304

# OPTION: virusscanexceptions
# If off, antivirus scanner will ignore DG exception sites and urls.
virusscanexceptions = on

# OPTION: urlcachecleanonly
# If off, url cache will contain entries of text only urls.
# Keeping it off, preserves original Dansguardian feature and
# downloaded content will be always scanned by antivirus.
# When turned on, urlcache will be loaded only with content
# found to be good and that is virus free.
# Thus, content of urls found in urlcache WILL NOT BE SCANNED AGAIN.
urlcachecleanonly = on

virusscannertimeout = 60

notify = 0
emaildomain = 'your.domain.com'
postmaster = 'postmaster@your.domain.com'
emailserver = '127.0.0.1:25'


# OPTION: downloaddir
# Set where the files are downloaded to before they are scanned.
# Since version 6.4.2 it is strongly recommended to define a directory path
# TO BE USED ONLY BY DGAV.
# YOU WILL LOOSE FILES inside this directory path if it is used for any other purpose.
downloaddir = '/tmp/dgvirus'

# CLAMAV SETTINGS
# --------------------
# OPTION: clmaxfiles
# Set maximum number of files inside a compressed file
# default: 1500 files
clmaxfiles = 1500

# OPTION: clmaxreclevel
# Set maximum recursion level to perform scan on a compressed file
# that is inside a compressed file
# default: 3 levels
clmaxreclevel = 3

# OPTION: clmaxfilesize
# Set maximum file size of a file inside a compressed file
# default: 10485760 = 10 Mbytes
clmaxfilesize = 10485760

# OPTION: clblockencryptedarchives
# Treat encrypted compressed file as virus infected content.
# default: off
clblockencryptedarchives = off

# Verbessertes Ueberpruefen von kaputten Dateien
cldetectbroken = off

clamdsocket = '/tmp/clamd'