This file is indexed.

/etc/havp/havp.config is in havp 0.92a-2ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
#
# This is the configuration file for HAVP
#
# All lines starting with a hash (#) or empty lines are ignored.
# Uncomment parameters you want to change!
#
# All parameters configurable in this file are explained and their default
# values are shown. If no default value is defined "NONE" is specified.
# 
# General syntax: Parameter Value
# Value can be: true/false, number, or path
#
# Extra spaces and tabs are ignored.
#

# You must remove this line for HAVP to start.
# This makes sure you have (hopefully) reviewed the configuration. :)
# Hint: You must enable some scanner! Find them in the end..
# REMOVETHISLINE deleteme

#
# For reasons of security it is recommended to run a proxy program
# without root rights. It is recommended to create user that is not
# used by any other program.
#
# Default:
# USER havp
# GROUP havp

# If this is true HAVP is running as daemon in background.
# For testing you may run HAVP at your text console.
#
# Default:
# DAEMON true

#
# Process id (PID) of the main HAVP process is written to this file.
# Be sure that it is writeable by the user under which HAVP is running.
# /etc/init.d/havp script requires this to work.
#
# Default:
# PIDFILE /var/run/havp/havp.pid

#
# For performance reasons several instances of HAVP have to run.
# Specify how many servers (child processes) are simultaneously
# listening on port PORT for a connection. Minimum value should be
# the peak requests-per-second expected + 5 for headroom. For best
# performance, you should have atleast 1 CPU core per 16 processes.
#
# For single user home use, 8 should be minimum.
# For 500+ users corporate use, start at 40.
#
# Value can and should be higher than recommended. Memory and
# CPU usage is only affected by the number of concurrent requests.
#
# More childs are automatically created when needed, up to MAXSERVERS.
#
# Default:
# SERVERNUMBER 8
# MAXSERVERS 100

#
# Files where to log requests and info/errors.
# Needs to have write permission for HAVP user.
#
# Default:
# ACCESSLOG /var/log/havp/access.log
# ERRORLOG /var/log/havp/havp.log
# VIRUSLOG (same as ACCESSLOG)

#
# Format for timestamps in logfile messages.
# See: man strftime
#
# Default:
# TIMEFORMAT %d/%m/%Y %H:%M:%S

#
# Syslog can be used instead of logging to file.
# For facilities and levels, see "man syslog".
#
# Default:
# USESYSLOG false
# SYSLOGNAME havp
# SYSLOGFACILITY daemon
# SYSLOGLEVEL info
# SYSLOGVIRUSLEVEL warning

#
# true: Log every request to access log
# false: Log only viruses to access log
#
# Default:
# LOG_OKS true

#
# Level of HAVP logging
#  0 = Only serious errors and information
#  1 = Less interesting information is included
#
# Default:
# LOGLEVEL 0

#
# Temporary scan file.
# This file must reside on a partition for which mandatory
# locking is enabled. For Linux, use "-o mand" in mount command.
# See "man mount" for details. Solaris does not need any special
# steps, it works directly.
#
# Specify absolute path to a file which name must contain "XXXXXX".
# These characters are used by system to create unique named files.
#
# Default:
# SCANTEMPFILE /var/spool/havp/havp-XXXXXX

#
# Directory for ClamAV and other scanner created tempfiles.
# Needs to be writable by HAVP user. Use ramdisk for best performance.
#
# Default:
# TEMPDIR /var/tmp

#
# HAVP reloads scanners virus database by receiving a signal
# (send SIGHUP to PID from PIDFILE, see "man kill") or after
# a specified period of time. Specify here the number of
# minutes to wait for reloading.
#
# This only affects library scanners (clamlib, trophie).
# Other scanners must be updated manually.
#
# Default:
# DBRELOAD 60 

#
# Run HAVP as transparent Proxy?
#
# If you don't know what this means read the mini-howto
# TransparentProxy written by Daniel Kiracofe.
# (e.g.: http://www.tldp.org/HOWTO/mini/TransparentProxy.html)
# Definitely you have more to do than setting this to true.
# You are warned!
#
# Default:
# TRANSPARENT false

#
# Specify a parent proxy (e.g. Squid) HAVP should use.
# If needed, user and password authentication can be used,
# but only Basic-authentication scheme is supported.
#
# Default: NONE
# PARENTPROXY localhost
# PARENTPORT 3128
# PARENTUSER username
# PARENTPASSWORD password

#
# Write X-Forwarded-For: to log instead of connecters IP?
#
# If HAVP is used as parent proxy by some other proxy, this allows
# to write the real users IP to log, instead of proxy IP.
#
# Default:
# FORWARDED_IP false

#
# Send X-Forwarded-For: header to servers?
#
# If client sent this header, FORWARDED_IP setting defines the value,
# then it is passed on. You might want to keep this disabled for security
# reasons. Enable this if you use your own parent proxy after HAVP, so it
# will see the original client IP.
#
# Disabling this also disables Via: header generation.
#
# Default:
# X_FORWARDED_FOR false

#
# Port HAVP is listening on.
#
# Default:
# PORT 8080

#
# IP address that HAVP listens on.
# Let it be undefined to bind all addresses.
#
# Default: NONE
# BIND_ADDRESS 127.0.0.1

#
# IP address used for sending outbound packets.
# Let it be undefined if you want OS to handle right address.
#
# Default: NONE
# SOURCE_ADDRESS 1.2.3.4

#
# Path to template files.
#
# Default:
# TEMPLATEPATH /etc/havp/templates/en

#
# Set to true if you want to prefer Whitelist.
# If URL is Whitelisted, then Blacklist is ignored.
# Otherwise Blacklist is preferred.
#
# Default:
# WHITELISTFIRST true

#
# List of URLs not to scan.
#
# Default:
# WHITELIST /etc/havp/whitelist

#
# List of URLs that are denied access.
#
# Default:
# BLACKLIST /etc/havp/blacklist

#
# Is scanner error fatal?
#
# For example, archive types that are not supported by scanner
# may return error. Also if scanner has invalid pattern files etc.
#
# true: User gets error page
# false: No error is reported (viruses might not be detected)
#
# Default:
# FAILSCANERROR true

#
# When scanning takes longer than this, it will be aborted.
# Timer is started after HAVP has fully received all data.
# If set too low, complex files/archives might produce timeout.
# Timeout is always a fatal error regardless of FAILSCANERROR.
#
# Time in minutes!
#
# Default:
# SCANNERTIMEOUT 10

#
# Allow HTTP Range requests?
#
# false: Broken downloads can NOT be resumed
# true: Broken downloads can be resumed
#
# Allowing Range is a security risk, because partial
# HTTP requests may not be properly scanned.
#
# Whitelisted sites are allowed to use Range in any case.
#
# Default:
# RANGE false

#
# Allow HTTP Range request to get the ZIP header first?
#
# This allows (partial) scanning of ZIP files that are bigger than
# MAXSCANSIZE. Scanning is done up to that many bytes into the file.
#
# Default:
# PRELOADZIPHEADER true

#
# If you really need more performance, you can disable scanning of
# JPG, GIF and PNG files. These are probably the most common files
# around, so it will save lots of CPU. But be warned, image exploits
# exist and more could be found. Think twice if you want to disable!
#
# In addition of checking Content-Type: image/*, this setting uses
# file magic to make sure the file is really image.
#
# Also see SCANMIME/SKIPMIME settings to control scanning based
# on just the Content-Type header.
#
# Default:
# SCANIMAGES true

#
# What MIME types NOT to scan. For performance reasons, you could
# exclude all media types.
#
# Based on Content-Type: header as given by the HTTP server.
# Note that it is easy to forge and should not be trusted.
#
# Basic wildcard match supported.
#
# Default: NONE
# SKIPMIME image/* video/* audio/*

#
# If set, then ONLY these MIME types will be scanned.
#
# Based on Content-Type: header as given by the HTTP server.
# Note that it is easy to forge and should not be trusted.
#
# Basic wildcard match supported.
#
# Default: NONE
# SCANMIME application/*

#
# Temporary file will grow only up to this size. This means scanner
# will scan data until this limit is reached.
#
# There are two sides to this setting. By limiting the size, you gain
# performance, less waiting for big files and less needed temporary space.
# But there is slightly higher chance of virus slipping through (though
# scanning large archives should not be gateways function, HAVP is more
# geared towards small exploit detection etc).
#
# VALUE IN BYTES NOT KB OR MB!!!!
#  0 = No size limit
#
# Default:
# MAXSCANSIZE 5000000

#
# Amount of data going to browser that is held back, until it
# is scanned. When we know file is clean, this held back data
# can be sent to browser. You can safely set bigger value, only
# thing you will notice is some "delay" in beginning of download.
# Virus found in files bigger than this might not produce HAVP
# error page, but result in a "broken" download.
#
# VALUE IN BYTES NOT KB OR MB!!!!
#
# Default:
# KEEPBACKBUFFER 200000

#
# This setting complements KEEPBACKBUFFER. It tells how many Seconds to
# initially receive data from server, before sending anything to client.
# Even trickling is not done before this time elapses. This way files that
# are received fast are more secure and user can get virus report page for
# files bigger than KEEPBACKBUFFER.
#
# Setting to 0 will disable this, and only KEEPBACKBUFFER is used.
#
# Default:
# KEEPBACKTIME 5

#
# After Trickling Time (seconds), some bytes are sent to browser
# to keep the connection alive. Trickling is not needed if timeouts
# are not expected for files smaller than KEEPBACKBUFFER, but it is
# recommended to set anyway.
#
# 0 = No Trickling
#
# Default:
# TRICKLING 30

#
# Send this many bytes to browser every TRICKLING seconds, see above
#
# Default:
# TRICKLINGBYTES 1

#
# Downloads larger than MAXDOWNLOADSIZE will be blocked.
# Only if not Whitelisted!
#
# VALUE IN BYTES NOT KB OR MB!!!!
#  0 = Unlimited Downloads
#
# Default:
# MAXDOWNLOADSIZE 0

#
# Space separated list of strings to partially match User-Agent: header.
# These are used for streaming content, so scanning is generally not needed
# and tempfiles grow unnecessary. Remember when enabled, that user could
# fake header and pass some scanning. HTTP Range requests are allowed for
# these, so players can seek content.
#
# You can uncomment here a list of most popular players.
#
# Default: NONE
# STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS

#
# Bytes to scan from beginning of streams.
# When set to 0, STREAMUSERAGENT scanning will be completely disabled.
# It is not recommended as there are some exploits for players.
#
# Default:
# STREAMSCANSIZE 20000

#
# Disable mandatory locking (dynamic scanning) for certain file types.
# This is intended for fixing cases where a scanner forces use of mmap()
# call. Mandatory locking might not allow this, so you could get errors
# regarding memory allocation or I/O. You can test the "None" option
# anyway, as it might even work depending on your OS (some Linux seems
# to allow mand+mmap).
# 
# Allowed values:
#   None
#   ClamAV:BinHex  (mmap forced in versions older than 0.96)
#   ClamAV:PDF     (mmap forced in versions older than 0.96)
#   ClamAV:ZIP     (mmap forced in 0.93.x, should work in 0.94)
#   AVG:ALL        (AVG 8.5 does not work, uses mmap MAP_SHARED)
#
# Default:
# DISABLELOCKINGFOR AVG:ALL

#
# Whitelist specific viruses by case-insensitive substring match.
# For example, "Oversized." and "Encrypted." are good candidates,
# if you can't disable those checks any other way.
#
# Default: NONE
# IGNOREVIRUS Oversized. Encrypted. Phishing.


#####
##### ClamAV Library Scanner (libclamav)
#####

ENABLECLAMLIB true

# HAVP uses libclamav hardcoded pattern directory, which usually is
# /usr/share/clamav. You only need to set CLAMDBDIR, if you are
# using non-default DatabaseDirectory setting in clamd.conf.
#
# Default: NONE
# CLAMDBDIR /var/lib/clamav

# Should we block broken executables?
#
# Default:
# CLAMBLOCKBROKEN false

# Should we block encrypted archives?
#
# Default:
# CLAMBLOCKENCRYPTED false

# Should we block files that go over maximum archive limits?
#
# Default:
# CLAMBLOCKMAX false

# Scanning limits?
# You can find some additional info from documentation or clamd.conf
#
# Stop when this many total bytes scanned (MB)
# CLAMMAXSCANSIZE 20
#
# Stop when this many files have been scanned
# CLAMMAXFILES 50
#
# Don't scan files over this size (MB)
# CLAMMAXFILESIZE 100
#
# Maximum archive recursion
# CLAMMAXRECURSION 8


#####
##### ClamAV Socket Scanner (clamd)
#####
##### NOTE: ClamAV Library Scanner should be preferred (less overhead)
#####

ENABLECLAMD false

# Path to clamd socket
#
# Default:
# CLAMDSOCKET /tmp/clamd

# ..OR if you use clamd TCP socket, uncomment to enable use
#
# Clamd daemon needs to run on the same server as HAVP
#
# Default: NONE
# CLAMDSERVER 127.0.0.1
# CLAMDPORT 3310


#####
##### F-Prot Socket Scanner
#####

ENABLEFPROT false

# F-Prot daemon needs to run on same server as HAVP
#
# Default:
# FPROTSERVER 127.0.0.1
# FPROTPORT 10200

# F-Prot options (only for version 6+ !)
#
# See "fpscand-client.sh --help" for possible options.
#
# At the moment:
#  --scanlevel=<n>  Which scanlevel to use, 0-4 (2).
#  --heurlevel=<n>  How aggressive heuristics should be used, 0-4 (2).
#  --archive=<n>    Scan inside supported archives n levels deep 1-99 (5).
#  --adware         Instructs the daemon to flag adware.
#  --applications   Instructs the daemon to flag potentially unwanted applications.
#
# Default: NONE
# FPROTOPTIONS --scanlevel=2 --heurlevel=2


#####
##### AVG Socket Scanner
#####

ENABLEAVG false

# AVG daemon needs to run on the same server as HAVP
#
# Default:
# AVGSERVER 127.0.0.1
# AVGPORT 55555


#####
##### Kaspersky Socket Scanner
#####

ENABLEAVESERVER false

# Path to aveserver socket
#
# Default:
# AVESOCKET /var/run/aveserver


#####
##### Sophos Scanner (Sophie)
#####

ENABLESOPHIE false

# Path to sophie socket
#
# Default:
# SOPHIESOCKET /var/run/sophie


#####
##### Trend Micro Library Scanner (Trophie)
#####

ENABLETROPHIE false

# Scanning limits inside archives (filesize = MB):
#
# Default:
# TROPHIEMAXFILES 50
# TROPHIEMAXFILESIZE 10
# TROPHIEMAXRATIO 250


#####
##### NOD32 Socket Scanner
#####

ENABLENOD32 false

# Path to nod32d socket
#
# For 3.0+ version, try /tmp/esets.sock
#
# Default:
# NOD32SOCKET /tmp/nod32d.sock

# Used NOD32 Version
#
#  30 = 3.0+
#  25 = 2.5+
#  21 = 2.x (very old)
#
# Default:
# NOD32VERSION 25


#####
##### Avast! Socket Scanner
#####

ENABLEAVAST false

# Path to avastd socket
#
# Default:
# AVASTSOCKET /var/run/avast4/local.sock

# ..OR if you use avastd TCP socket, uncomment to enable use
#
# Avast daemon needs to run on the same server as HAVP
#
# Default: NONE
# AVASTSERVER 127.0.0.1
# AVASTPORT 5036


#####
##### Arcavir Socket Scanner
#####

ENABLEARCAVIR false

# Path to arcavird socket
#
# For version 2008, default socket is /var/run/arcad.ctl
#
# Default:
# ARCAVIRSOCKET /var/run/arcavird.socket

# Used Arcavir version
#  2007 = Version 2007 and earlier
#  2008 = Version 2008 and later
#
# Default:
# ARCAVIRVERSION 2007


#####
##### DrWeb Socket Scanner
#####

ENABLEDRWEB false

# Enable heuristic scanning?
#
# Default:
# DRWEBHEURISTIC true

# Enable malware detection?
# (Adware, Dialer, Joke, Riskware, Hacktool)
#
# Default:
# DRWEBMALWARE true

# Path to drwebd socket
#
# Default:
# DRWEBSOCKET /var/drweb/run/.daemon

# ..OR if you use drwebd TCP socket, uncomment to enable use
#
# DrWeb daemon needs to run on the same server as HAVP
#
# Default: NONE
# DRWEBSERVER 127.0.0.1
# DRWEBPORT 3000