Need help installing DansGuardian on single home PC

Asked by Computer For Families

I am using the instructions provided by Olli' s journal for "Setting up DansGuardian on a single home PC running Ubuntu (/journal/item-985.php). When I tried to execute the sample commands the following occured:

cff@edubuntu:~$ sudo apt-get install dansguardian tinyproxy
Password:
Reading package lists... Done
Building dependency tree... Done
E: Couldn't find package dansguardian

When added the specific name and version of the downloaded software the following occured:

cff@edubuntu:~$ sudo apt-get install dansguardian-2.9.8.0 tinyproxy
Reading package lists... Done
Building dependency tree... Done
E: Couldn't find package dansguardian-2.9.8.0

BTW, the software was downloaded to my desktop and as you probably suspect, I am a novice with Linux.

Milt

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu gnome-terminal Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
towsonu2003 (towsonu2003) said :
#1

you probably don't have universe repository enabled. in a terminal (alt + f3, then type gnome-terminal)

gksu gedit /etc/apt/sources.list

and in the text file, add this line:
deb http://archive.ubuntu.com/ubuntu dapper universe

save and close the text file. now do:

sudo apt-get update
sudo apt-get install dansguardian tinyproxy

while making sure you are connected to the web. This shoudl install the packages.

More information about repositories:
http://ubuntuguide.org/wiki/Dapper#How_to_add_extra_repositories

Revision history for this message
Computer For Families (cfftest) said :
#2

I was successful in following your instructions up to the last two commands,

"sudo apt-get update" and "sudo apt-get install dansguardian tinyproxy" when the
following occured:

cff@edubuntu:~$ sudo apt-get update
Password:
Get:1 http://security.ubuntu.com dapper-security Release.gpg [191B]
Get:2 http://security.ubuntu.com dapper-security Release [30.9kB]
Get:3 http://security.ubuntu.com dapper-security/main Packages [74.1kB]
Get:4 http://us.archive.ubuntu.com dapper Release.gpg [189B]
Get:5 http://us.archive.ubuntu.com dapper-updates Release.gpg [191B]
Get:6 http://us.archive.ubuntu.com dapper Release [34.8kB]
Get:7 http://security.ubuntu.com dapper-security/restricted Packages [6446B]
Get:8 http://us.archive.ubuntu.com dapper-updates Release [29.6kB]
Get:9 http://security.ubuntu.com dapper-security/main Sources [13.3kB]
Get:10 http://us.archive.ubuntu.com dapper/main Packages [619kB]
Get:11 http://security.ubuntu.com dapper-security/restricted Sources [960B]
Get:12 http://us.archive.ubuntu.com dapper/restricted Packages [4571B]
Get:13 http://us.archive.ubuntu.com dapper/main Sources [255kB]
Get:14 http://us.archive.ubuntu.com dapper/restricted Sources [1478B]
Get:15 http://us.archive.ubuntu.com dapper/universe Packages [2458kB]
Get:16 http://us.archive.ubuntu.com dapper/universe Sources [975kB]
Get:17 http://us.archive.ubuntu.com dapper-updates/main Packages [122kB]
Get:18 http://us.archive.ubuntu.com dapper-updates/restricted Packages [14B]
Get:19 http://us.archive.ubuntu.com dapper-updates/main Sources [46.5kB]
Get:20 http://us.archive.ubuntu.com dapper-updates/restricted Sources [14B]
Fetched 4672kB in 24m39s (3158B/s)
Reading package lists... Done

cff@edubuntu:~$ sudo apt-get install dansguardian tinyproxy
Password:
Reading package lists... Done
Building dependency tree... Done
The following extra packages will be installed:
  clamav clamav-base clamav-freshclam libclamav1 libesmtp5 libssl0.9.7
Suggested packages:
  unrar lha clamav-docs squid
Recommended packages:
  arj unzoo
The following NEW packages will be installed:
  clamav clamav-base clamav-freshclam dansguardian libclamav1 libesmtp5
  libssl0.9.7 tinyproxy
0 upgraded, 8 newly installed, 0 to remove and 188 not upgraded.
Need to get 7358kB of archives.
After unpacking 13.2MB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://us.archive.ubuntu.com dapper/universe libclamav1 0.88.2-1ubuntu1 [2
63kB]
Get:2 http://us.archive.ubuntu.com dapper/universe clamav-base 0.88.2-1ubuntu1 [
172kB]
Get:3 http://us.archive.ubuntu.com dapper/universe clamav-freshclam 0.88.2-1ubun
tu1 [4297kB]
Get:4 http://us.archive.ubuntu.com dapper/universe clamav 0.88.2-1ubuntu1 [65.7k
B]
Get:5 http://us.archive.ubuntu.com dapper/universe libssl0.9.7 0.9.7g-5ubuntu1 [
2176kB]
Get:6 http://us.archive.ubuntu.com dapper/universe libesmtp5 1.0.3-1 [51.9kB]
Get:7 http://us.archive.ubuntu.com dapper/universe dansguardian 2.8.0.6-antiviru
s-6.3.8-1-1 [267kB]
Get:8 http://us.archive.ubuntu.com dapper/universe tinyproxy 1.6.3-3 [65.8kB]
Fetched 7358kB in 39m6s (3136B/s)
Preconfiguring packages ...
Selecting previously deselected package libclamav1.
(Reading database ... 82390 files and directories currently installed.)
Unpacking libclamav1 (from .../libclamav1_0.88.2-1ubuntu1_i386.deb) ...
Selecting previously deselected package clamav-base.
Unpacking clamav-base (from .../clamav-base_0.88.2-1ubuntu1_all.deb) ...
Selecting previously deselected package clamav-freshclam.
Unpacking clamav-freshclam (from .../clamav-freshclam_0.88.2-1ubuntu1_i386.deb)
..
Selecting previously deselected package clamav.
Unpacking clamav (from .../clamav_0.88.2-1ubuntu1_i386.deb) ...
Selecting previously deselected package libssl0.9.7.
Unpacking libssl0.9.7 (from .../libssl0.9.7_0.9.7g-5ubuntu1_i386.deb) ...
Selecting previously deselected package libesmtp5.
Unpacking libesmtp5 (from .../libesmtp5_1.0.3-1_i386.deb) ...
Selecting previously deselected package dansguardian.
Unpacking dansguardian (from .../dansguardian_2.8.0.6-antivirus-6.3.8-1-1_i386.d
eb) ...
Selecting previously deselected package tinyproxy.
Unpacking tinyproxy (from .../tinyproxy_1.6.3-3_i386.deb) ...
Setting up libclamav1 (0.88.2-1ubuntu1) ...

Setting up clamav-base (0.88.2-1ubuntu1) ...
Adding system user `clamav'...
Adding new group `clamav' (113).
Adding new user `clamav' (113) with group `clamav'.
Not creating home directory `/var/lib/clamav'.
dpkg: error processing clamav-base (--configure):
 subprocess post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of clamav-freshclam:
 clamav-freshclam depends on clamav-base (= 0.88.2-1ubuntu1); however:
  Package clamav-base is not configured yet.
dpkg: error processing clamav-freshclam (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of clamav:
 clamav depends on clamav-freshclam | clamav-data; however:
  Package clamav-freshclam is not configured yet.
  Package clamav-data is not installed.
  Package clamav-freshclam which provides clamav-data is not configured yet.
dpkg: error processing clamav (--configure):
 dependency problems - leaving unconfigured
Setting up libssl0.9.7 (0.9.7g-5ubuntu1) ...

Setting up libesmtp5 (1.0.3-1) ...

dpkg: dependency problems prevent configuration of dansguardian:
 dansguardian depends on clamav; however:
  Package clamav is not configured yet.
dpkg: error processing dansguardian (--configure):
 dependency problems - leaving unconfigured
Setting up tinyproxy (1.6.3-3) ...
Starting tinyproxy: tinyproxy.

Errors were encountered while processing:
 clamav-base
 clamav-freshclam
 clamav
 dansguardian
E: Sub-process /usr/bin/dpkg returned an error code (1)
cff@edubuntu:~$

BTW, I had previously downloaded the DansGuardian and Tinyproxy .gz files to my
Desktop folder...was that neccessary?

Thank you for all your help.

Milt
====
Quoting towsonu2003 <email address hidden>:

> Support request #1978 on Ubuntu changed:
> https://launchpad.net/distros/ubuntu/+ticket/1978
>
> Comment:
> you probably don't have universe repository enabled. in a terminal (alt + f3,
> then type gnome-terminal)
>
> gksu gedit /etc/apt/sources.list
>
> and in the text file, add this line:
> deb http://archive.ubuntu.com/ubuntu dapper universe
>
> save and close the text file. now do:
>
> sudo apt-get update
> sudo apt-get install dansguardian tinyproxy
>
> while making sure you are connected to the web. This shoudl install the
> packages.
>
> More information about repositories:
> http://ubuntuguide.org/wiki/Dapper#How_to_add_extra_repositories
>
>

Revision history for this message
towsonu2003 (towsonu2003) said :
#3

what is the output of
sudo apt-get install clamav-base
?

if it gives an error (please copy paste here), what is the output of
sudo apt-get -f install
?

*Important note*: the last command may want to remove very important software, just say "no" to its prompt and copy-paste its output.

> I had previously downloaded the DansGuardian and Tinyproxy .gz files to my
> Desktop folder...was that neccessary?
no, apt-get (and synaptic, its frontend, accessible thru System>Administration>Synaptic Package Manager) downloads and installs everything from ubuntu repositories.

Revision history for this message
Computer For Families (cfftest) said :
#4

FYI, when I use the command "gksu gedit /etc/apt/sources.list" the following
occured:

cff@edubuntu:~$ gksu gedit /etc/apt/sources.list
(gedit:5682): GnomeUI-WARNING **: While connecting to session manager:
Authentication Rejected, reason : None of the authentication protocols specified
are supported and host-based authentication failed.

Below are the answers to your two questions. Again, thank you for your help.

Milt

Quoting towsonu2003 <email address hidden>:

> Support request #1978 on Ubuntu changed:
> https://launchpad.net/distros/ubuntu/+ticket/1978
>
> Comment:
> what is the output of
> sudo apt-get install clamav-base
> ?
=====10/10/2006
> cff@edubuntu:~$ sudo apt-get install clamav-base
Reading package lists... Done
Building dependency tree... Done
clamav-base is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.
4 not fully installed or removed.
Need to get 0B of archives.
After unpacking 0B of additional disk space will be used.
Setting up clamav-base (0.88.2-1ubuntu1) ...

Setting up clamav-freshclam (0.88.2-1ubuntu1) ...
 * Starting ClamAV virus database updater freshclam [ ok ]

Setting up clamav (0.88.2-1ubuntu1) ...
Setting up dansguardian (2.8.0.6-antivirus-6.3.8-1-1) ...
adduser: Warning: The home dir you specified already exists.
Adding system user `dansguardian'...
Adding new group `dansguardian' (114).
Adding new user `dansguardian' (114) with group `dansguardian'.
The home directory `/var/log/dansguardian' already exists. Not copying from `/e
tc/skel'
adduser: Warning: that home directory does not belong to the user you are curren
tly creating
        DansGuardian has not been configured!
        Please edit /etc/dansguardian/dansguardian.conf manually then rerun
        this script.

cff@edubuntu:~$
=========
> if it gives an error (please copy paste here), what is the output of
> sudo apt-get -f install
> ?
==== 10/10/2006
> cff@edubuntu:~$ sudo apt-get -f install
Reading package lists... Done
Building dependency tree... Done
0 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.
cff@edubuntu:~$
===

> *Important note*: the last command may want to remove very important
> software, just say "no" to its prompt and copy-paste its output.
>
> > I had previously downloaded the DansGuardian and Tinyproxy .gz files to my
> > Desktop folder...was that neccessary?
> no, apt-get (and synaptic, its frontend, accessible thru
> System>Administration>Synaptic Package Manager) downloads and installs
> everything from ubuntu repositories.
>

Revision history for this message
towsonu2003 (towsonu2003) said :
#5

Computer For Families wrote:
> Support request #1978 on Ubuntu changed:
> https://launchpad.net/distros/ubuntu/+ticket/1978
>
> Comment:
> FYI, when I use the command "gksu gedit /etc/apt/sources.list" the following
> occured:
>
> cff@edubuntu:~$ gksu gedit /etc/apt/sources.list
> (gedit:5682): GnomeUI-WARNING **: While connecting to session manager:
> Authentication Rejected, reason : None of the authentication protocols specified
> are supported and host-based authentication failed.
>

same for me as well, but the file opens. I myself use "sudo gedit
blablabla" to open a text file with root privileges but ppl say we're
supposed to use "gksu". Nevermind though, you have the repositories
enabled now (as I saw in the previous comments) so it's okay.

> adduser: Warning: that home directory [/var/log/dansguardian] does not belong to the user you are curren
> tly creating
> DansGuardian has not been configured!
> Please edit /etc/dansguardian/dansguardian.conf manually then rerun
> this script.
>

ok at least it installed some of the packages now it seems ;)

I believe from the same howto page
(http://www.pilpi.net/journal/item-985.php), you will continue from
where it says:

Configure /etc/dansguardian/dansguardian.conf - at least you will have
to comment the line saying UNCONFIGURED (but please do check out the
other options in the file, they're not hard), and then:

    sudo dpkg-reconfigure dansguardian

To open the configuration file, I believe you'll have to open it like this
sudo gedit /etc/dansguardian/dansguardian.conf (if it opens an empty
file, that means that you or me wrote the path / filename wrong and it
couldn't find the specified file; so instead it opened a new file).

PS. installing files is usually much easier than this in ubuntu. maybe a
bug report to dansguardian so it doesn't ask the user to hand-configure
conf files and leave apt-get unhappy?

PSS. After you dpkg-reconfigure, do
sudo apt-get update
sudo apt-get install dansguardian tinyproxy
sudo apt-get upgrade

to make sure apt-get is nice, happy, and clean. it is the tool that
keeps your computer up-to-date, so it needs to be happy at all times ;)

PSSS. You might wanna check
http://www.ubuntuforums.org/showthread.php?t=207008&highlight=dansguardian+tinyproxy+firehol
which seems to be a better howto page...

Revision history for this message
Computer For Families (cfftest) said :
#6

First of all, I want to make sure that you know how appreciative I am for all
of
your help. Second, I am a volunteer to the Computers For Families (CFF) program
that is offering free computers in order to erase the digital divide in Santa
Barbara. The CFF program mission is "a computer for every child who can't
afford one". We want to replace Windows 2000 with Edubuntu on the donated
computers, therefore, we need to replace the Windows only content filter,
Cybersitter, with DansGuardian.

Here are my latest results:

cff@edubuntu:~$ sudo gedit /etc/dansguardian/dansguardian.conf
Password:
cff@edubuntu:~$ sudo dpkg-reconfigure dansguardian
Stopping DansGuardian: dansguardian.
Starting DansGuardian: Error connecting to parent proxy
invoke-rc.d: initscript dansguardian, action "start" failed.
cff@edubuntu:~$

A copy of the dansguardian.conf file, after modification, is attached.

Milt

============

Quoting towsonu2003 <email address hidden>:

> Support request #1978 on Ubuntu changed:
> https://launchpad.net/distros/ubuntu/+ticket/1978
>
> Comment:
> Computer For Families wrote:
> > Support request #1978 on Ubuntu changed:
> > https://launchpad.net/distros/ubuntu/+ticket/1978
> >
> > Comment:
> > FYI, when I use the command "gksu gedit /etc/apt/sources.list" the
> following
> > occured:
> >
> > cff@edubuntu:~$ gksu gedit /etc/apt/sources.list
> > (gedit:5682): GnomeUI-WARNING **: While connecting to session manager:
> > Authentication Rejected, reason : None of the authentication protocols
> specified
> > are supported and host-based authentication failed.
> >
>
> same for me as well, but the file opens. I myself use "sudo gedit
> blablabla" to open a text file with root privileges but ppl say we're
> supposed to use "gksu". Nevermind though, you have the repositories
> enabled now (as I saw in the previous comments) so it's okay.
>
> > adduser: Warning: that home directory [/var/log/dansguardian] does not
> belong to the user you are curren
> > tly creating
> > DansGuardian has not been configured!
> > Please edit /etc/dansguardian/dansguardian.conf manually then
> rerun
> > this script.
> >
>
> ok at least it installed some of the packages now it seems ;)
>
> I believe from the same howto page
> (http://www.pilpi.net/journal/item-985.php), you will continue from
> where it says:
>
> Configure /etc/dansguardian/dansguardian.conf - at least you will have
> to comment the line saying UNCONFIGURED (but please do check out the
> other options in the file, they're not hard), and then:
>
> sudo dpkg-reconfigure dansguardian
>
> To open the configuration file, I believe you'll have to open it like this
> sudo gedit /etc/dansguardian/dansguardian.conf (if it opens an empty
> file, that means that you or me wrote the path / filename wrong and it
> couldn't find the specified file; so instead it opened a new file).
>
> PS. installing files is usually much easier than this in ubuntu. maybe a
> bug report to dansguardian so it doesn't ask the user to hand-configure
> conf files and leave apt-get unhappy?
>
> PSS. After you dpkg-reconfigure, do
> sudo apt-get update
> sudo apt-get install dansguardian tinyproxy
> sudo apt-get upgrade
>
> to make sure apt-get is nice, happy, and clean. it is the tool that
> keeps your computer up-to-date, so it needs to be happy at all times ;)
>
> PSSS. You might wanna check
>
http://www.ubuntuforums.org/showthread.php?t=207008&highlight=dansguardian+tinyproxy+firehol
> which seems to be a better howto page...
>

Revision history for this message
towsonu2003 (towsonu2003) said :
#7

Computer For Families wrote:
> Starting DansGuardian: Error connecting to parent proxy
> A copy of the
> dansguardian.conf file, after modification, is attached.

uhm, I guess tickets don't allow attachments. can you do copy-paste?

do you have a firewall? if so, allow connection from 127.0.0.1 to
127.0.0.1 at port 3128... source:
http://security.linux.com/comments.pl?sid=34088&op=&threshold=0&commentsort=0&mode=thread&tid=49&pid=89542#89981

do you have squid installed (if you didn't install it yourself, you
don't have it installed)?

I'll probably not be able to help from this point on, as I have no
experience at all with dansguardian. I'll do my best anyway. we'll see :)

I also filed a bug report on this, claiming the dansguardian
installation is just too hard (it is... as far as I can see from your
experiences) here: https://launchpad.net/bugs/65533

also, please change the source package for the ticket, it might enable
you to get better help; see link:
https://launchpad.net/distros/ubuntu/+ticket/1978/+sourcepackage
currently, ticket is for ubuntu gnome-terminal. it should be for ubuntu
dansguardian afaik.

thanks :)

--
Please scan all attachments for viruses.
Or (though you might like Rodin) you might as well avoid "The Gates of
Hell" and use Linux.

Revision history for this message
Computer For Families (cfftest) said :
#8

Per your request, I have copy-paste the DansGuardian.conf file. I will be
responding to your other recommendations by separate emails.

Milt

Quoting towsonu2003 <email address hidden>:

> Support request #1978 on Ubuntu changed:
> https://launchpad.net/distros/ubuntu/+ticket/1978
>
> Comment:
> Computer For Families wrote:
> > Starting DansGuardian: Error connecting to parent proxy
> > A copy of the
> > dansguardian.conf file, after modification, is attached.
>
> uhm, I guess tickets don't allow attachments. can you do copy-paste?
# DansGuardian config file for version 2.8.0 with Anti-Virus plug-in 6.3.8

# **NOTE** as of version 2.7.5 most of the list files are now in
dansguardianf1.conf

# Comment this line out once you have modified this file to suit your needs
# UNCONFIGURED

# Web Access Denied Reporting (does not affect logging)
#
# -1 = log, but do not block - Stealth mode
# 0 = just say 'Access Denied'
# 1 = report why but not what denied phrase
# 2 = report fully
# 3 = use HTML template file (accessdeniedaddress ignored) - recommended
#
reportinglevel = 3

# Language dir where languages are stored for internationalisation.
# The HTML template within this dir is only used when reportinglevel
# is set to 3. When used, DansGuardian will display the HTML file instead of
# using the perl cgi script. This option is faster, cleaner
# and easier to customise the access denied page.
# The language file is used no matter what setting however.
#
languagedir = '/etc/dansguardian/languages'

# language to use from languagedir.
language = 'ukenglish'

# Logging Settings
#
# 0 = none 1 = just denied 2 = all text based 3 = all requests
loglevel = 2

# Log Exception Hits
# Log if an exception (user, ip, URL, phrase) is matched and so
# the page gets let through. Can be useful for diagnosing
# why a site gets through the filter. on | off
logexceptionhits = on

# Log File Format
# 1 = DansGuardian format 2 = CSV-style format
# 3 = Squid Log File Format 4 = Tab delimited
logfileformat = 1

# Log file location
#
# Defines the log directory and filename.
#loglocation = '/var/log/dansguardian/access.log'

# Network Settings
#
# the IP that DansGuardian listens on. If left blank DansGuardian will
# listen on all IPs. That would include all NICs, loopback, modem, etc.
# Normally you would have your firewall protecting this, but if you want
# you can limit it to only 1 IP. Yes only one.
filterip =

# the port that DansGuardian listens to.
filterport = 8080

# the ip of the proxy (default is the loopback - i.e. this server)
proxyip = 127.0.0.1

# the port DansGuardian connects to proxy on
proxyport = 3128

# accessdeniedaddress is the address of your web server to which the cgi
# dansguardian reporting script was copied
# Do NOT change from the default if you are not using the cgi.
#
accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'

# Non standard delimiter (only used with accessdeniedaddress)
# Default is enabled but to go back to the original standard mode dissable it.
nonstandarddelimiter = on

# Banned image replacement
# Images that are banned due to domain/url/etc reasons including those
# in the adverts blacklists can be replaced by an image. This will,
# for example, hide images from advert sites and remove broken image
# icons from banned domains.
# 0 = off
# 1 = on (default)
usecustombannedimage = 1
custombannedimagefile = '/etc/dansguardian/transparent1x1.gif'

# Filter groups options
# filtergroups sets the number of filter groups. A filter group is a set of
content
# filtering options you can apply to a group of users. The value must be 1 or
more.
# DansGuardian will automatically look for dansguardianfN.conf where N is the
filter
# group. To assign users to groups use the filtergroupslist option. All users
default
# to filter group 1. You must have some sort of authentication to be able to
map users
# to a group. The more filter groups the more copies of the lists will be in
RAM so
# use as few as possible.
filtergroups = 1
filtergroupslist = '/etc/dansguardian/filtergroupslist'

# Authentication files location
bannediplist = '/etc/dansguardian/bannediplist'
exceptioniplist = '/etc/dansguardian/exceptioniplist'
banneduserlist = '/etc/dansguardian/banneduserlist'
exceptionuserlist = '/etc/dansguardian/exceptionuserlist'

# Show weighted phrases found
# If enabled then the phrases found that made up the total which excedes
# the naughtyness limit will be logged and, if the reporting level is
# high enough, reported. on | off
showweightedfound = on

# Weighted phrase mode
# There are 3 possible modes of operation:
# 0 = off = do not use the weighted phrase feature.
# 1 = on, normal = normal weighted phrase operation.
# 2 = on, singular = each weighted phrase found only counts once on a page.
#
weightedphrasemode = 2

# Positive result caching for text URLs
# Caches good pages so they don't need to be scanned again
# 0 = off (recommended for ISPs with users with disimilar browsing)
# 2000 = recommended for most users
# 5000 = suggested max upper limit
urlcachenumber = 2000
#
# Age before they are stale and should be ignored in seconds
# 0 = never
# 900 = recommended = 15 mins
urlcacheage = 900

# Smart and Raw phrase content filtering options
# Smart is where the multiple spaces and HTML are removed before phrase
filtering
# Raw is where the raw HTML including meta tags are phrase filtered
# CPU usage can be effectively halved by using setting 0 or 1
# 0 = raw only
# 1 = smart only
# 2 = both (default)
phrasefiltermode = 2

# Lower casing options
# When a document is scanned the uppercase letters are converted to lower case
# in order to compare them with the phrases. However this can break Big5 and
# other 16-bit texts. If needed preserve the case. As of version 2.7.0
accented
# characters are supported.
# 0 = force lower case (default)
# 1 = do not change case
preservecase = 0

# Hex decoding options
# When a document is scanned it can optionally convert %XX to chars.
# If you find documents are getting past the phrase filtering due to encoding
# then enable. However this can break Big5 and other 16-bit texts.
# 0 = disabled (default)
# 1 = enabled
hexdecodecontent = 0

# Force Quick Search rather than DFA search algorithm
# The current DFA implementation is not totally 16-bit character compatible
# but is used by default as it handles large phrase lists much faster.
# If you wish to use a large number of 16-bit character phrases then
# enable this option.
# 0 = off (default)
# 1 = on (Big5 compatible)
forcequicksearch = 0

# Reverse lookups for banned site and URLs.
# If set to on, DansGuardian will look up the forward DNS for an IP URL
# address and search for both in the banned site and URL lists. This would
# prevent a user from simply entering the IP for a banned address.
# It will reduce searching speed somewhat so unless you have a local caching
# DNS server, leave it off and use the Blanket IP Block option in the
# bannedsitelist file instead.
reverseaddresslookups = off

# Reverse lookups for banned and exception IP lists.
# If set to on, DansGuardian will look up the forward DNS for the IP
# of the connecting computer. This means you can put in hostnames in
# the exceptioniplist and bannediplist.
# It will reduce searching speed somewhat so unless you have a local DNS server,

# leave it off.
reverseclientiplookups = off

# Build bannedsitelist and bannedurllist cache files.
# This will compare the date stamp of the list file with the date stamp of
# the cache file and will recreate as needed.
# If a bsl or bul .processed file exists, then that will be used instead.
# It will increase process start speed by 300%. On slow computers this will
# be significant. Fast computers do not need this option. on | off
createlistcachefiles = on

# POST protection (web upload and forms)
# does not block forms without any file upload, i.e. this is just for
# blocking or limiting uploads
# measured in kibibytes after MIME encoding and header bumph
# use 0 for a complete block
# use higher (e.g. 512 = 512Kbytes) for limiting
# use -1 for no blocking
#maxuploadsize = 512
#maxuploadsize = 0
maxuploadsize = -1

# Max content filter page size
# Sometimes web servers label binary files as text which can be very
# large which causes a huge drain on memory and cpu resources.
# To counter this, you can limit the size of the document to be
# filtered and get it to just pass it straight through.
# This setting also applies to content regular expression modification.
# The size is in Kibibytes - eg 2048 = 2Mb
# use 0 for no limit
maxcontentfiltersize = 256

# Username identification methods (used in logging)
# You can have as many methods as you want and not just one. The first one
# will be used then if no username is found, the next will be used.
# * proxyauth is for when basic proxy authentication is used (no good for
# transparent proxying).
# * ntlm is for when the proxy supports the MS NTLM authentication
# protocol. (Only works with IE5.5 sp1 and later). **NOT IMPLEMENTED**
# * ident is for when the others don't work. It will contact the computer
# that the connection came from and try to connect to an identd server
# and query it for the user owner of the connection.
usernameidmethodproxyauth = on
usernameidmethodntlm = off # **NOT IMPLEMENTED**
usernameidmethodident = off

# Preemptive banning - this means that if you have proxy auth enabled and a user
accesses
# a site banned by URL for example they will be denied straight away without a
request
# for their user and pass. This has the effect of requiring the user to visit a
clean
# site first before it knows who they are and thus maybe an admin user.
# This is how DansGuardian has always worked but in some situations it is less
than
# ideal. So you can optionally disable it. Default is on.
# As a side effect disabling this makes AD image replacement work better as the
mime
# type is know.
preemptivebanning = on

# Misc settings

# if on it adds an X-Forwarded-For: <clientip> to the HTTP request
# header. This may help solve some problem sites that need to know the
# source ip. on | off
forwardedfor = off

# if on it uses the X-Forwarded-For: <clientip> to determine the client
# IP. This is for when you have squid between the clients and DansGuardian.
# Warning - headers are easily spoofed. on | off
usexforwardedfor = off

# if on it logs some debug info regarding fork()ing and accept()ing which
# can usually be ignored. These are logged by syslog. It is safe to leave
# it on or off
logconnectionhandlingerrors = on

# Fork pool options

# sets the maximum number of processes to sporn to handle the incomming
# connections. Max value usually 250 depending on OS.
# On large sites you might want to try 180.
maxchildren = 120

# sets the minimum number of processes to sporn to handle the incomming
connections.
# On large sites you might want to try 32.
minchildren = 8

# sets the minimum number of processes to be kept ready to handle connections.
# On large sites you might want to try 8.
minsparechildren = 4

# sets the minimum number of processes to sporn when it runs out
# On large sites you might want to try 10.
preforkchildren = 6

# sets the maximum number of processes to have doing nothing.
# When this many are spare it will cull some of them.
# On large sites you might want to try 64.
maxsparechildren = 32

# sets the maximum age of a child process before it croaks it.
# This is the number of connections they handle before exiting.
# On large sites you might want to try 10000.
maxagechildren = 500

# Process options
# (Change these only if you really know what you are doing).
# These options allow you to run multiple instances of DansGuardian on a single
machine.
# Remember to edit the log file path above also if that is your intention.

# IPC filename
#
# Defines IPC server directory and filename used to communicate with the log
process.
ipcfilename = '/tmp/.dguardianipc'

# URL list IPC filename
#
# Defines URL list IPC server directory and filename used to communicate with
the URL
# cache process.
urlipcfilename = '/tmp/.dguardianurlipc'

# PID filename
#
# Defines process id directory and filename.
#pidfilename = '/var/run/dansguardian.pid'

# Disable daemoning
# If enabled the process will not fork into the background.
# It is not usually advantageous to do this.
# on|off ( defaults to off )
nodaemon = off

# Disable logging process
# on|off ( defaults to off )
nologger = off

# Daemon runas user and group
# This is the user that DansGuardian runs as. Normally the user/group nobody.
# Uncomment to use. Defaults to the user set at compile time.
# daemonuser = 'nobody'
# daemongroup = 'nobody'

# Soft restart
# When on this disables the forced killing off all processes in the process
group.
# This is not to be confused with the -g run time option - they are not
related.
# on|off ( defaults to off )
softrestart = off

# ANTIVIRUS SETTINGS
# --------------------

# OPTION: virusscan
# If on, we scan all downloaded content using embedded virus engine.
# Supported engines of this version are ClamAV, KAV or ClamDScan.
# If off, we don't scan any downloaded content.
# See http://www.pcxperience.org/dgvirus/ for more details.
#
virusscan = on

# OPTION: virusengine
# Set the embedded virus scan engine to be used (clamdscan, clamav or kav).
virusengine = 'clamav'

# OPTION: tricklelength
# If off (value = -1), the scanner will send 1 byte per delay period
# to the client to keep a download connection alive.
# When the whole file is downloaded and scanned, the client will receive
# all remaining bytes, if the file is clean.
# Set to a positive integer value to enable immediate delivery to the client.
# Value set means minimum number of bytes of the downloaded file
# that will be held and delivered after virus scan.
# If clean, the remaining bytes will be sent to the client.
# If infected, file downloaded will be incomplete and a warning message
# will be sent to the postmaster and possibly the user.
# Recommended minimum positive value: 32768 (32 kbytes)
#
tricklelength = 32768

# OPTION: firsttrickledelay
# Delay in seconds to deliver the first byte to the client.
# This option only applies if tricklelength is set to -1 (off).
#
firsttrickledelay = 30

# OPTION: follwingtrickledelay
# Delay in seconds to deliver subsequent bytes to the client.
# This option only applies if tricklelength is set to -1 (off).
#
followingtrickledelay = 60

# OPTION: exceptionvirusmimetypelist
# The following file allow you to define mime types
# that should not be virus scanned.
exceptionvirusmimetypelist = '/etc/dansguardian/exceptionvirusmimetypelist'

# OPTION: maxcontentscansize
# Set the maximum size of a content to be virus scanned.
# Content size above this value will not be scanned against viruses.
# Value below 1 will be define as default to 262144 (256 Mbytes).
# The size is in Kibibytes - eg 2048 = 2 Mbytes.
maxcontentscansize = 262144

# OPTION: exceptionvirusextensionlist
# The following file allow you to define file extensions
# that should not be virus scanned.
exceptionvirusextensionlist = '/etc/dansguardian/exceptionvirusextensionlist'

# OPTION: downloaddir
# Set where the files are downloaded to before they are scanned.
downloaddir = '/tmp/dgvirus'

# OPTION: virusscanexceptions
# If off, antivirus scanner will ignore exception sites and urls.
#
virusscanexceptions = on

# OPTION: urlcachecleanonly
# If off, url cache will contain entries of text only urls.
# Keeping it off, preserves original Dansguardian feature and
# downloaded content will be always scanned by antivirus.
# When turned on, urlcache will be loaded only with content
# found to be good and that is virus free.
# Thus, content of urls found in urlcache WILL NOT BE SCANNED AGAIN.
#
urlcachecleanonly = on

# OPTION: virusscannertimeout
# The maximum length of time the commercial virus scanner is allowed to run
# for 1 batch of messages (in seconds).
virusscannertimeout = 60

# OPTION: notify
# Sets who receives email notification when a virus is found.
# Users must be authenticated to be able to receive messages.
# Email address for users will be formed by the authentication name received by
DG
# plus @emaildomain (see option below)
# 0 = disabled
# 1 = user only
# 2 = postmaster only
# 3 = postmaster and users (default)
notify = 0

# OPTION: emaildomain
# Set email domain to use when notifying users of an infected file.
# This is just the domain name part, after the @
emaildomain = 'your.domain.com'

# OPTION: postmaster
# Set email address of who to notify about any infections found.
# Should put your full domain name here too.
postmaster = '<email address hidden>'

# OPTION: emailserver
# Set the address and port of the Mail Server to send notifications through.
emailserver = '127.0.0.1:25'

# CLAMDSCAN SETTINGS
# --------------------
# OPTION: localsocket
# Set name of the local socket file
# default: '/tmp/clamd'
localsocket = '/tmp/clamd'

# CLAMAV SETTINGS
# --------------------
# OPTION: clmaxfiles
# Set maximum number of files inside a compressed file
# default: 1500 files
clmaxfiles = 1500

# OPTION: clmaxreclevel
# Set maximum recursion level to perform scan on a compressed file
# that is inside a compressed file
# default: 3 levels
clmaxreclevel = 3

# OPTION: clmaxfilesize
# Set maximum file size of a file inside a compressed file
# default: 10485760 = 10 Mbytes
clmaxfilesize = 10485760

# OPTION: clmaxratio
# Set maximum compression ratio an archive content can have
# default: 250
clmaxratio = 250

Revision history for this message
towsonu2003 (towsonu2003) said :
#9

Found two other guides on dansguardian, maybe they can help:
http://www.ubuntuforums.org/showthread.php?t=207008
http://ubuntuforums.org/showpost.php?p=1222237&postcount=21

Sorry I can't help with this further

Revision history for this message
Computer For Families (cfftest) said :
#10

Hi,

Thank you for the guides on dansguardian...I will let you know how it goes. I
really appreciate your help.

Quoting towsonu2003 <email address hidden>:

> Support request #1978 on Ubuntu changed:
> https://launchpad.net/distros/ubuntu/+ticket/1978
>
> Comment:
> Found two other guides on dansguardian, maybe they can help:
> http://www.ubuntuforums.org/showthread.php?t=207008
> http://ubuntuforums.org/showpost.php?p=1222237&postcount=21
>
> Sorry I can't help with this further
>

Revision history for this message
Computer For Families (cfftest) said :
#11

Hi Daniel,

The following contains my most recent results trying to configure
DansGuardian
with Edubuntu 6.06 LTS. Do you have any recommendations?

Regards,

Milt
=============================
With the help of towsonu2003 <email address hidden> and Olli's
Journal for "Setting up DansGuardian on a single home PC running Ubuntu
(/journal/item-985.php), I have successfully installed DansGuardian, TinyProxy
and FireHOL from the repository. By adding two sites that I want to exclude,
myspace.com and doyoulookgood.com, to etc/dansguardian/bannedsitelist, I was
able to verify that I am on the right tract as follows:

#List other sites to block:

badboys.com
myspace.com #Test site to be excluded
doyoulookgood.com #Test site to be excluded

However, when I removed the “#” from
“#.Include</etc/dansguardian/blacklists/porn/domains>”, as follows:

#Remove the # from the following and edit as needed to use a stock
#squidGuard/urlblacklist blacklists collection.
#.Include</etc/dansguardian/blacklists/ads/domains>
#.Include</etc/dansguardian/blacklists/adult/domains>
#.Include</etc/dansguardian/blacklists/aggressive/domains>
#.Include</etc/dansguardian/blacklists/artnudes/domains>
#.Include</etc/dansguardian/blacklists/audio-video/domains>
#.Include</etc/dansguardian/blacklists/beerliquorinfo/domains>
#.Include</etc/dansguardian/blacklists/beerliquorsale/domains>
#.Include</etc/dansguardian/blacklists/chat/domains>
#.Include</etc/dansguardian/blacklists/childcare/domains>
#.Include</etc/dansguardian/blacklists/clothing/domains>
#.Include</etc/dansguardian/blacklists/culinary/domains>
#.Include</etc/dansguardian/blacklists/dialers/domains>
#.Include</etc/dansguardian/blacklists/drugs/domains>
#.Include</etc/dansguardian/blacklists/entertainment/domains>
#.Include</etc/dansguardian/blacklists/forums/domains>
#.Include</etc/dansguardian/blacklists/frencheducation/domains>
#.Include</etc/dansguardian/blacklists/gambling/domains>
#.Include</etc/dansguardian/blacklists/government/domains>
#.Include</etc/dansguardian/blacklists/hacking/domains>
#.Include</etc/dansguardian/blacklists/homerepair/domains>
#.Include</etc/dansguardian/blacklists/hygiene/domains>
#.Include</etc/dansguardian/blacklists/jewelry/domains>
#.Include</etc/dansguardian/blacklists/jobsearch/domains>
#.Include</etc/dansguardian/blacklists/kidstimewasting/domains>
#.Include</etc/dansguardian/blacklists/mail/domains>
#.Include</etc/dansguardian/blacklists/news/domains>
#.Include</etc/dansguardian/blacklists/onlineauctions/domains>
#.Include</etc/dansguardian/blacklists/onlinegames/domains>
#.Include</etc/dansguardian/blacklists/onlinepayment/domains>
#.Include</etc/dansguardian/blacklists/personalfinance/domains>
#.Include</etc/dansguardian/blacklists/pets/domains>
.Include</etc/dansguardian/blacklists/porn/domains> #Test sites to be
excluded
#.Include</etc/dansguardian/blacklists/proxy/domains>
#.Include</etc/dansguardian/blacklists/publicite/domains>
#.Include</etc/dansguardian/blacklists/redirector/domains>
#.Include</etc/dansguardian/blacklists/ringtones/domains>
#.Include</etc/dansguardian/blacklists/sportnews/domains>
#.Include</etc/dansguardian/blacklists/sports/domains>
#.Include</etc/dansguardian/blacklists/vacation/domains>
#.Include</etc/dansguardian/blacklists/violence/domains>
#.Include</etc/dansguardian/blacklists/virusinfected/domains>
#.Include</etc/dansguardian/blacklists/warez/domains>

# You will need to edit to add and remove categories you want

The following errors occur:
cff@edubuntu:~$ sudo /etc/init.d/dansguardian restart
Password:
Restarting DansGuardian: Error reading file:
/etc/dansguardian/blacklists/porn/domains
Error reading file: /etc/dansguardian/blacklists/porn/domains
Error opening file:/etc/dansguardian/blacklists/porn/domains
Error opening bannedsitelist
Error opening filter list:/etc/dansguardian/dansguardianf1.conf
Error reading filter group conf file(s).
Error parsing the dansguardian.conf file or other DansGuardian configuration
files

Therefore, would it be possible to create a “DansGuardian Internet Suite” with
instructions for how to customize the content filter for individual
requirements. For example, the agency where I volunteer is providing
refurbished computers with Edubuntu 6.06 LTS to all low-income 4th - 6th grade
students. With over 400 million sex web sites on the Internet, they have a
formidable task to protect the students.

=================Oct 21, 2006
In respose to your request for advice, I have included my most recent email to
Daniel, on the Edubuntu team. If you can help me to expidite resolution of my
problem providing a content filter for the elementary school students it would
be great.

Milt
<email address hidden>
========
Quoting towsonu2003 <email address hidden>:

> advice needed: should I subscribe the edubuntu team, or should I leave
> this alone now?
>
> also see my email at https://lists.ubuntu.com/archives/edubuntu-
> devel/2006-October/001868.html to edubuntu-devel (linking for reference
> *only*)
>
> --
> dansguardian installation / configuration not user friendly
> https://launchpad.net/bugs/65533

==========
Hello Daniel,

Would it be possible for me to beta test the solution for this bug? If so, this
would expedite the addition of a content filter to the 20 Edubuntu systems that
have already been given to the elementary shcool students.

Milt
==========
Quoting Computer For Families <email address hidden>:

Revision history for this message
Tom Haddon (mthaddon) said :
#12

Please see https://bugs.launchpad.net/bugs/65533 for more information - essentially this is a subscription service that isn't included with the base install, although you can download a snapshot of this list once for free.

Can you help with this problem?

Provide an answer of your own, or ask Computer For Families for more information if necessary.

To post a message you must log in.