Free anti paranoia software for linux

LWPx::ParanoidAgent is a Perl subclass of LWP::UserAgent that protects you from harm.

SYNOPSIS

require LWPx::ParanoidAgent;

my $ua = LWPx::ParanoidAgent->new;

# this is 10 seconds overall, from start to finish. not just between
# socket reads. and it includes all redirects. so attackers telling
# you to download from a malicious tarpit webserver can only stall
# you for $n seconds

$ua->timeout(10);

# setup extra block lists, in addition to the always-enforced blocking
# of private IP addresses, loopbacks, and multicast addresses

$ua->blocked_hosts(
"foo.com",
qr/.internal.company.com$/i,
sub { my $host = shift; return 1 if is_bad($host); },
);

$ua->whitelisted_hosts(
"brad.lj",
qr/^192.168.64.3?/,
sub { ... },
);

# get/set the DNS resolver object thats used
my $resolver = $ua->resolver;
$ua->resolver(Net::DNS::Resolver->new(...));

# and then just like a normal LWP::UserAgent, because it is one.
my $response = $ua->get(http://search.cpan.org/);
...
if ($response->is_success) {
print $response->content; # or whatever
}
else {
die $response->status_line;
}

The LWPx::ParanoidAgent is a class subclassing LWP::UserAgent, but paranoid against attackers. Its to be used when youre fetching a remote resource on behalf of a possibly malicious user.

This class can do whatever LWP::UserAgent can (callbacks, uploads from files, etc), except proxy support is explicitly removed, because in that case you should do your paranoia at your proxy.

Also, the schemes are limited to http and https, which are mapped to LWPx::Protocol::http_paranoid and LWPx::Protocol::https_paranoid, respectively, which are forked versions of the same ones without the "_paranoid". Subclassing them didnt look possible, as they were essentially just one huge function.

This class protects you from connecting to internal IP ranges (unless you whitelist them), hostnames/IPs that you blacklist, remote webserver tarpitting your process (the timeout parameter is changed to be a global timeout over the entire process), and all combinations of redirects and DNS tricks to otherwise tarpit and/or connect to internal resources.

AntiVirus Scanner is an anti-virus scanner for Endeavour Mark II that uses the ClamAV library (libclamav).

AntiVirus Scanner allows you to create a list of scan items for frequently scanned locations and features easy virus database updating, all in a simple GUI environment.

SMC non-context E-mail filter - is an software application designed to significantly reduce the amount of SPAM/UCE (junk-mail) you receive. SMC uses a dynamic local and DNS based remote "whitelists" (for known/trusted senders), DNS based "blacklists" (for undesired senders), and an original "autoauthentication" system (for unknown, but legitimate senders).
In additional SMC has a set of useful features which allows to preserve mail recipients from dangerous message attachments, HTML includes. SMC is an Sendmail milter (plugin), which stops the junk-mail without receiving one.
SMC uses 3 original algorithms, one of which is "Check relay by NS" simulates a dynamical whitelist and will always accept the messages from mail systems satisfying to following conditions:
1. Mail domain name (the host part of the senders e-mail address) must have an MX records;
2. Mail domain name and the connection host address must be resolved;
3. Connection host must be listed at the one of nameservers which hold the senders mail domain name.
The second from the developed algorithms is a "check delays" algorithm which is based on statistical check of delivery delays, generated by a [tempfail] return code, that allows to exclude a direct receiving of a mail, which not passed through the standard mail server.
NOTE: Using this feature the delivery of the mail from unknown, but legitimate senders will be delayed for a count of 10-minutes checks, which setted by the "maxcount" configuration parameter.
And the third of original algorithms is "auto-authentication" algorithm: The sender of a "mail contact" (sender-recipient pair) means as authenticated (whitelisted) if the filters statistics module has registered the both of a sended forward (request) and a recieved backward (reply) messages of this contact. The messages from the such authenticated senders will never be delayed by the previous "check delay" algorithm.
Enhancements:
- CLOSE_WAIT problems have been solved (a critical bug).
- There is a critical bugfix to prevent DNS storms.
- All of the resolver functions use the local resolver context.
- Automake and autoconf support have been added.

yaspi (Yosis Anti-Spam POP3 fIlter bot) is a POP3 mail-scanner specifically made to combat mail bombings caused by viruses (i.e. Swen). It connects to the POP3 server, inspects the messages, and deletes the infected ones by itself automatically without ever downloading them.
yaspi most interesting feature is that it can automatically send abuse reports to the ISPs where the mails were originated. This way, most infected machines will be either disinfected or disconnected from the Internet (and so, sending infected mails!).
Main features:
- its free, distributed under the GNU GPL
- runs under Windows and Unix/Linux (maybe under Mac OS X, but untested)
- virus detecting rules are fully customizable
- integrated with Ricochet to send abuse reports
Enhancements:
- yaspi was killing its own messages, new rule added to let them pass
- new GUI available, still alfa, have several know bugs (but its not going to corrupt your mailbox, I hope!).

PhpWebGallery is an image gallery with a very simple installation interface and administration panel.
PhpWebGallery project features free or restricted access, user management, groups, access management for each category, multi-server support (to store your pictures on another Web site), user comments, HTML templates, virtual categories, and multilingual support.
Enhancements:
- The anti-spam system on user comments was improved.
- The history statistics graph was rewritten.
- A history search page was added.
- The plugin system was improved.
- A Web service API was added.
- Slideshow display was redesigned.
- Many small features were added.

HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus scanner. HTTP Anti Virus Proxy aims are continuous, non-blocking downloads and smooth scanning of dynamic and password protected HTTP traffic.
Havp antivirus proxy has a parent and transparent proxy mode. It can be used with squid or standalone.
Main features:
- HTTP Antivirus proxy
- Scans complete incomming traffic
- Nonblocking downloads
- Smooth scanning of dynamic and password protected traffic
- Can used with squid or other proxy
- Parent proxy support
- Transparent proxy support
- Logfile
- Process change to defined user and group
- Daemon
- Use Clamav (GPL antivirus)
- Operating System: Linux
- Written in C++
- Released under GPL
Enhancements:
- Experimental support was added for chunked Transfer-Encoding, which fixes some broken sites.
- The IGNOREVIRUS configuration directive was added for whitelisting virus names.
- The CLAMBLOCKBROKEN configuration directive was added.
- Detection with AVG was improved.
- HAVP is killed if database reloading fails for Library Scanner.
- The URL is logged when a crashed scanner process is detected.
- The build system updated, adding the --prefix, --sbindir, --sysconfdir, and --localstatedir options.

This library defines set of data types and artithmetic operators, which can be used to code procedures with the intent to produce binary code which is difficult to analyse and reverse engineer.
This is achieved by moving all the calculations to yet another layer, which produces messy binary code being difficult to read and figure out, what calculations are actually performed and on which data.
Usage
The library provides arithmetic and logic operators to work with those data types. For example, addition performed in OBCODE would be coded as follows:
#include "obcode.h"
struct obyte ob1;
struct obyte ob2;
struct obyte obsum;
unsigned char sum;
obcode_init(0); /* Initialise obyte random */
obyte_set(&ob1, 12); /* Normal number 12 to obyte */
obyte_set(&ob2, 33); /* Normal number 33 to obyte */
obyte_add(&ob1, &ob2, &obsum); /* Perform OBCODE addition */
sum = obyte_get(&obsum); /* Return to normal world */
obcode_finish();
If those numbers were already encoded as obytes, people reverse engineering the code would never see 12 and 33, only messy operations on long, random looking data streams, eventually giving the product of 45.
Version restrictions:
- This library is still work in progress. It contains bugs and the operators set is very limited. Suggestions and improvements are welcome.
Enhancements:
- Code and documentation cleanups.