SpyBye is a tool to help web masters determine if their web pages

are hosting browser exploits that can infect visiting users with
malware. It functions as an HTTP proxy server and intercepts all
browser requests. SpyBye uses a few simple rules to determine if
embedded links on your web page are harmlesss, unknown or maybe
even dangerous.

SpyBye analyzes all downloads in the background and provides you
with a warning notification whenever it encounters content that
is potentially malicious. At that point, you can click on the link
in the notification and receive a more detailed analysis of the web page.

WWW: http://www.spybye.org/

PR:		ports/123945
Submitted by:	Paul Schmel <pauls utdallas.edu>
Approved by:	tabthorpe (mentor)

security/Makefile

@@ -721,6 +721,7 @@
     SUBDIR += snortsms
     SUBDIR += snortsnarf
     SUBDIR += spike-proxy
+    SUBDIR += spybye
     SUBDIR += sqlmap
     SUBDIR += sqlninja
     SUBDIR += squidclam

security/spybye/Makefile

@@ -0,0 +1,34 @@
+# New ports collection makefile for:	spybye
+# Date created:				23 May 2008
+# Whom:					pauls
+#
+# $FreeBSD$
+#
+
+PORTNAME=	spybye
+PORTVERSION=	0.3
+CATEGORIES=	security www
+MASTER_SITES=	http://www.monkey.org/~provos/
+
+MAINTAINER=	pauls@utdallas.edu
+COMMENT=	A web proxy to detect malware
+
+BUILD_DEPENDS=	event_rpcgen.py:${PORTSDIR}/devel/libevent
+
+OPTIONS=	CLAMAV "Enable CLAMAV support" off
+
+USE_RC_SUBR=	spybye.sh
+GNU_CONFIGURE=	yes
+CONFIGURE_ENV=	LDFLAGS="${LDFLAGS}"
+CONFIGURE_TARGET=	--build=${MACHINE_ARCH}-portbld-freebsd${OSREL}
+
+MAN1=		spybye.1
+
+.include <bsd.port.pre.mk>
+
+.if defined(WITH_CLAMAV)
+LIB_DEPENDS+=	clamav:${PORTSDIR}/security/clamav
+CONFIGURE_ARGS+=	--with-libclamav=${PREFIX}/bin
+.endif
+
+.include <bsd.port.post.mk>

security/spybye/distinfo

@@ -0,0 +1,3 @@
+MD5 (spybye-0.3.tar.gz) = 1cc6b8c5ef244e38fd05d02b02f55d5d
+SHA256 (spybye-0.3.tar.gz) = 00dd7df03c9a37e80854fa27e44eeaaa4a8c49fa3b0597b5e3b1b2a128669432
+SIZE (spybye-0.3.tar.gz) = 160014

security/spybye/files/spybye.sh.in

@@ -0,0 +1,37 @@
+#!/bin/sh
+#
+
+# PROVIDE: spybye
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+
+# Add the following lines to /etc/rc.conf to enable spybye:
+# spybye_enable (bool):       Set to YES to enable spybye
+#                               Default: NO
+# spybye_flags (str):         Extra flags passed to spybye
+#                               Default: -x -p 8080 -l /var/log/spybye.log
+#       
+# spybye command arguments
+# spybye: [-P] [-p port] [-g good] [-b bad] [-l logfile] [-S shareurl] [-x]
+#	 -P disable private IP check; allows the proxy to fetch 127/8
+#	 -p port port number to create proxy server on
+#	 -g good_patterns a file or url containing the good patterns
+#	 -b bad_patterns a file or url containing the danger patterns
+#	 -l logfile a file to log dangerous site interactions to
+#	 -S shareurl host to log dangerous site interactions to
+#	 -x enable proxy mode
+
+. %%RC_SUBR%%
+
+name="spybye"
+load_rc_config ${name}
+rcvar=`set_rcvar`
+# set the defaults
+: ${spybye_enable="NO"}
+: ${spybye_flags="-x -p 8080 -l /var/log/spybye.log"}
+
+command=%%PREFIX%%/bin/${name}
+command_args="${spybye_flags} &"
+
+run_rc_command "$1"

security/spybye/pkg-descr

@@ -0,0 +1,13 @@
+SpyBye is a tool to help web masters determine if their web pages
+are hosting browser exploits that can infect visiting users with
+malware. It functions as an HTTP proxy server and intercepts all
+browser requests. SpyBye uses a few simple rules to determine if
+embedded links on your web page are harmlesss, unknown or maybe
+even dangerous.
+
+SpyBye analyzes all downloads in the background and provides you
+with a warning notification whenever it encounters content that
+is potentially malicious. At that point, you can click on the link
+in the notification and receive a more detailed analysis of the web page.
+
+WWW: http://www.spybye.org/

security/spybye/pkg-plist

@@ -0,0 +1,5 @@
+bin/spybye
+bin/spybye2html
+share/spybye/bad_patterns
+share/spybye/good_patterns
+@dirrm share/spybye