Bug #4197
closed
squid 3.4 anti-virus feature not working
100%
Description
I haven't posted this on the forum yet but it looks like the symbiotic links aren't being created for the anti-virus feature to work.
I had to create the following links:
ln -s /usr/pbi/squid-amd64/local/bin/c-icap /usr/local/bin/c-icap
ln -s /usr/pbi/squid-amd64/local/bin/c-icap-client /usr/local/bin/c-icap-client
ln -s /usr/pbi/squid-amd64/local/bin/c-icap-config /usr/local/bin/c-icap-config
ln -s /usr/pbi/squid-amd64/local/bin/c-icap-libicapapi-config /usr/local/bin/c-icap-libicapapi-config
ln -s /usr/pbi/squid-amd64/local/bin/c-icap-stretch /usr/local/bin/c-icap-stretch
ln -s /usr/pbi/squid-amd64/local/lib/c_icap /usr/local/lib/c_icap
ln -s /usr/pbi/squid-amd64/local/share/c_icap /usr/local/share/c_icap
ln -s /usr/pbi/squid-amd64/local/etc/c-icap /usr/local/etc/c-icap
ln -s /usr/pbi/squid-amd64/local/lib/libicapapi.so.3.0.5 /usr/local/lib/libicapapi.so.3
ln -s /usr/pbi/squid-amd64/local/etc/clamd.conf /usr/local/etc/clamd.conf
ln -s /usr/pbi/squid-amd64/local/etc/freshclam.conf /usr/local/etc/freshclam.conf
The c-icap.magic isn't being created, /usr/pbi/squid-amd64/local/etc/c-icap/c-icap.magic.sample should be also be copied to /usr/pbi/squid-amd64/local/etc/c-icap/c-icap.magic
The c-icap binary is complied with with IPv6 support (default port option). With the default build options, c-icap isn't listing on IPv4 anymore. Reading https://github.com/darold/squidclamav, squid.inc needs to be updated. I'll submit the changes in github shortly
start at line 1367 and replace current with this:
icap_service service_avi_req reqmod_precache icap://localhost:1344/squidclamav bypass=off
adaptation_access service_avi_req allow all
icap_service service_avi_resp respmod_precache icap://localhost:1344/squidclamav bypass=on
adaptation_access service_avi_resp allow all
If its not already, can c-icap be compiled with option --enable-large-files? squid is complied with it and also mention in https://github.com/darold/squidclamav
perl isn't working correcyly either. I only know its used so display /usr/local/www/clwarn.cgi when a virus is detected. I manually installed perl5 thru pkg install and to changed the first line in /usr/local/www/clwarn.cgi to use #!/usr/bin/perl
Updated by Chris Buechler over 10 years ago
- Target version deleted (
2.2) - Affected Version changed from 2.2 to All
Updated by Marcello Silva Coutinho over 10 years ago
This may fix most issues with squid package
https://github.com/pfsense/pfsense-packages/pull/786
Updated by Renato Botelho over 10 years ago
- Status changed from New to Feedback
- Assignee set to Renato Botelho
- % Done changed from 0 to 100
Please try squid3 package version 0.2.4
Updated by Cino . over 10 years ago
thanks Marcello and Renato!!
We are almost there, Marcello found a typo that he is correcting in the squid.inc file but we are missing a shared lib when trying to get clamd to start
shared object "libclamav.so.6" no found, required by "clamd
Updated by Marcello Silva Coutinho over 10 years ago
Typo and freshclam checks fixed on this PullRequest
https://github.com/pfsense/pfsense-packages/pull/788
Updated by Cino . over 10 years ago
The anti-virus feature is working now after adjusting the conf files based on the syntax checks you added to the to the GUI. Thank you!!
I'm able to stop and start c-icap squid from services but unable to stop the clamd service. When I run clamav-clamd stop from the command line, it can't find the pid to kill it.. It is working in 2.1.5.
Updated by Chris Buechler about 9 years ago
- Status changed from Feedback to Resolved