Bug #4197
closed
squid 3.4 anti-virus feature not working
100%
Description
I haven't posted this on the forum yet but it looks like the symbiotic links aren't being created for the anti-virus feature to work.
I had to create the following links:
ln -s /usr/pbi/squid-amd64/local/bin/c-icap /usr/local/bin/c-icap
ln -s /usr/pbi/squid-amd64/local/bin/c-icap-client /usr/local/bin/c-icap-client
ln -s /usr/pbi/squid-amd64/local/bin/c-icap-config /usr/local/bin/c-icap-config
ln -s /usr/pbi/squid-amd64/local/bin/c-icap-libicapapi-config /usr/local/bin/c-icap-libicapapi-config
ln -s /usr/pbi/squid-amd64/local/bin/c-icap-stretch /usr/local/bin/c-icap-stretch
ln -s /usr/pbi/squid-amd64/local/lib/c_icap /usr/local/lib/c_icap
ln -s /usr/pbi/squid-amd64/local/share/c_icap /usr/local/share/c_icap
ln -s /usr/pbi/squid-amd64/local/etc/c-icap /usr/local/etc/c-icap
ln -s /usr/pbi/squid-amd64/local/lib/libicapapi.so.3.0.5 /usr/local/lib/libicapapi.so.3
ln -s /usr/pbi/squid-amd64/local/etc/clamd.conf /usr/local/etc/clamd.conf
ln -s /usr/pbi/squid-amd64/local/etc/freshclam.conf /usr/local/etc/freshclam.conf
The c-icap.magic isn't being created, /usr/pbi/squid-amd64/local/etc/c-icap/c-icap.magic.sample should be also be copied to /usr/pbi/squid-amd64/local/etc/c-icap/c-icap.magic
The c-icap binary is complied with with IPv6 support (default port option). With the default build options, c-icap isn't listing on IPv4 anymore. Reading https://github.com/darold/squidclamav, squid.inc needs to be updated. I'll submit the changes in github shortly
start at line 1367 and replace current with this:
icap_service service_avi_req reqmod_precache icap://localhost:1344/squidclamav bypass=off
adaptation_access service_avi_req allow all
icap_service service_avi_resp respmod_precache icap://localhost:1344/squidclamav bypass=on
adaptation_access service_avi_resp allow all
If its not already, can c-icap be compiled with option --enable-large-files? squid is complied with it and also mention in https://github.com/darold/squidclamav
perl isn't working correcyly either. I only know its used so display /usr/local/www/clwarn.cgi when a virus is detected. I manually installed perl5 thru pkg install and to changed the first line in /usr/local/www/clwarn.cgi to use #!/usr/bin/perl
Updated by Chris Buechler over 9 years ago
- Target version deleted (
2.2) - Affected Version changed from 2.2 to All
Updated by Marcello Silva Coutinho over 9 years ago
This may fix most issues with squid package
https://github.com/pfsense/pfsense-packages/pull/786
Updated by Renato Botelho over 9 years ago
- Status changed from New to Feedback
- Assignee set to Renato Botelho
- % Done changed from 0 to 100
Please try squid3 package version 0.2.4
Updated by Cino . over 9 years ago
thanks Marcello and Renato!!
We are almost there, Marcello found a typo that he is correcting in the squid.inc file but we are missing a shared lib when trying to get clamd to start
shared object "libclamav.so.6" no found, required by "clamd
Updated by Marcello Silva Coutinho over 9 years ago
Typo and freshclam checks fixed on this PullRequest
https://github.com/pfsense/pfsense-packages/pull/788
Updated by Cino . over 9 years ago
The anti-virus feature is working now after adjusting the conf files based on the syntax checks you added to the to the GUI. Thank you!!
I'm able to stop and start c-icap squid from services but unable to stop the clamd service. When I run clamav-clamd stop from the command line, it can't find the pid to kill it.. It is working in 2.1.5.
Updated by Chris Buechler about 8 years ago
- Status changed from Feedback to Resolved