Bug #5117
closed
HAVP fails to start after claimed to be successfull install 2.2.4
0%
Description
2.2.4-RELEASE (i386) Fresh install in VM, no other packages
FreeBSD 10.1-RELEASE-p15
package havp-0.91_3-i386
Sep 10 06:28:15 php-fpm23105: /pkg_mgr_install.php: Beginning package installation for HAVP antivirus .
Sep 10 06:28:18 check_reload_status: Syncing firewall
Sep 10 06:28:46 php-fpm23105: /pkg_mgr_install.php: HAVP: RAMDisk not used. Diagnostic: system MB, available MB, calculated MB. Try reducing 'MAXSCANSIZE' value.
Sep 10 06:28:46 php-fpm23105: /pkg_mgr_install.php: HAVP: RAMDisk not used. Diagnostic: system MB, available MB, calculated MB. Try reducing 'MAXSCANSIZE' value.
Sep 10 06:28:47 php-fpm23105: /pkg_mgr_install.php: XML error: XML_ERR_NAME_REQUIRED at line 562 in /conf/config.xml
Sep 10 06:28:47 php-fpm23105: /pkg_mgr_install.php: pfSense is restoring the configuration /cf/conf/backup/config-1441837698.xml
Sep 10 06:28:47 php-fpm23105: /pkg_mgr_install.php: New alert found: pfSense is restoring the configuration /cf/conf/backup/config-1441837698.xml
Sep 10 06:28:47 check_reload_status: Syncing firewall
Sep 10 06:28:47 php-fpm23105: /pkg_mgr_install.php: HAVP: RAMDisk not used. Diagnostic: system MB, available MB, calculated MB. Try reducing 'MAXSCANSIZE' value.
Sep 10 06:28:47 php-fpm23105: /pkg_mgr_install.php: Stopping HAVP
Sep 10 06:28:47 php-fpm23105: /pkg_mgr_install.php: XML error: XML_ERR_NAME_REQUIRED at line 562 in /conf/config.xml
Sep 10 06:28:47 php-fpm23105: /pkg_mgr_install.php: pfSense is restoring the configuration /cf/conf/backup/config-1441837698.xml
Sep 10 06:28:47 php-fpm23105: /pkg_mgr_install.php: New alert found: pfSense is restoring the configuration /cf/conf/backup/config-1441837698.xml
Sep 10 06:28:47 check_reload_status: Syncing firewall
Sep 10 06:28:47 check_reload_status: Reloading filter
Sep 10 06:28:47 php-fpm23105: /pkg_mgr_install.php: Successfully installed package: HAVP antivirus.
Line 562 corresponds to
<rrd>
<enable/>
</rrd>
Here is another user experiencing the same issue.
https://forum.teksyndicate.com/t/pfsense-and-havp-proxy/87251
Updated by Kill Bill over 9 years ago
NA NA wrote:
Line 562 corresponds to
<rrd>
<enable/>
</rrd>
Look at /cf/conf/config.xml.bad instead.
Updated by NA NA over 9 years ago
Thanks, was stupid of me looking at the working thing
Here is the portion from config.xml.bad
501 <cron>
502 <item>
503 <minute>1,31</minute>
504 <hour>0-5</hour>
505 <mday>*</mday>
506 <month>*</month>
507 <wday>*</wday>
508 <who>root</who>
509 <command>/usr/bin/nice -n20 adjkerntz -a</command>
510 </item>
511 <item>
512 <minute>1</minute>
513 <hour>3</hour>
514 <mday>1</mday>
515 <month>*</month>
516 <wday>*</wday>
517 <who>root</who>
518 <command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
519 </item>
520 <item>
521 <minute>*/60</minute>
522 <hour>*</hour>
523 <mday>*</mday>
524 <month>*</month>
525 <wday>*</wday>
526 <who>root</who>
527 <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout</command>
528 </item>
529 <item>
530 <minute>*/60</minute>
531 <hour>*</hour>
532 <mday>*</mday>
533 <month>*</month>
534 <wday>*</wday>
535 <who>root</who>
536 <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout</command>
537 </item>
538 <item>
539 <minute>1</minute>
540 <hour>1</hour>
541 <mday>*</mday>
542 <month>*</month>
543 <wday>*</wday>
544 <who>root</who>
545 <command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>
546 </item>
547 <item>
548 <minute>*/60</minute>
549 <hour>*</hour>
550 <mday>*</mday>
551 <month>*</month>
552 <wday>*</wday>
553 <who>root</who>
554 <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command>
555 </item>
556 <item>
557 <minute>30</minute>
558 <hour>12</hour>
559 <mday>*</mday>
560 <month>*</month>
561 <wday>*</wday>
562 <who>root</who>
563 <command>/usr/bin/nice -n20 /etc/rc.update_urltables</command>
564 </item>
565 <item>
566 <minute>
567 <0>0</0>
568 <1></1>
569 <2>*</2>
570 <3>*</3>
571 <4>*</4>
572 <5>root</5>
573 </minute>
574 <hour>*</hour>
575 <mday>*</mday>
576 <month>*</month>
577 <wday>*</wday>
578 <who>root</who>
579 <command>/usr/bin/nice -n20 /usr/local/etc/rc.d/havp_avupdate</command>
580 </item>
581 </cron>
582 <wol/>
Updated by NA NA over 9 years ago
NA NA wrote:
Thanks, was stupid of me looking at the working thing
Here is the portion from config.xml.bad501 <cron>
502 <item>
503 <minute>1,31</minute>
504 <hour>0-5</hour>
505 <mday>*</mday>
506 <month>*</month>
507 <wday>*</wday>
508 <who>root</who>
509 <command>/usr/bin/nice -n20 adjkerntz -a</command>
510 </item>
511 <item>
512 <minute>1</minute>
513 <hour>3</hour>
514 <mday>1</mday>
515 <month>*</month>
516 <wday>*</wday>
517 <who>root</who>
518 <command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
519 </item>
520 <item>
521 <minute>*/60</minute>
522 <hour>*</hour>
523 <mday>*</mday>
524 <month>*</month>
525 <wday>*</wday>
526 <who>root</who>
527 <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout</command>
528 </item>
529 <item>
530 <minute>*/60</minute>
531 <hour>*</hour>
532 <mday>*</mday>
533 <month>*</month>
534 <wday>*</wday>
535 <who>root</who>
536 <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout</command>
537 </item>
538 <item>
539 <minute>1</minute>
540 <hour>1</hour>
541 <mday>*</mday>
542 <month>*</month>
543 <wday>*</wday>
544 <who>root</who>
545 <command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>
546 </item>
547 <item>
548 <minute>*/60</minute>
549 <hour>*</hour>
550 <mday>*</mday>
551 <month>*</month>
552 <wday>*</wday>
553 <who>root</who>
554 <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command>
555 </item>
556 <item>
557 <minute>30</minute>
558 <hour>12</hour>
559 <mday>*</mday>
560 <month>*</month>
561 <wday>*</wday>
562 <who>root</who>
563 <command>/usr/bin/nice -n20 /etc/rc.update_urltables</command>
564 </item>
565 <item>
566 <minute>
567 <0>0</0>
568 <1></1>
569 <2>*</2>
570 <3>*</3>
571 <4>*</4>
572 <5>root</5>
573 </minute>
574 <hour>*</hour>
575 <mday>*</mday>
576 <month>*</month>
577 <wday>*</wday>
578 <who>root</who>
579 <command>/usr/bin/nice -n20 /usr/local/etc/rc.d/havp_avupdate</command>
580 </item>
581 </cron>
582 <wol/>
Syslog throws warning about line 567
Updated by Kill Bill over 9 years ago
Much better. Please, test this:
cd /usr/local/pkg/ mv havp.inc havp.inc.orig fetch https://raw.githubusercontent.com/doktornotor/pfsense-packages/f71e299b474c5fbc6879bd00ab59d83aea2f7ef7/config/havp/havp.inc
and try some HAVP config changes.
Updated by NA NA over 9 years ago
seems like the services are up now.
However when I click settings in HAVP, I get the following
Warning: Invalid argument supplied for foreach() in /usr/local/www/pkg_edit.php on line 447
Thanks
Updated by Kill Bill over 9 years ago
Afraid that message is just useless. Regarding the cron handling, it's still wrong in the link above due to strong typing, correct patch here:
Pull Request: https://github.com/pfsense/pfsense-packages/pull/1057
Updated by Kill Bill over 9 years ago
Updated by Kill Bill over 9 years ago
NA NA wrote:
However when I click settings in HAVP, I get the following
Warning: Invalid argument supplied for foreach() in /usr/local/www/pkg_edit.php on line 447
OK, I guess I figured it out ;)
Updated by NA NA over 9 years ago
thanks, that brought the settings page.
However AV service is not starting now. Cant see any relevant logs in syslog.
Also the log tabs near settings show 404 errors. Looks like we are trying to ductape a completely broken thing :/
Any suggestions?
Updated by NA NA over 9 years ago
Sep 11 04:16:40 迿^D96977: Running as user: havp, group: havp
Sep 11 04:16:40 !A)M-^D쿿^Q96977: --- Initializing Clamd Socket Scanner
Sep 11 04:17:40 !A)M-^D쿿^Q96977: Clamd: Could not connect to scanner! Scanner down?
Antivirus server says started in paranthesis but status image shows stopped
av proxy starts, then stops in 5 minutes or so
Shall I reinstall maybe?
Updated by Kill Bill over 9 years ago
Yeah. Maybe. Or just use Squid3 + C-ICAP, it at least is not dead as a coffin nail upstream.
Updated by Kill Bill over 9 years ago
(BTW - the reinstall will undo both of the fixes above of course.)
Updated by NA NA over 9 years ago
Reinstalled, followed your workaround with the following files
https://raw.githubusercontent.com/doktornotor/pfsense-packages/f71e299b474c5fbc6879bd00ab59d83aea2f7ef7/config/havp/havp.inc
https://raw.githubusercontent.com/doktornotor/pfsense-packages/2587e3661c973b0aac3b089806e0d1ed1e253c1f/config/havp/havp_avset.xml
I played around and finally everything worked when I set the ClamAV Mode to Library and disabled RAMdisk
Setup is Squid3+HAVP
And I am truly afraid of restarting the pfsense box, I have the gut feeling that things wont work once it is up :)
Updated by Kill Bill over 9 years ago
Hmmm, this HAVP thing is seriously redundant with Squid3. On that note, for Squid3, you need this ATM, otherwise any config changes there require reboot due to my screw-up... https://raw.githubusercontent.com/doktornotor/pfsense-packages/patch-5/config/squid3/34/squid.inc
Updated by NA NA over 9 years ago
Just saw that you have commited 1.08.
I uninstalled and installed 1.08 and it looks good, service does not stop when I enable ramdisk
One thing though, I can not find the HAVP error pages to modify in /usr/local/share/examples/havp/ (templates folder missing only templates_ex is there and empty)
Updated by NA NA over 9 years ago
Kill Bill wrote:
Hmmm, this HAVP thing is seriously redundant with Squid3. On that note, for Squid3, you need this ATM, otherwise any config changes there require reboot due to my screw-up... https://raw.githubusercontent.com/doktornotor/pfsense-packages/patch-5/config/squid3/34/squid.inc
Well I saw that pfsense has additional HAVP packages for status monitoring/dashboard etc. Does there exist similar stuff for squid integrated AV?
Updated by Kill Bill over 9 years ago
The templates could have never worked, the paths are incorrect, no idea what the package was trying to do.
Updated by NA NA over 9 years ago
Thanks to reading your commit, I changed the files in /usr/pbi/havp-i386/local/share/examples/havp/templates/en and all good!
Btw is there a way for me to fetch your commit, maybe recombile and install in pfsense? Or shall I wait for version approval for your commits and reinstall?
Updated by Kill Bill over 9 years ago
Eh...
1/ Just wait till it gets merged.
2/ Use Filer package or something similar to keep track of the files, otherwise your customizations will be gone after package reinstall.
3/ With the fixes in the PR, those files should go to /usr/pbi/havp-$arch/local/share/examples/havp/templates_ex/$lang directory (needs to be one of the $lang values that can be selected in the GUI), better than overwriting the shipped ones.
Updated by Chris Buechler over 9 years ago
- Category set to HAVP
- Status changed from New to Resolved