Snort can block torrents, and perhaps pfBlockerNG from the great BB might be of use to you too.

@KOM:

I think the client blockers like ABP are better.  AV on the firewall makes it slow, and that's an area I would leave to the pros like Kaspersky or Eset.

I also think ABP is better because some sites don't work if you block the ad's and it's easier to temporarily disable ABP in your browser.
The reason for me to use ClamAV was that i want to protect devices where you can't install AV-Software or where i think AV-Software is to much - TVs, consoles, Android…
Everything today is connected to the web...

@darrenkdean:

What is your maximum object size?

My settings with 2GB RAM assigned to pfSense are:
Maximum object size: 4
Memory cache size: 512
Maximum object size in RAM: 128
Memory replacement policy: Heap GDSF

But i think it does not affect ClamAV?
I'm not interested in disk caching but use the RAM cache.
Still not sure if i can increase "Memory cache size" or "Maximum object size in RAM" cause i have problems interpreting this RRD Graph stuff (attachment).

I don't have the overall slowdowns anymore. Only sometimes if i download maybe a rar file.
I cues thats affected by "maxsize" in squidclamav.conf. If the file is bigger than it is not scanned…
The question is what is a good size here? Big files are scanned by the clients so from what small files comes risk that can affect TVs, consoles, Android, phones - if there any?

And the question still is i there is risk from files like pictures, videos, icons?

Does somebody use some of this settings:

# Do not scan images #abort ^.*\.(ico|gif|png|jpg)$ #abortcontent ^image\/.*$ # Do not scan text files #abort ^.*\.(css|xml|xsl|js|html|jsp)$ #abortcontent ^text\/.*$ #abortcontent ^application\/x-javascript$ # Do not scan streamed videos #abortcontent ^video\/x-flv$ #abortcontent ^video\/mp4$ # Do not scan flash files #abort ^.*\.swf$ #abortcontent ^application\/x-shockwave-flash$ # Do not scan sequence of framed Microsoft Media Server (MMS) data packets #abortcontent ^.*application\/x-mms-framed.*$ # White list some sites #whitelist .*\.clamav.net

I also realized i had a problem with the configuration page of one of my wlan access point until i put him to the whitelist.
Is local stuff from my ip range scanned/proxyd?

status_rrd_graph_img.png
status_rrd_graph_img.png_thumb

Ok with

http://warning.mydomain.net/index.html?&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u

the 404 is gone and i can see the source code in Firebug.

thanks for the info i tried this :
https://forum.pfsense.org/index.php?topic=84466.msg512965;topicseen#msg512965

and it seems to of worked not to sure what it changes but it works

Well of coursee the service was configured at once and always working, did not make any changes. HAVP was and is configured on Port 3125 as a parent for Squid that is running in transparent mode

Transparent mode does not need ipv6 enable or disable. The most common mistake i see is check loopback on listening interface and on transparent list too.

Go to Services - Proxy server - Local Cache - External Cache-Managers.  Put the LAN IP address of your pfSense box in here after the default entry.  Click Save at the bottom.  Mine looks like this:

10.10.4.1; 127.0.0.1

No idea.

What I do is create an alias for the proxy and an alias for the web ports (80, 443).  Then I create an Allow All pass rule at the top for the Proxy alias.  Under that, I put a block rule for All with dest ports being the Web Ports alias.  Save & done.

This bugs me for some quite some time, too.
Enabling transparent works for a couple of calls to websites - then it dies…
Scarry is the right description...

3.1.20 pkg 2.1.2 on pfsense 2.1.5
I have to say that the previous package (whichever that was!?) was running just fine!

Was the first thing I tried, However it did not work.

OK fix it, it was a few different ip's that i need to add

thanks marcelloc

ohhh never mind i got it sorry for the ignorance  :-[

https://doc.pfsense.org/index.php/Lightsquid_Troubleshooting

1 - Deny access to internet through your firewall except from proxy
2 - configure your proxy
3 - set up WPAD so that clients easily point to your proxy

With such design, you can configure policy routing that will apply and also benefit from proxy (squidguard) filtering.

BTW, from architecture standpoint, this design is better than services running on pfSense.

Hi Guys
I think I found a bug:
When the option "Enable logging" is ON and you specify exclusions of IP's through ACL's, these ACL's do not get honoured, BUT If you switch "Enable logging" OFF and you specify your logfile in your ACL, it gets excluded.

Actually, If you leave "Enable logging" is ON and specify your logfile in your ACL, the entry gets duplicated except for the excluded IP…

Example ACL:

acl IP-LIST src "/root/ip-list.txt" access_log /var/squid/log/access.log !IP-LIST

If the "Enable logging" OFF - You get one logfile entry in your logfile and the excluded IP's are excluded.

If the "Enable logging" ON - You get two logfile entries and the excluded IP's gets logged once.

So, it seems there needs to be some kind of "PRE PROCESSING" needed to exclude IP's from your logfile…

Please could someone confirm?
kind regards
cyber7 - AKA Aubrey Kloppers; Cape Town; South Africa

on pfsense 2.1.5-amd64  I am using squid3-dev with captiveportal authentication  flawlessly

Apparently you are the one in a million  8)

Thank For your answer and i will following your instruction if can't fix it.
:D :D

From a pure technical standpoint, you could do this:
(&((|(memberOf=cn=group_A,ou=staff,dc=domain,dc=co,dc=uk)(memberOf=cn=group_B,ou=staff,dc=domain,dc=co,dc=uk))(sAMAccountName=%s))

or use one single group in Squid that is matching one group in AD containing multiple AD groups. Does this work?

I'm also not using pfSense Squid package  ;) therefore I don't know the interface neither features that are exposed but Squid allows to create multiple rules. The first one matching will apply. Therefore you're not obliged to merge everything into one single LDAP search isn't? (unless pfSense implement brings some restrictions here  :-[)

Because "Disable Ping" wasn't available in 2.1?