Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid with clamav whitelist

    Scheduled Pinned Locked Moved Cache/Proxy
    3 Posts 3 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Jarek358
      last edited by

      How to add an address similar to: https://honda.civic.cars.pl to the whitelist clam AV on Squid? I use manual config and added
      "Whitelist honda.civic.cars.pl"
      No effect. Any hints?

      O 1 Reply Last reply Reply Quote 0
      • O
        Orwi @Jarek358
        last edited by Orwi

        2017 no response, so now here in 2021 again:
        ClamAV Whitelists - how do we integrate them?

        As my ClamAV always finds this:
        "instream(local): sigs.InterServer.net.HEX.Topline.malware.redirect.ecpms.net.718.UNOFFICIAL"
        (That's all on info I get here, don't get any detail information and so I am also unable to evaluate this further)

        So I want to get rid of it.
        According to:
        https://www.securiteinfo.com/services-cybersecurite/anti-spam-anti-virus/whitelisting_clamav_signatures.shtml

        This is best done via whitelists.
        But where and how do I set it in the PFsense CE interface?
        Or were do I add the whitelist file manually?
        /var/lib/clamav/>placeforWhitelist> does not exist.

        Added:
        Currently I had to disable the whole list.
        Fun fact: The Interserver list did identify also this side with my posting as a virus..

        S 1 Reply Last reply Reply Quote 0
        • S
          Squuiid @Orwi
          last edited by Squuiid

          @orwi said in Squid with clamav whitelist:

          https://www.securiteinfo.com/services-cybersecurite/anti-spam-anti-virus/whitelisting_clamav_signatures.shtml

          Seeing the same issue. ClamAV detected the InterServer defs as a virus and so blocks the download. Added the domain to the ACLs whitelist in squid but it did not help. Anyone?

          ClamAV - freshclam Logs:

          WARNING: Can't download interserver256.hdb from http://sigs.interserver.net/interserver256.hdb
          WARNING: Download failed (56) WARNING: Message: Failure when receiving data from the peer

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.