How to configure HAVP
-
Thanks to dvserg and adrianhensler, i've asked just to know, not for criticize! Dansguardian seems a very powerfull tool to block a lot of category of searches and urls (ex. violence hacking etc.)!
Thank you very much!
LiquiD
-
… If you need a package ...
I'm not so expert :(
-
it's like asking why orange juice comes from oranges and not apples
Hahaha … Very sympathetic, i understand perfectly, i'm a C++ and Deplhi programmer, not very expert, but i can understand this kind of situations!!
Thanks a lot!
-
Thanks to dvserg and adrianhensler, i've asked just to know, not for criticize! Dansguardian seems a very powerfull tool to block a lot of category of searches and urls (ex. violence hacking etc.)!
Sorry.
I just wanted to say that there are 2 ways - to do it himself or ask someone else.
pfSense is not commercial project and the developers can not do everything at once.
What you see in the packages do different people at different times for their own needs.
And only then it is added to the packages.
The support package is also being done by those who made their.
Sorry my english :-[ -
Thanks to dvserg and adrianhensler, i've asked just to know, not for criticize! Dansguardian seems a very powerfull tool to block a lot of category of searches and urls (ex. violence hacking etc.)!
Sorry.
I just wanted to say that there are 2 ways - to do it himself or ask someone else.
pfSense is not commercial project and the developers can not do everything at once.
What you see in the packages do different people at different times for their own needs.
And only then it is added to the packages.
The support package is also being done by those who made their.
Sorry my english :-[
[/quote]Yes, yes of course!!!
No, sorry for MY english i'm italian i kown english from school and not very well :D:D:Dthanks a lot!
-
Hello ,
I installed 1.2.2 version and i want to use squid + squidguard + imspector+ havp ..squid and squidguard are working but havp i think is not running i am not sure . ( how to decide this dont know ) .I conf to squid port 8080 and havp port is the same squid port 8080.I read this form this port must diffrent.When i change the proxy port 3128 and havp port 8080 and set the client proxy port to 8080.this time client can't access web .What isthe mistake i did.
Thank you very much.
Ps: I am a new user .
-
Hello ,
I installed 1.2.2 version and i want to use squid + squidguard + imspector+ havp ..squid and squidguard are working but havp i think is not running i am not sure . ( how to decide this dont know ) .I conf to squid port 8080 and havp port is the same squid port 8080.I read this form this port must diffrent.When i change the proxy port 3128 and havp port 8080 and set the client proxy port to 8080.this time client can't access web .What isthe mistake i did.
Thank you very much.
Ps: I am a new user .
You can use HAVP independently - define Interface & free port (different by squid). Configure you clients browser to this interface ip/port
Also for use HAVP with squid (INET -> HAVP -> SQUID -> Client) you must configure HAVP with internal client and configure squid : http://doc.pfsense.org/index.php/Squid_Package_Tuning - 'Parent proxy' part. -
Currently, I have a firewall that can use havp to AV scan things that squid is proxying. It's configured in the way you describe: INET -> HAVP -> SQUID -> Client And, I have squid set up to be a transparent proxy also. Everything seems to be working. Question is, squid can work as an FTP proxy also. But, when I send the ftp request to squid, it gets the files, but it does not seem to be scanning the files. Any ideas how I can make havp scan the files that squid gets through ftp?
Also, is there a way to make squid and/or havp work as an ftp transparent proxy? (I know the last question is a little off topic)
Thanks
-
Squid & HAVP is a http proxy. Maybe ftp over http only will filtered (via browser)?
-
I've another problem, HAVP block me if i want to download a big file for example ubuntu that is 700MB and say:"Not enough free space on server" i've set "Scan max file size" to 100, but it's the same!
Someone can help me to set HAVP block only files bigger then XX bytes?? Thanks a lot!!! -
I've another problem, HAVP block me if i want to download a big file for example ubuntu that is 700MB and say:"Not enough free space on server" i've set "Scan max file size" to 100, but it's the same!
Someone can help me to set HAVP block only files bigger then XX bytes?? Thanks a lot!!!Look this option
Max download size /*Enter value or leave empty. Value in bytes. Downloads larger than 'Max download size' will be blocked. Only if not Whitelisted! */ -
It's the same :'( :'( :'(
Strongly i've notice that my Memory usage is 54% ??? ??? ???
-
Here my whole HAVP config. Thanks
-
According to the FAQ on HAVP's website… HAVP can support ftp only if the parent proxy allows FTP. Then, looking at the first line of the squid website, it says that squid is a "proxy for the Web supporting HTTP, HTTPS, FTP, and more.". If my understanding of parent proxies is correct, then with this situation: squid -> HAVP -> inet, HAVP is the parent proxy for squid. So, HAVP doesn't have a parent proxy. Would there be any problem with switching the order of the proxies? Specifically, if HAVP found a virus in something that squid already downloaded, would it be able to remove the file from the cache?
-
This is just a first look at trying to help:
From what I can see of the config screens, the max download size is in bytes. Can you set it to 1 000 000 000 (1Gb), and see what happens?
-
It's the same ??? ??? ???
-
If max download size set empty ??
-
Max download size -> empty
Selected only "Enable" and "Use external interface" (on LAN)
Same problem :'(
-
HAVP give me same error also if i want to download a driver or a free anti-virus for example www.tgsoft.it, files of a little ammount of MB about 2-3MB!!! I can't think that pfsense don't have 2-3MB of free space!!!
-
I'm not sure if this will help or not, but some virus scanners have a max stream size. Clamav is one of them. I don't know if this applies to your situation, but you might want to look there just to be sure.
-
you need to fix the memory device used for havp, if i'm not wrong it is actually 1mb
Just open havp.inc into /usr/local/pkg and look for mdconfig
Remember that this value is used to create a in-memory fs so don't set it too high or you will get problems :) (if your FW have 128mb of memory, a value of 32mb would be good)
-
Ram grid:
# RAM disk # Mem - RAM # 128M - 16M # 256M - 32M # 512M - 64M # 1G - 128M # function mountRAMdisk() { # ! not use RAM disk with VM ! if (!VMWare_detect()) { # 2 Mb by default $mem = 2; # available system memory (Mb) $av_mem = get_memory(); $av_mem = intval($a_mem[0]); # use mem if ($av_mem >= 1024) $mem = 128; else if ($av_mem >= 512) $mem = 64; else if ($av_mem >= 256) $mem = 32; else if ($av_mem >= 128) $mem = 16; else if ($av_mem >= 64) $mem = 8; # detach and free all resources used by /dev/md10: mwexec("umount /var/tmp/havp"); mwexec("mdconfig -d -u 10"); # create and mount a swap backed file system on /var/tmp/havp by /dev/md10: mwexec("mdconfig -a -t swap -s {$mem}M -u 10"); mwexec("newfs -U /dev/md10"); mwexec("mount /dev/md10 /var/tmp/havp"); mwexec("chmod 1777 /var/tmp/havp"); } } function VMWare_detect() { global $g; $fc = ''; if (file_exists("{$g['varlog_path']}/dmesg.boot") !== false) $fc = file_get_contents("{$g['varlog_path']}/dmesg.boot"); return (strpos($fc, "<vmware virtual")="" !="=" false);<br="">}</vmware>
-
Ok, i'm trying to change 1MB into 32MB …
@dvserg: $av_mem and $mem are two variables or two built-in procedures? I understand a little bit of programmation (C C++ access Delphi Pascal) i'm not an expert programmer but i can understand a source code!
Thanks a lot!
-
I've changed 1MB into 32MB, but if i save and try without restart pfsense same problem, if i restart pfsense havp.inc came back to the original with 1MB!!! ??? ??? ??? ??? ??? ??? ??? ??? ???
-
Ok, setting mdconfig to 16 or 32MB i can download files from internet such as virIT from www.tgsoft.it waiting about 20-30 seconds before download it but for bigger download such as ubuntu iso image also waiting 4-5 minutes the download not start at all!!
If any idea please tell me, i've finished my tests!
-
I will test you problem too ???
-
Thanks a lot i wait for your response dvserg, if you wanti can give you my msn contact!
-
Thanks a lot i wait for your response dvserg, if you wanti can give you my msn contact!
Possible test option ?
KEEPBACKBUFFER 600I download 30-50 mbyte files success.
-
What's your mdconfig?I need to restart HAVP?
-
Changed keepbackbuffer to 600 (was 200000), and NOT ENOUGH FREE SPACE ON SERVER again, it's impossible!!!
If i restart pfsense havp.inc rollback to the original settings ??? ??? ??? -
# Temporary file will grow only up to this size. This means scanner # will scan data until this limit is reached. # # There are two sides to this setting. By limiting the size, you gain # performance, less waiting for big files and less needed temporary space. # But there is slightly higher chance of virus slipping through (though # scanning large archives should not be gateways function, HAVP is more # geared towards small exploit detection etc). # # VALUE IN BYTES NOT KB OR MB!!!! # 0 = No size limit # # Default: # MAXSCANSIZE 5000000
MAXSCANSIZE 5000000
-
Ok i'm trying to restore all previous modification ti havp.inc file and modifying MAXSCANSIZE to 5000000
I've to restart pfsense or havp?
thnx -
Same damned problem, it's hard to belive really!! Restarted pfsense and havp.inc rollback to defaults values, changed MAXSCANSIZE to 5000000 and KEEPBACKBUFFER to 600 and mdconfig to 16MB, saved file and tried … still the same! I've tried also with MAXSCANSIZE to 5000 and 5, nothing changed!!!
I think something happen to my pfsense installation, tomorrow i'll try with a fresh installation! -
After save config you must call from shell for reload config
killall havp
havp -
Finally this wonderfull tool works fine, i'm going to explain my tests:
New installation in a new machine, installed HAVP and set Max download size and Scan max file size in Services -> HTTP Antivirus to 100
and it's doesn't work .. I've changed MAXSCANSIZE and KEEPBACKBUFFER to 5000 and 600 saved and in Diagnostics -> Command i've executed killall havp and havp .. and it's doesen't work … NOW i've changed "Max download size" and "Scan max file size" to empty and it's work like a charm, so i understand that the "secret" was the SAVE button in Services -> HTTP Antivirus ..Now i've removed and reinstalled HAVP, set MAXSCANSIZE to 5000 saved and went to Services -> HTTP Antivirus and pressed SAVE, it's work perfectly!!! I think HAVP do not scan files bigger then 5K with MAXSCANSIZE=5000 and for me it's ok!!!
I think also that in Diagnostics -> Command "killall havp" and "havp" do not make the changes effective, or maybe i'm wrong, i don't know, i hope that my experience will help some people that have same problem!!!
Thanks a lot to all!!! :D
LiquiD
-
I test different configurations Need set MAXSCANSIZE to any not-empty (and not 0) value
I use 5000000.
This possible set via gui and all work. -
Yes MAXSCANSIZE in the havp.inc file is now 5000 and i've never set it to 0 or empty!!
In the gui now i've checked only Enabled and Use external interface, and it's work like a charm!!! -
Hello
I can not did havp and squid work together.I use squid port 3128 and ı write squid.conf " cache_peer 127.0.0.1 parent 3128 7 no-query " and enable havp and set the port 3128 .I conf the client borwser 3128 but i can not access the page .The error messages is ;
ERROR
The request URL could not be rerieved.
…..
Access DeniedCan you help me please.
Thank you -
Hello
I can not did havp and squid work together.I use squid port 3128 and ı write squid.conf " cache_peer 127.0.0.1 parent 3128 7 no-query " and enable havp and set the port 3128 .I conf the client borwser 3128 but i can not access the page .The error messages is ;
Use different ports to HAVP and squid
squid = 3128
havp = 3125 -
Fisrt thank you very much for your reply… :)
Ok i did it ..squid port is 3128 and in squid.conf file i changed thecache_peer 127.0.0.1 parent 3121 7 no-query
and havp port i use the 3121 ..
and tested again but still not working.in havp access.log ( /var/log/havp/access.log ) i see anything log file ..and i can download virus file in http://www.eicar.org/anti_virus_test_file.htm this site.