Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to configure HAVP

    Scheduled Pinned Locked Moved pfSense Packages
    66 Posts 10 Posters 63.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      trinli
      last edited by

      I'm not sure if this will help or not, but some virus scanners have a max stream size.  Clamav is one of them.  I don't know if this applies to your situation, but you might want to look there just to be sure.

      1 Reply Last reply Reply Quote 0
      • D
        daniele_dll
        last edited by

        you need to fix the memory device used for havp, if i'm not wrong it is actually 1mb

        Just open havp.inc into /usr/local/pkg and look for mdconfig

        Remember that this value is used to create a in-memory fs so don't set it too high or you will get problems :) (if your FW have 128mb of memory, a value of 32mb would be good)

        1 Reply Last reply Reply Quote 0
        • D
          dvserg
          last edited by

          Ram grid:

          # RAM disk
          #  Mem -  RAM
          # 128M -  16M
          # 256M -  32M
          # 512M -  64M
          #   1G - 128M
          #
          function mountRAMdisk()
          {
              # ! not use RAM disk with VM !
              if (!VMWare_detect()) {
                  # 2 Mb by default
                  $mem = 2;
          
                  # available system memory (Mb)
                  $av_mem = get_memory();
                  $av_mem = intval($a_mem[0]);
          
                  # use mem
                  if      ($av_mem >= 1024) $mem = 128;
                  else if ($av_mem >=  512) $mem = 64;
                  else if ($av_mem >=  256) $mem = 32;
                  else if ($av_mem >=  128) $mem = 16;
                  else if ($av_mem >=   64) $mem = 8;
          
                  # detach and free all resources used by /dev/md10:
                  mwexec("umount /var/tmp/havp");
                  mwexec("mdconfig -d -u 10");
          
                  # create and mount a swap backed file system on /var/tmp/havp by /dev/md10:
                  mwexec("mdconfig -a -t swap -s {$mem}M -u 10");
                  mwexec("newfs -U /dev/md10");
                  mwexec("mount /dev/md10 /var/tmp/havp");
                  mwexec("chmod 1777 /var/tmp/havp");
              }
          }
          
          function VMWare_detect()
          {
              global $g;
              $fc = '';
          
              if (file_exists("{$g['varlog_path']}/dmesg.boot") !== false)
                  $fc = file_get_contents("{$g['varlog_path']}/dmesg.boot");
          
              return (strpos($fc, "<vmware virtual")="" !="=" false);<br="">}</vmware> 
          

          SquidGuardDoc EN  RU Tutorial
          Localization ru_PFSense

          1 Reply Last reply Reply Quote 0
          • L
            LiquiD_85
            last edited by

            Ok, i'm trying to change 1MB into 32MB …

            @dvserg: $av_mem and $mem are two variables or two built-in procedures? I understand a little bit of programmation (C C++ access Delphi Pascal) i'm not an expert programmer but i can understand a source code!

            Thanks a lot!

            1 Reply Last reply Reply Quote 0
            • L
              LiquiD_85
              last edited by

              I've changed 1MB into 32MB, but if i save and try without restart pfsense same problem, if i restart pfsense havp.inc came back to the original with 1MB!!!  ??? ??? ??? ??? ??? ??? ??? ??? ???

              1 Reply Last reply Reply Quote 0
              • L
                LiquiD_85
                last edited by

                Ok, setting mdconfig to 16 or 32MB i can download files from internet such as virIT from www.tgsoft.it waiting about 20-30 seconds before download it but for bigger download such as ubuntu iso image also waiting 4-5 minutes the download not start at all!!

                If any idea please tell me, i've finished my tests!

                1 Reply Last reply Reply Quote 0
                • D
                  dvserg
                  last edited by

                  I will test you problem too  ???

                  SquidGuardDoc EN  RU Tutorial
                  Localization ru_PFSense

                  1 Reply Last reply Reply Quote 0
                  • L
                    LiquiD_85
                    last edited by

                    Thanks a lot i wait for your response dvserg, if you wanti can give you my msn contact!

                    1 Reply Last reply Reply Quote 0
                    • D
                      dvserg
                      last edited by

                      @LiquiD_85:

                      Thanks a lot i wait for your response dvserg, if you wanti can give you my msn contact!

                      Possible test option ?
                      KEEPBACKBUFFER 600

                      I download 30-50 mbyte files success.

                      SquidGuardDoc EN  RU Tutorial
                      Localization ru_PFSense

                      1 Reply Last reply Reply Quote 0
                      • L
                        LiquiD_85
                        last edited by

                        What's your mdconfig?I need to restart HAVP?

                        1 Reply Last reply Reply Quote 0
                        • L
                          LiquiD_85
                          last edited by

                          Changed keepbackbuffer to 600 (was 200000), and NOT ENOUGH FREE SPACE ON SERVER again, it's impossible!!!
                          If i restart pfsense havp.inc rollback to the original settings  ??? ??? ???

                          1 Reply Last reply Reply Quote 0
                          • D
                            dvserg
                            last edited by

                            # Temporary file will grow only up to this size. This means scanner
                            # will scan data until this limit is reached.
                            #
                            # There are two sides to this setting. By limiting the size, you gain
                            # performance, less waiting for big files and less needed temporary space.
                            # But there is slightly higher chance of virus slipping through (though
                            # scanning large archives should not be gateways function, HAVP is more
                            # geared towards small exploit detection etc).
                            #
                            # VALUE IN BYTES NOT KB OR MB!!!!
                            #  0 = No size limit
                            #
                            # Default:
                            # MAXSCANSIZE 5000000
                            

                            MAXSCANSIZE 5000000

                            SquidGuardDoc EN  RU Tutorial
                            Localization ru_PFSense

                            1 Reply Last reply Reply Quote 0
                            • L
                              LiquiD_85
                              last edited by

                              Ok i'm trying to restore all previous modification ti havp.inc file and modifying MAXSCANSIZE to 5000000
                              I've to restart pfsense or havp?
                              thnx

                              1 Reply Last reply Reply Quote 0
                              • L
                                LiquiD_85
                                last edited by

                                Same damned problem, it's hard to belive really!! Restarted pfsense and havp.inc rollback to defaults values, changed MAXSCANSIZE to 5000000 and KEEPBACKBUFFER to 600 and mdconfig to 16MB, saved file and tried … still the same! I've tried also with MAXSCANSIZE to 5000 and 5, nothing changed!!!
                                I think something happen to my pfsense installation, tomorrow i'll try with a fresh installation!

                                1 Reply Last reply Reply Quote 0
                                • D
                                  dvserg
                                  last edited by

                                  After save config you must call from shell for reload config
                                  killall havp
                                  havp

                                  SquidGuardDoc EN  RU Tutorial
                                  Localization ru_PFSense

                                  1 Reply Last reply Reply Quote 0
                                  • L
                                    LiquiD_85
                                    last edited by

                                    Finally this wonderfull tool works fine, i'm going to explain my tests:

                                    New installation in a new machine, installed HAVP and set Max download size and Scan max file size in Services -> HTTP Antivirus to 100
                                    and it's doesn't work .. I've changed MAXSCANSIZE and KEEPBACKBUFFER to 5000 and 600 saved and in Diagnostics -> Command i've executed killall havp and havp .. and it's doesen't work … NOW i've changed "Max download size" and "Scan max file size" to empty and it's work like a charm, so i understand that the "secret" was the SAVE button in Services -> HTTP Antivirus ..

                                    Now i've removed and reinstalled HAVP, set MAXSCANSIZE to 5000 saved and went to Services -> HTTP Antivirus and pressed SAVE, it's work perfectly!!! I think HAVP do not scan files bigger then 5K with MAXSCANSIZE=5000 and for me it's ok!!!

                                    I think also that in Diagnostics -> Command "killall havp" and "havp" do not make the changes effective, or maybe i'm wrong, i don't know, i hope that my experience will help some people that have same problem!!!

                                    Thanks a lot to all!!! :D

                                    LiquiD

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      dvserg
                                      last edited by

                                      I test different configurations Need set MAXSCANSIZE to any not-empty (and not 0) value
                                      I use 5000000.
                                      This possible set via gui and all work.

                                      SquidGuardDoc EN  RU Tutorial
                                      Localization ru_PFSense

                                      1 Reply Last reply Reply Quote 0
                                      • L
                                        LiquiD_85
                                        last edited by

                                        Yes MAXSCANSIZE in the havp.inc file is now 5000 and i've never set it to 0 or empty!!
                                        In the gui now i've checked only Enabled and Use external interface, and it's work like a charm!!!

                                        1 Reply Last reply Reply Quote 0
                                        • A
                                          akintemel
                                          last edited by

                                          Hello

                                          I can not did havp and squid work together.I use squid port 3128 and ı write squid.conf  " cache_peer 127.0.0.1 parent 3128 7 no-query " and enable havp and set the port 3128 .I conf the client borwser 3128 but i can not access the page .The error messages is  ;
                                            ERROR
                                            The request URL could not be rerieved.
                                            …..
                                            Access Denied

                                          Can you help me please.
                                          Thank you

                                          1 Reply Last reply Reply Quote 0
                                          • D
                                            dvserg
                                            last edited by

                                            @akintemel:

                                            Hello

                                            I can not did havp and squid work together.I use squid port 3128 and ı write squid.conf  " cache_peer 127.0.0.1 parent 3128 7 no-query " and enable havp and set the port 3128 .I conf the client borwser 3128 but i can not access the page .The error messages is  ;

                                            Use different ports to HAVP and squid
                                            squid = 3128
                                            havp = 3125

                                            SquidGuardDoc EN  RU Tutorial
                                            Localization ru_PFSense

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.