Internet -havp-squid-client
-
Hi all
I config my box follow the wiki guider
http://doc.pfsense.org/index.php/HAVP_Package_for_HTTP_Anti-Virus_Scanninghavp is as Parent for Squid
havp's av scan is set on squid cache
and the other setting are at defaultsquid sets is in default
and in custom options field isnever_direct allow all;cache_peer 127.0.0.1 parent 3129 0 name=havp no-query no-digest no-netdb-exchange default;
it is auto append after save havp setting
and I DO the first method, it seems not work, when i open http://www.eicar.org/anti_virus_test_file.htm ,click the virus test, there is no warm window appear
could somebody tell me why?
waiting on line…. -
Are you using squid in transparent and also Squidguard??
-
I am using squid in transparent, no Squidguard.
pfsense version is 1.2.2 installed on hdd with liveCD. -
I have squid/havp/squidguard and my config works this way.
Try putting Havp in Transparent and Squid transparent unchecked.Havp…
Transparent checked
upstream proxy...lan IP:squid port.....example 192.168.1.1:3128
Havp proxy port 3121
enable x-forward...checkedIn squid:
x forward unchecked
disable Via unchecked
transparent unchecked -
The wiki said havp should enable forwarded ip, not x-forwarded ?
maybe the wiki is wrong?
The pf box is at my office, I will try the way later!
Thank you ,ColdFusion! -
havp log
08/08/2009 22:13:44 === Starting HAVP Version: 0.88 08/08/2009 22:13:44 === Mandatory locking disabled! KEEPBACK settings not used! 08/08/2009 22:13:44 Running as user: havp, group: havp 08/08/2009 22:13:44 Use parent proxy: 192.168.100.1:3128 08/08/2009 22:13:44 Use transparent proxy mode 08/08/2009 22:13:44 --- Initializing Clamd Socket Scanner 08/08/2009 22:14:44 Clamd: Could not connect to scanner! Scanner down? 08/08/2009 22:14:44 ERROR: Clamd Socket Scanner failed EICAR virus test! (Could not connect to scanner socket) 08/08/2009 22:16:43 === Starting HAVP Version: 0.88 08/08/2009 22:16:43 === Mandatory locking disabled! KEEPBACK settings not used! 08/08/2009 22:16:43 Running as user: havp, group: havp 08/08/2009 22:16:43 Use parent proxy: 192.168.100.1:3128 08/08/2009 22:16:43 Use transparent proxy mode 08/08/2009 22:16:43 --- Initializing Clamd Socket Scanner 08/08/2009 22:17:43 === Starting HAVP Version: 0.88 08/08/2009 22:17:43 === Mandatory locking disabled! KEEPBACK settings not used! 08/08/2009 22:17:43 Running as user: havp, group: havp 08/08/2009 22:17:43 Use parent proxy: 192.168.100.1:3128 08/08/2009 22:17:43 Use transparent proxy mode 08/08/2009 22:17:43 --- Initializing Clamd Socket Scanner 08/08/2009 22:18:43 Clamd: Could not connect to scanner! Scanner down? 08/08/2009 22:18:43 ERROR: Clamd Socket Scanner failed EICAR virus test! (Could not connect to scanner socket) 08/08/2009 22:22:05 === Starting HAVP Version: 0.88 08/08/2009 22:22:05 === Mandatory locking disabled! KEEPBACK settings not used! 08/08/2009 22:22:05 Running as user: havp, group: havp 08/08/2009 22:22:05 Use parent proxy: 192.168.100.1:3128 08/08/2009 22:22:05 Use transparent proxy mode 08/08/2009 22:22:05 --- Initializing Clamd Socket Scanner 08/08/2009 22:23:05 Clamd: Could not connect to scanner! Scanner down? 08/08/2009 22:23:05 ERROR: Clamd Socket Scanner failed EICAR virus test! (Could not connect to scanner socket)
I DON'T KNOW WHY?
-
Pls show 'pkg_info' cmd result
-
HI all,
I have found the reason why the warning window not appear when I click the virus test link, because of the browser, I have 3 browser opera 9.64, iceweasel 3.0.3 and epiphany2.22.3 on my debian 5 .
when I use epiphany to test the virus link, no warn window. but opera and iceweasel said find virus,and the havp warn window show, and the wiki about havp and squid seems right.
I DON'T KNOW WHAT IS THE PROBLEM WIHT EPIPHANY ? -
When I try the below quoted settings I get the following error banner
Mar 17 16:37:19 php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:502: cannot define table snort2c: Device busy /tmp/rules.debug:648: cannot define table virusprot: Device busy pfctl: Syntax error in config file: pf rules not loaded The line in question reads [502]: table <snort2c>persist
and
Mar 17 16:38:02 havp[18168]: All childs busy, spawning new (now: 14) - SERVERNUMBER might be too low
Mar 17 16:38:01 havp[18168]: All childs busy, spawning new (now: 12) - SERVERNUMBER might be too low
It's a 3 Ghz box with 1 Gb ram
Any ideas what is causing it?I have squid/havp/squidguard and my config works this way.
Try putting Havp in Transparent and Squid transparent unchecked.Havp…
Transparent checked
upstream proxy...lan IP:squid port.....example 192.168.1.1:3128
Havp proxy port 3121
enable x-forward...checkedIn squid:
x forward unchecked
disable Via unchecked
transparent unchecked</snort2c> -
I searched all over and found 1 post in Russian on setting the min max servers in the havp.inc file. Mine looks a bit different and I want to ask for some advice on where and how to modify these settings before I screw it all up.
# HAVP config file # This file generated automaticly with HAVP configurator (part of pfSense) # (C)2008 Serg Dvoriancev # email: dv_serg@mail.ru # ============================================================ "; $conf[] = "USER " . HVDEF_USER; $conf[] = "GROUP " . HVDEF_GROUP; $conf[] = "DAEMON true"; $conf[] = "PIDFILE " . HVDEF_PID_FILE; $conf[] = "\n# For small home use, 8 should be minimum."; $conf[] = "# For 500 users corporate use, start at 40."; $conf[] = "SERVERNUMBER " . HVDEF_HAVP_MINSRV; $conf[] = "MAXSERVERS " . HVDEF_HAVP_MAXSRV; # log $conf[] = "\n# log "; $conf[] = "ACCESSLOG " . HVDEF_HAVP_ACCESSLOG; $conf[] = "ERRORLOG " . HVDEF_HAVP_ERRORLOG; # syslog $conf[] = "\n# syslog"; $conf[] = "USESYSLOG {$havp_config[F_SYSLOG]}"; $conf[] = "SYSLOGNAME havp"; $conf[] = "SYSLOGFACILITY daemon"; $conf[] = "SYSLOGLEVEL " . (HV_DEBUG === 'true' ? "debug" : "info"); # err | warning | info | debug
$conf[] = "SERVERNUMBER " . HVDEF_HAVP_MINSRV;
$conf[] = "MAXSERVERS " . HVDEF_HAVP_MAXSRV;
where exactly and what would be a good number to start with. I have up too 15 users on the lan.
Thanks
Allan -
Is from the system logs It's full of these errors and for some reason the system slowly keeps chewing up more memory . At restart it's using 20% of the 1 gig of memory and through the day it climes to 60 to 80%.
Any help is much appreciated.Mar 19 08:50:46 miniupnpd[1566]: HTTP Connection closed inexpectedly
Mar 19 08:50:46 dnsmasq[14710]: reading /var/dhcpd/var/db/dhcpd.leases
Mar 19 08:48:36 last message repeated 11 times
Mar 19 08:48:16 havp[34994]: (192.168.0.25) Could not read server header (192.168.0.136/au.download.windowsupdate.com:80)
Mar 19 08:46:52 havp[35002]: (192.168.0.6) Could not send body to browser
Mar 19 08:46:48 havp[34984]: (192.168.0.6) Could not send body to browser
Mar 19 05:53:08 havp[34990]: (192.168.0.102) Could not send body to browser
Mar 19 05:53:08 havp[34971]: (192.168.0.102) Could not send body to browser
Mar 19 05:52:20 havp[34988]: (192.168.0.102) Could not send body to browser
Mar 19 05:50:22 havp[35002]: (192.168.0.101) Could not send body to browser
Mar 19 05:49:31 havp[34998]: (192.168.0.102) Could not send body to browser
Mar 19 05:49:27 havp[34986]: (192.168.0.102) Could not send body to browser
Mar 19 05:43:03 havp[34974]: (192.168.0.25) Could not read server header (192.168.0.102/sugg.search.yahoo.com:80)
Mar 19 05:43:02 havp[34992]: (192.168.0.25) Could not read server header (192.168.0.102/sugg.search.yahoo.com:80)
Mar 19 05:43:01 havp[34974]: (192.168.0.25) Could not read server header (192.168.0.102/sugg.search.yahoo.com:80)
Mar 19 05:43:00 havp[34992]: (192.168.0.25) Could not read server header (192.168.0.102/sugg.search.yahoo.com:80)
Mar 19 05:39:52 havp[34984]: 192.168.0.101 GET 200 http://www.eicar.org/download/eicar.com 447+68 VIRUS Clamd: Eicar-Test-Signature
Mar 19 05:36:43 havp[35001]: (192.168.0.102) Could not read browser header
Mar 19 05:34:51 miniupnpd[1566]: HTTP Connection closed inexpectedly
Mar 19 05:34:51 dnsmasq[14710]: reading /var/dhcpd/var/db/dhcpd.leases
Mar 19 05:34:36 havp[34967]: All childs busy, spawning new (now: 32) - SERVERNUMBER might be too low -
I have squid/havp/squidguard and my config works this way.
Try putting Havp in Transparent and Squid transparent unchecked.Havp…
Transparent checked
upstream proxy...lan IP:squid port.....example 192.168.1.1:3128
Havp proxy port 3121
enable x-forward...checkedIn squid:
x forward unchecked
disable Via unchecked
transparent uncheckedI have my configuration set up exactly like this, but it doesn't work…the IP address in the logs (and in the denied page), is the router's LAN address, and NOT the client PC. What am I doing wrong? Is there a bug? Can someone shed some light on this? Thanks!