P3Scan package test

dvserg

If anybody interested P3Scan package - pls EMail me, i have GUI for this package for test.
P3Scan - scan pop3/pop3s(ssl)/smtp(?) traffic for viruses.
Require HAVP (CLAMD) package on one computer in LAN.

idelta

Very interested. And not only one.
GUI donate YOU, but where we find BSD port (7.2) ?
Ready to participate in the testing.
Required almost all proxy server, it is unclear why everyone is silent ?
I was silent because of my "google English" ( :()

dvserg

Look this page with instructions.

Package TBZ possible install via gui (Install button present). Pls tell me any errors/issues about package. Need collect any possible problems.

ps: I think this package will continue to be useful in NanoBSD.

idelta

Seems not to understand without. Where detailed P3Scan log ?

dvserg

@idelta:

Seems not to understand without. Where detailed P3Scan log ?

Now no log. You can use options p3scan to define log path and debug level - modify .inc file (where generate rc scripts).

ToxIcon

how do i uninstall completely P3scan, need to reinstall

dvserg

@ToxIcon:

how do i uninstall completely P3scan, need to reinstall

Console:

pkg_info
list of packages
find p3scan with version

pkg_delete p3scan-v.e.r.s.i.o.n

After in gui will showed Install button for new installation.

ToxIcon

I am seeing this since install P3scan can send email but unable to receive any email receive just gives errors out

is their a way to check a log to see what is going on with P3scan

dvserg

@ToxIcon:

I am seeing this since install P3scan can send email but unable to receive any email receive just gives errors out
is their a way to check a log to see what is going on with P3scan

Thanks. I'm look this issue.

idelta

192.0.0.100 - WinXP + Outlook Express 6…
192.0.0.222 - LAN interface on PFsense

OE6 -> POP3 server = 192.0.0.222:8110 (P3Scan)
WireShark : No any other traffic except SYN from .100 to .222

Below some add info.

pkg_info

...
clamav-0.93.1_2 Command line virus scanner written entirely in C
havp-0.88 HTTP Antivirus Proxy
p3scan-2.3.2_4 A transparent POP3-Proxy with virus-scanning capabilities
squid-2.7.7
...

Diagnostic -> States :
...
tcp 127.0.0.1:8110 <- 192.0.0.222:8110 <- 192.0.0.100:3665 CLOSED:SYN_SENT
...

netstat -a -n

...
tcp4 0 0 192.0.0.222.8110 . LISTEN
...

Where LISTEN on 25 (SMTP) ?

p3scan -d > p3debug

09:45:04 p3scan[42616]: P3Scan Version 2.3.2
09:45:04 p3scan[42616]: Selected scannertype: clamd (ClamAV TCP Daemon)
09:45:04 p3scan[42616]: Listen now on 192.0.0.222:8110
09:45:04 p3scan[42616]: /usr/sbin/chown mailnull:mailnull /var/run/p3scan.pid=54
09:45:05 p3scan[42616]: Changing uid (we are root)
09:45:05 p3scan[42616]: Running as user: mailnull
09:45:05 p3scan[42616]: Clamd init. Server: 1 Port: 3110
09:45:05 p3scan[42616]: p3scan.conf:
09:45:05 p3scan[42616]: pidfile: /var/run/p3scan.pid
09:45:05 p3scan[42616]: maxchilds: 100
09:45:05 p3scan[42616]: ip: 49152
09:45:05 p3scan[42616]: port: 8110
09:45:05 p3scan[42616]: targetip/port disabled
09:45:05 p3scan[42616]: user: mailnull
09:45:05 p3scan[42616]: notifydir: /var/spool/p3scannotify
09:45:05 p3scan[42616]: virusdir: /var/spool/p3scan
09:45:05 p3scan[42616]: justdelete: enabled
09:45:05 p3scan[42616]: bytesfree: 10000
09:45:05 p3scan[42616]: demime: disabled
09:45:05 p3scan[42616]: scanner: 127.0.0.1:3110
09:45:05 p3scan[42616]: broken: disabled
09:45:05 p3scan[42616]: checkspam: disabled
09:45:05 p3scan[42616]: spamcheck: /usr/local/bin/spamc
09:45:05 p3scan[42616]: debug: enabled
09:45:05 p3scan[42616]: quiet: disabled
09:45:05 p3scan[42616]: template: /etc/p3scan/p3scan-ru.mail
09:45:05 p3scan[42616]: subject: [Virus] found in a mail to you:
09:45:05 p3scan[42616]: notify: Per instruction, the message has been deleted.
09:45:05 p3scan[42616]: extra: safar@astpage.ru
09:45:05 p3scan[42616]: emailport: 25
09:45:05 p3scan[42616]: smtprset: Virus detected! P3scan rejected message!
09:45:05 p3scan[42616]: smtpsize: not checking.
09:45:05 p3scan[42616]: sslport: 995
09:45:05 p3scan[42616]: mail: /usr/bin/mail
09:45:05 p3scan[42616]: timeout: 30
09:45:05 p3scan[42616]: altvnmsg: disabled
09:45:05 p3scan[42616]: useurl: disabled
09:45:05 p3scan[42616]: emergcon: root@localhost postmaster@localhost
09:45:05 p3scan[42616]: TOP processing disabled
09:45:05 p3scan[42616]: PIPELINING processing disabled
09:45:05 p3scan[42616]: STLS processing disabled
09:45:05 p3scan[42616]: Waiting for connections…..

^C09:45:50 p3scan[42616]: signalled, doing cleanup

09:45:50 p3scan[42616]: calling uninit1
09:45:50 p3scan[42616]: uninit1 done
09:45:50 p3scan[42616]: ERR: Unable to remove /var/run/p3scan.pid
09:45:50 p3scan[42616]: P3Scan terminates now

dvserg

Now i stop a package test, while not a p3scan-3.0 port version.
Ver 2.3.2 have problem with Clamd socket connection and with smtp listenning. (I can't start this)

Current package normally work only with pop3/pop3s.

Eny other comments exists ?

_igor_

I tested the package last night for a short run, but not shure if all is right.

Was a quick-shot, didn't scan mail. Outgoing was disabled, only incoming. I will enable log to see more. But its great!
My havp and clamav are working smoothie on 2.0. So maybe its due to this fact.
By the way, havp and clamav are running in actual versions!

pkg_info:
clamav-0.95.2 Command line virus scanner written entirely in C
havp-0.91 HTTP Antivirus Proxy

dvserg

Need renew pfsense packages tree. I can't do this.

_igor_

What do you mean with this?

ToxIcon

igor I am also testing p3scan out bound seem to work but inbound gives error.

igor your havp and clamav are running in actual versions, can you give instruction on how you update havp to HAVP 0.91 release and clamav to ClamAV 0.95.3 stable thanks.

or can you update the havp package

dvserg

@_igor_:

What do you mean with this?

Need update new TBZ-ports from FreeBSD portal to pfSense portal (ports tree = port and his depences).
This job for pfSense developers. I have't access to this.

–-
P3scan package gui updated.

_igor_

I'm sorry, but don't know how to update the package. Its a bit confusing to me at the moment. Not enough skills to program.

installed havp as usual.

after installation (on 2.0) made the config, started havp without success. No problem.
now viapkg_delete havpand```
pkg_delete clamav

via```
pkg_add -r clamav-0.95.2
```and

> pkg_add -r havp-0.91

installed both packages manually.
After this tried to start clamav via```
/usr/local/sbin/clamd -c /usr/local/etc/clamd.conf
```.
Looking at the system-log (can be done via Webgui) saw the missing libs. Made the links manually. Sorry, but didn't record the libnames, are 3-4 libs.
So for example clamav is missing libz.so.x, looked for them via```
find / -name "libz.so.*"
```, got ```
/lib/libz.so.y
```Via```
 ln -s /lib/libz.so.y /libz.so.x
```made them known to clamav. So on with all missing libs.
After getting clamav started without errors, did

/usr/local/sbin/havp -c /usr/local/etc/havp/havp.config

ok.
At last noticed that havp only works as "parent for squid" and squid as transparent proxy.
In pfSense 1.2.3 it is different. Havp only works as transparent. Curious, funny but doesn't matter.
Best of this change is, that no more failing of squidguard/squid-combination as on pfSense 1.2.3.
Finally tested with http://www.nvkz.kuzbass.net/as/ if viruses are filtered. All ok. Viruses filtered and known sites full of advertisements are filtered too.
ready.

_igor_

New test with p3scan. No success. Outgoing and incoming mail is not scanned. p3scan started with "-d debug" only stated "Waiting for connections" That was all. :(