P3Scan package test
-
I am seeing this since install P3scan can send email but unable to receive any email receive just gives errors out
is their a way to check a log to see what is going on with P3scanThanks. I'm look this issue.
-
192.0.0.100 - WinXP + Outlook Express 6…
192.0.0.222 - LAN interface on PFsenseOE6 -> POP3 server = 192.0.0.222:8110 (P3Scan)
WireShark : No any other traffic except SYN from .100 to .222Below some add info.
pkg_info
...
clamav-0.93.1_2 Command line virus scanner written entirely in C
havp-0.88 HTTP Antivirus Proxy
p3scan-2.3.2_4 A transparent POP3-Proxy with virus-scanning capabilities
squid-2.7.7
...Diagnostic -> States :
...
tcp 127.0.0.1:8110 <- 192.0.0.222:8110 <- 192.0.0.100:3665 CLOSED:SYN_SENT
...netstat -a -n
...
tcp4 0 0 192.0.0.222.8110 . LISTEN
...Where LISTEN on 25 (SMTP) ?
p3scan -d > p3debug
09:45:04 p3scan[42616]: P3Scan Version 2.3.2
09:45:04 p3scan[42616]: Selected scannertype: clamd (ClamAV TCP Daemon)
09:45:04 p3scan[42616]: Listen now on 192.0.0.222:8110
09:45:04 p3scan[42616]: /usr/sbin/chown mailnull:mailnull /var/run/p3scan.pid=54
09:45:05 p3scan[42616]: Changing uid (we are root)
09:45:05 p3scan[42616]: Running as user: mailnull
09:45:05 p3scan[42616]: Clamd init. Server: 1 Port: 3110
09:45:05 p3scan[42616]: p3scan.conf:
09:45:05 p3scan[42616]: pidfile: /var/run/p3scan.pid
09:45:05 p3scan[42616]: maxchilds: 100
09:45:05 p3scan[42616]: ip: 49152
09:45:05 p3scan[42616]: port: 8110
09:45:05 p3scan[42616]: targetip/port disabled
09:45:05 p3scan[42616]: user: mailnull
09:45:05 p3scan[42616]: notifydir: /var/spool/p3scannotify
09:45:05 p3scan[42616]: virusdir: /var/spool/p3scan
09:45:05 p3scan[42616]: justdelete: enabled
09:45:05 p3scan[42616]: bytesfree: 10000
09:45:05 p3scan[42616]: demime: disabled
09:45:05 p3scan[42616]: scanner: 127.0.0.1:3110
09:45:05 p3scan[42616]: broken: disabled
09:45:05 p3scan[42616]: checkspam: disabled
09:45:05 p3scan[42616]: spamcheck: /usr/local/bin/spamc
09:45:05 p3scan[42616]: debug: enabled
09:45:05 p3scan[42616]: quiet: disabled
09:45:05 p3scan[42616]: template: /etc/p3scan/p3scan-ru.mail
09:45:05 p3scan[42616]: subject: [Virus] found in a mail to you:
09:45:05 p3scan[42616]: notify: Per instruction, the message has been deleted.
09:45:05 p3scan[42616]: extra: safar@astpage.ru
09:45:05 p3scan[42616]: emailport: 25
09:45:05 p3scan[42616]: smtprset: Virus detected! P3scan rejected message!
09:45:05 p3scan[42616]: smtpsize: not checking.
09:45:05 p3scan[42616]: sslport: 995
09:45:05 p3scan[42616]: mail: /usr/bin/mail
09:45:05 p3scan[42616]: timeout: 30
09:45:05 p3scan[42616]: altvnmsg: disabled
09:45:05 p3scan[42616]: useurl: disabled
09:45:05 p3scan[42616]: emergcon: root@localhost postmaster@localhost
09:45:05 p3scan[42616]: TOP processing disabled
09:45:05 p3scan[42616]: PIPELINING processing disabled
09:45:05 p3scan[42616]: STLS processing disabled
09:45:05 p3scan[42616]: Waiting for connections…..^C09:45:50 p3scan[42616]: signalled, doing cleanup
09:45:50 p3scan[42616]: calling uninit1
09:45:50 p3scan[42616]: uninit1 done
09:45:50 p3scan[42616]: ERR: Unable to remove /var/run/p3scan.pid
09:45:50 p3scan[42616]: P3Scan terminates now -
Now i stop a package test, while not a p3scan-3.0 port version.
Ver 2.3.2 have problem with Clamd socket connection and with smtp listenning. (I can't start this)Current package normally work only with pop3/pop3s.
Eny other comments exists ?
-
I tested the package last night for a short run, but not shure if all is right.
Was a quick-shot, didn't scan mail. Outgoing was disabled, only incoming. I will enable log to see more. But its great!
My havp and clamav are working smoothie on 2.0. So maybe its due to this fact.
By the way, havp and clamav are running in actual versions!pkg_info:
clamav-0.95.2 Command line virus scanner written entirely in C
havp-0.91 HTTP Antivirus Proxy -
Need renew pfsense packages tree. I can't do this.
-
What do you mean with this?
-
igor I am also testing p3scan out bound seem to work but inbound gives error.
igor your havp and clamav are running in actual versions, can you give instruction on how you update havp to HAVP 0.91 release and clamav to ClamAV
0.95.3 stable thanks.or can you update the havp package
-
What do you mean with this?
Need update new TBZ-ports from FreeBSD portal to pfSense portal (ports tree = port and his depences).
This job for pfSense developers. I have't access to this.–-
P3scan package gui updated. -
I'm sorry, but don't know how to update the package. Its a bit confusing to me at the moment. Not enough skills to program.
installed havp as usual.
after installation (on 2.0) made the config, started havp without success. No problem.
now viapkg_delete havpand```
pkg_delete clamavvia``` pkg_add -r clamav-0.95.2 ```and > pkg_add -r havp-0.91 installed both packages manually. After this tried to start clamav via``` /usr/local/sbin/clamd -c /usr/local/etc/clamd.conf ```. Looking at the system-log (can be done via Webgui) saw the missing libs. Made the links manually. Sorry, but didn't record the libnames, are 3-4 libs. So for example clamav is missing libz.so.x, looked for them via``` find / -name "libz.so.*" ```, got ``` /lib/libz.so.y ```Via``` ln -s /lib/libz.so.y /libz.so.x ```made them known to clamav. So on with all missing libs. After getting clamav started without errors, did/usr/local/sbin/havp -c /usr/local/etc/havp/havp.config
ok. At last noticed that havp only works as "parent for squid" and squid as transparent proxy. In pfSense 1.2.3 it is different. Havp only works as transparent. Curious, funny but doesn't matter. Best of this change is, that no more failing of squidguard/squid-combination as on pfSense 1.2.3. Finally tested with http://www.nvkz.kuzbass.net/as/ if viruses are filtered. All ok. Viruses filtered and known sites full of advertisements are filtered too. ready. -
New test with p3scan. No success. Outgoing and incoming mail is not scanned. p3scan started with "-d debug" only stated "Waiting for connections" That was all. :(