Squid + HAVP
-
I have installed squid and havp and for some reasons I can not get havp to start. I will go into services and restart the havp service and it would shutdown. I have checked the system log and I am getting this. I have followed the instructions to try to get this work and nothing if anyone can give me some advice I would appreciate it. Thx
http://doc.pfsense.org/index.php/HAVP_Package_for_HTTP_Anti-Virus_Scanning
havp[4383]: Clamd: Could not connect to scanner! Scanner down?
havp[1446]: ERROR: Clamd Socket Scanner failed EICAR virus test! (Could not connect to scanner socket) -
I'll bet you forgot to set HAVP as a parent proxy for Squid. See settings below.
HAVP:
Squid:
-
Thx for the pics I copied the same configs and even port numbers as you have just to test and I am still getting this error message on the pic below also I have paste a few print screens of my settings they pretty much match yours.
-
the fact that you get the message about being unable to connect to the clamd scanner is suspicious. what do you get from the following shell command:
ps ax | grep clam
-
here is what I get when I run the ps ax | grep clam command. I have attached a print screen
-
Hmmm, if you try starting havp and look in the system logs (or havp logs if you have that enabled), does havp say anything? Maybe you need to delete havp and reinstall it?
-
Yeah I have reinstalled and uninstalled hapv a few times and same issue. I do have the log options enabled in hapv I am using winscp trying to look for the log files can you point to the directory were they would be stored?
-
/var/log/havp
-
it looks like both files were modified on 12/24/09 and are empty I have attached a print screen.
![12-30-2009 4-43-57 PM.png](/public/imported_attachments/1/12-30-2009 4-43-57 PM.png)
![12-30-2009 4-43-57 PM.png_thumb](/public/imported_attachments/1/12-30-2009 4-43-57 PM.png_thumb) -
that is weird. only thing i can think of: uninstall havp, then go through the filesystem on the pfsense and delete anything to do with havp and/or clam*.
-
Yeah I thought that was pretty weird also. What directories of clamv and havp do you recommend me to delete. Were is the root directory for these programs in /var or /etc ?
-
As I recall, there are several in /var, /maybe /usr/local. I would just do something like:
find / -name 'havp*' -print
find / -name 'clam*' -printand see what you see…
also once you are done, look at /conf/config.xml and make sure all vestiges are gone. If need be, edit the file and delete them, then reboot and try again. And make sure you back up first :)
-
Receiving same results removed files manually and reinstalled looked at the config.xml and searched for havp and keywords found a few havp did not remove them I guess I will remove them next time and try again. I have copied and pasted the system log and pasted below Also I have attached a print screen of the proxy server and custom options does everything look ok their?
Dec 30 17:36:40 kernel: miibus3: <mii bus="">on xl0
Dec 30 17:36:40 kernel: ukphy0: <generic ieee="" 802.3u="" media="" interface="">PHY 24 on miibus3
Dec 30 17:36:40 kernel: ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
Dec 30 17:36:40 kernel: xl0: Ethernet address:
Dec 30 17:36:40 kernel: xl0: [ITHREAD]
Dec 30 17:36:40 kernel: isab0: <pci-isa bridge="">at device 31.0 on pci0
Dec 30 17:36:40 kernel: isa0: <isa bus="">on isab0
Dec 30 17:36:40 kernel: atapci0: <intel ich2="" udma100="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xffa0-0xffaf at device 31.1 on pci0
Dec 30 17:36:40 kernel: ata0: <ata 0="" channel="">on atapci0
Dec 30 17:36:40 kernel: ata0: [ITHREAD]
Dec 30 17:36:40 kernel: ata1: <ata 1="" channel="">on atapci0
Dec 30 17:36:40 kernel: ata1: [ITHREAD]
Dec 30 17:36:40 kernel: uhci0: <intel 82801ba="" bam="" (ich2)="" usb="" controller="" usb-a="">port 0xff80-0xff9f irq 19 at device 31.2 on pci0
Dec 30 17:36:40 kernel: uhci0: [GIANT-LOCKED]
Dec 30 17:36:40 kernel: uhci0: [ITHREAD]
Dec 30 17:36:40 kernel: usb0: <intel 82801ba="" bam="" (ich2)="" usb="" controller="" usb-a="">on uhci0
Dec 30 17:36:40 kernel: usb0: USB revision 1.0
Dec 30 17:36:40 kernel: uhub0: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usb0
Dec 30 17:36:40 kernel: uhub0: 2 ports with 2 removable, self powered
Dec 30 17:36:40 kernel: pci0: <serial bus,="" smbus="">at device 31.3 (no driver attached)
Dec 30 17:36:40 kernel: uhci1: <intel 82801ba="" bam="" (ich2)="" usb="" controller="" usb-b="">port 0xff60-0xff7f irq 23 at device 31.4 on pci0
Dec 30 17:36:40 kernel: uhci1: [GIANT-LOCKED]
Dec 30 17:36:40 kernel: uhci1: [ITHREAD]
Dec 30 17:36:40 kernel: usb1: <intel 82801ba="" bam="" (ich2)="" usb="" controller="" usb-b="">on uhci1
Dec 30 17:36:40 kernel: usb1: USB revision 1.0
Dec 30 17:36:40 kernel: uhub1: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usb1
Dec 30 17:36:40 kernel: uhub1: 2 ports with 2 removable, self powered
Dec 30 17:36:40 kernel: pci0: <multimedia, audio="">at device 31.5 (no driver attached)
Dec 30 17:36:40 kernel: speaker0: <pc speaker="">port 0x61 on acpi0
Dec 30 17:36:40 kernel: fdc0: <floppy drive="" controller="">port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0
Dec 30 17:36:40 kernel: fdc0: [FILTER]
Dec 30 17:36:40 kernel: fd0: <1440-KB 3.5" drive> on fdc0 drive 0
Dec 30 17:36:40 kernel: sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
Dec 30 17:36:40 kernel: sio0: type 16550A
Dec 30 17:36:40 kernel: sio0: [FILTER]
Dec 30 17:36:40 kernel: sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0
Dec 30 17:36:40 kernel: sio1: type 16550A
Dec 30 17:36:40 kernel: sio1: [FILTER]
Dec 30 17:36:40 kernel: cpu0: <acpi cpu="">on acpi0
Dec 30 17:36:40 kernel: p4tcc0: <cpu frequency="" thermal="" control="">on cpu0
Dec 30 17:36:40 kernel: pmtimer0 on isa0
Dec 30 17:36:40 kernel: orm0: <isa option="" rom="">at iomem 0xc0000-0xc7fff pnpid ORM0000 on isa0
Dec 30 17:36:40 kernel: atkbdc0: <keyboard controller="" (i8042)="">at port 0x60,0x64 on isa0
Dec 30 17:36:40 kernel: atkbd0: <at keyboard="">irq 1 on atkbdc0
Dec 30 17:36:40 kernel: kbd0 at atkbd0
Dec 30 17:36:40 kernel: atkbd0: [GIANT-LOCKED]
Dec 30 17:36:40 kernel: atkbd0: [ITHREAD]
Dec 30 17:36:40 kernel: sc0: <system console="">at flags 0x100 on isa0
Dec 30 17:36:40 kernel: sc0: VGA <16 virtual consoles, flags=0x300>
Dec 30 17:36:40 kernel: vga0: <generic isa="" vga="">at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Dec 30 17:36:40 kernel: Timecounter "TSC" frequency 1694509096 Hz quality 800
Dec 30 17:36:40 kernel: Timecounters tick every 1.000 msec
Dec 30 17:36:40 kernel: IPsec: Initialized Security Association Processing.
Dec 30 17:36:40 kernel: ad0: 152627MB <seagate st3160023a="" 8.01="">at ata0-master UDMA100
Dec 30 17:36:40 kernel: acd0: CDRW <hl-dt-st rw="" dvd="" gcc-4480b="" 1.03="">at ata1-master UDMA33
Dec 30 17:36:40 kernel: Trying to mount root from ufs:/dev/ad0s1a
Dec 30 17:36:41 kernel: pflog0: promiscuous mode enabled
Dec 30 17:36:50 php: : SQUID is installed but not started. Not installing redirect rules.
Dec 30 17:36:50 php: : SQUID is installed but not started. Not installing redirect rules.
Dec 30 17:36:52 pftpx[604]: listening on 127.0.0.1 port 8021
Dec 30 17:36:52 pftpx[604]: listening on 127.0.0.1 port 8021
Dec 30 17:36:52 pftpx[628]: listening on 127.0.0.1 port 8022
Dec 30 17:36:52 pftpx[628]: listening on 127.0.0.1 port 8022
Dec 30 17:36:54 dnsmasq[726]: started, version 2.45 cachesize 150
Dec 30 17:36:54 dnsmasq[726]: compile time options: IPv6 GNU-getopt BSD-bridge ISC-leasefile no-DBus no-I18N TFTP
Dec 30 17:36:54 dnsmasq[726]: reading /etc/resolv.conf
Dec 30 17:36:54 dnsmasq[726]: using nameserver #53
Dec 30 17:36:54 dnsmasq[726]: using nameserver #53
Dec 30 17:36:54 dnsmasq[726]: read /etc/hosts - 2 addresses
Dec 30 17:36:54 php: : DynDns: Running updatedns()
Dec 30 17:36:54 php: : DynDns: updatedns() starting
Dec 30 17:36:54 php: : DynDns: _detectChange() starting.
Dec 30 17:36:54 php: : DynDns: Current WAN IP:
Dec 30 17:36:55 php: : DynDns: Cached IP:
Dec 30 17:36:55 php: : phpDynDNS: No Change In My IP Address and/or 25 Days Has Not Past. Not Updating Dynamic DNS Entry.
Dec 30 17:36:57 php: : SQUID is installed but not started. Not installing redirect rules.
Dec 30 17:36:57 php: : SQUID is installed but not started. Not installing redirect rules.
Dec 30 17:37:01 php: : Creating rrd update script
Dec 30 17:37:03 php: : Resyncing configuration for all packages.
Dec 30 17:37:04 php: : Reloading Squid for configuration sync
Dec 30 17:37:07 last message repeated 5 times
Dec 30 17:37:08 php: : Starting Squid
Dec 30 17:37:08 php: : The OpenVPN-Enhancements package is missing required dependencies and must be reinstalled.
Dec 30 17:37:08 last message repeated 3 times
Dec 30 17:37:08 squid[1311]: Squid Parent: child process 1313 started
Dec 30 17:37:08 php: : The OpenVPN-Enhancements package is missing required dependencies and must be reinstalled.
Dec 30 17:37:08 php: : Could not locate /usr/local/pkg/ovpnenhance.inc.
Dec 30 17:37:09 php: : Beginning package installation for OpenVPN-Enhancements.
Dec 30 17:37:17 check_reload_status: check_reload_status is starting
Dec 30 17:37:17 check_reload_status: rc.newwanip starting
Dec 30 17:37:17 clamd[1396]: Not supported data format
Dec 30 17:37:17 havp[1413]: === Starting HAVP Version: 0.88
Dec 30 17:37:17 havp[1413]: === Mandatory locking disabled! KEEPBACK settings not used!
Dec 30 17:37:17 havp[1413]: Running as user: havp, group: havp
Dec 30 17:37:17 havp[1413]: –- Initializing Clamd Socket Scanner
Dec 30 17:37:18 php: : Informational: rc.newwanip is starting dc0.
Dec 30 17:37:18 php: : rc.newwanip working with (IP address:) (interface: wan) (interface real: dc0).
Dec 30 17:37:20 login: login on ttyv0 as root
Dec 30 17:38:17 havp[1413]: Clamd: Could not connect to scanner! Scanner down?
Dec 30 17:38:17 havp[1413]: ERROR: Clamd Socket Scanner failed EICAR virus test! (Could not connect to scanner socket)
</hl-dt-st></seagate></generic></system></at></keyboard></isa></cpu></acpi></floppy></pc></multimedia,></intel></intel></intel></serial></intel></intel></intel></ata></ata></intel></isa></pci-isa></generic></mii> -
Yuck, looks like there are other things messed up. Might want to bite the bullet and reinstall?
-
anything you see in the log or print screen I sent to you looks really bad? I am just curious what caused it I have only had pfsense running for about 7 days.
-
Just some of the messages about squid and dependencies being wrong and such. If those are wrong, who knows what else?
-
well i reinstalled pfsense and it worked i install squid, squidguard and then havp. The first time i installed havp and installed squid and then uninstalled and installed it a few times. But now the service is running thx for your help.
-
good to hear!