HAVP is failing the eicar test.
-
this is the log when i start the havp:
havp[4534]: Process ID: 4534
Nov 23 10:39:14 havp[4533]: –- All scanners initialized
Nov 23 10:39:14 havp[4533]: Clamd Socket Scanner passed EICAR virus test (Eicar-Test-Signature)
Nov 23 10:39:14 havp[4533]: –- Initializing Clamd Socket Scanner
Nov 23 10:39:14 havp[4533]: Use parent proxy: 192.168.1.1:3128
Nov 23 10:39:14 havp[4533]: Running as user: havp, group: havp
Nov 23 10:39:14 havp[4533]: === Mandatory locking disabled! KEEPBACK settings not used!
Nov 23 10:39:14 havp[4533]: === Starting HAVP Version: 0.91 -
???
And what you are confused here?
Clamd Socket Scanner passed EICAR virus test (Eicar-Test-Signature) -
the havp should block the site http://www.eiacr.org and any of downloads from this site. But it is not blocking the access and downloads to/from this site. That is why i am confused.
-
the havp should block the site http://www.eiacr.org
No, dont should.
The HAVP should block downloades from this page only http://www.eicar.org/anti_virus_test_file.htm - this is a test signature.
The HAVP not blocking clean pages - only viruses content. -
Sir,
thanks for your immediate response, but it is not blocking those downloads. What should i do now ? -
Sir,
thanks for your immediate response, but it is not blocking those downloads. What should i do now ?Ок.
Do you have squid in system? How configured squid & havp. -
Sir,
yes i do have squid in the system. But i have disabled it. Iwill show u the settings.Antivirus: HTTP proxy (havp + clamav)
Proxy mode: Parent for squid
Enable Forwarded IP: yes (checked)
Enable X-Forwarded-For: no (unchecked)
Block file if error scanning:yes (checked)
Scan images:yes
Scan media stream:yesSQUID:
Proxy server: General settingsTransparent proxy:no(unchecked)
Allow users on interface:yes(checked)
Suppress Squid Version:yes (checked)
REST ARE UNCHECKED. -
Oh, you must enable squid. As you can see, havp is parent for squid. So it cannot work as expected. Good luck!
-
Proxy mode: Parent for squid
!
You take pages from the squid.
For test:
1. Set HAVP normal mode
2. Squid don't must have transparent mode
3. Setup you browser to the HAVP proxy use (IP/Port)
4. Test EICAR site to download. -
hi all,
thanks dvserg and igor for your response, i applied the suggestions of your, but unfortunately its still not working…
now i am trying to reinstall it. I did the uninstall first from WebGUI and from the command both. Now can any one tell me from where to reinstall it WebGUI or shell..??Regards,
NM04 -
hi all,
i reinstalled the havp from shell (uninstalled from WEBGUI and shell), and now can any one tell me how start havp through shell ?Thanks & Regards,
NM04 -
hi all,
The installation for HAVP from shell was a success, it didn't gave any errors. But when i executed freshclam it gave the following error:/libexec/ld-elf.so.1:Shared object "libbz2.so.4" not found, required by "freshclam"
what should i do now ?
Thanks in advance.
NM04 -
take a look at a libbz2.so.*, maybe you have a libbz2.so.3 or similar. Symlink that found version to the missing one and test again. Should help. Afterwards you will likely get new errors stating missing libs. Do the same with that corresponding errors. Test again. Good luck!
-
hi all,
thanks igor for suggestion, but i am new to this pfsense, and i don't know where that file (libbz2.so) exists. Please help me to make havp work on my pfsense.
If i install it from the webgui it installs the older version of havp which runs but fails the eicar test, and if installed from the shell it installs the latest version but don't runs and gives that error mentioned in previous post. If possible for any one please give me a step by step procedure for havp. Though i have tried everything in my scope of knowledge, but nothing worked for me.Regards,
NM04 -
igor u were right i have libbz2.so which is linked to libbz2.so.3, and both are present, but i can't find the libbz2.so.4( the missing one), there is no such file by the name libbz2.so.4 . What should i do now ?