Dansguardian package for 2.0
-
First issue I'm having (a minor one): crontab is filled up with at least 100 entries of:
0 0 */7 * * root /usr/local/bin/php /usr/local/www/dansguardian.php fetch_blacklistMaybe it writes another entry each time I save a config? I have manually deleted all these entries (except one) a couple of times now but it keeps filling up.
Second issue is getting clamav to work. Out of the box I kept getting a lot of:
Error connecting to ClamD socket
Unknown return code from content scanner: -1To start with, after installing DG it seemed a bunch of files and directories are missing. So e.g. I had to manually create /var/run/clamav and chown to clamav. And then touch clamd.sock inside that directory and make sure it had 755 permissions and clamav owner. Also maybe some /var/log/clamav settings.
I tried a number of things after that, like manually running freshclam (OK), manually restarting DG (OK as long as I created clamd.sock as above), manually installing the latest version of clamav I could find (pkg_add -r http://files.pfsense.org/packages/8/All/clamav-0.97.6.tbz). Still nothing.
The final thing that got it working for me was to restart clamav-clamd myself. I'm not sure why this works since the system logs show it "starting" when I enable clamav via the GUI config:
Maybe it's a restart that is necessary? With stop/start? Because that's what I did.
Anyway, right now my system is working fine with pfSense -> DG w/ clamav -> Squid3 -> Internet using DHCP/wpad but I'll be interested to see if I have to manually set up the services in the right order again after rebooting.
-
Just rebooted and it works fine, so maybe my installation had gotten out of sync or something and I was running some older version of clamav. At any rate, the manually installed version fixed it for me. Now to get https AV working.
-
Firstly I would like to thank Marcello for this great package, saved me so much time!
I have a suggestion, I guess you could call it a feature request.
On the ACL's when creating new site lists, phrase lists, etc. A button to create a new list based on the default would be handy, similar to that for firewall rules, it would just make life simpler!
Oh and separate html templates for the denied page… falls under the htmltemplate= variable in the dansguardianfx.confHow dificult would it be to run two copies of dansguardian on the same server? (listening to different ports of course!) I'm wanting some traffic from one vlan transparently filtered and another explicitly.
-
So… I was still having problems with the lines in /usr/local/etc/rc.d/clamav-clamd being duplicated. Unless I'm missing something, I think the fix is to change /usr/local/pkg/dansguardian.inc lines 1150-51 as follows:
$new_script_line=preg_replace("/NO/","YES",$script_line); $new_clamav_startup.=preg_replace("@/usr/local@",DANSGUARDIAN_DIR,$new_script_line);in other words… the old code did to "preg_replace" in a row appending the same script line... it was causing duplicate lines.
I'll take a look on clamav startup script.
-
in other words… the old code did to "preg_replace" in a row appending the same script line... it was causing duplicate lines.
I've fixed the code today.
I'm including new sync options to push noew package version to github.
-
in other words… the old code did to "preg_replace" in a row appending the same script line... it was causing duplicate lines.
I've fixed the code today.
I'm including new sync options to push noew package version to github.
Did you include the "web upload error fix"?
-
Did you include the "web upload error fix"?
web upload fix It's a binary update, I'm pushing gui fix.
I'll need to update freebsd ports before asking a new package build by core team.
-
new gui version 0.1.8 is out with:
-
New sync style that can use default system sync settings
-
Fix to clamav-clamd startup manipulation
**Note1:**If you have a messed up startup script, you can download default script with this cmd on 2.0.x pfsense version:
fetch -o /usr/local/etc/rc.d/clamav-clamd http://e-sac.siteseguro.ws/packages/dansguardian/clamav-clamd
**Note2:**Memory issues was direct related to this bug, I suggest a remove/fix of this old file before package reinstall. -
Fix missing ip-acls array on package sync to remote host
I'll try to push on next release current dansguardian patches to freebsd ports and get an official "web upload error free" dansguardian version.
-
-
new gui version 0.1.8 is out with:
-
New sync style that can use default system sync settings
-
Fix to clamav-clamd startup manipulation
Note:If you have a messed up startup script, you can download default script with this cmd on 2.0.x pfsense version:
fetch -o /usr/local/etc/rc.d/clamav-clamd http://e-sac.siteseguro.ws/packages/dansguardian/clamav-clamd -
Fix missing ip-acls array on package sync to remote host
I'll try to push on next release current dansguardian patches to freebsd ports and get an official "web upload error free" dansguardian version.
Slight error in new version…
When creating the clamav-clamd file you need clamd.conf to be in "/usr/local/etc" rather than "/etc" and the path to clamdscan is "/usr/local/bin" rather than "/bin".
-
-
new gui version 0.1.8 is out with:
-
New sync style that can use default system sync settings
-
Fix to clamav-clamd startup manipulation
Note:If you have a messed up startup script, you can download default script with this cmd on 2.0.x pfsense version:
fetch -o /usr/local/etc/rc.d/clamav-clamd http://e-sac.siteseguro.ws/packages/dansguardian/clamav-clamd -
Fix missing ip-acls array on package sync to remote host
I'll try to push on next release current dansguardian patches to freebsd ports and get an official "web upload error free" dansguardian version.
Slight error in new version…
When creating the clamav-clamd file you need clamd.conf to be in "/usr/local/etc" rather than "/etc" and the path to clamdscan is "/usr/local/bin" rather than "/bin".
There is a typo in line 1160. cpreg_p should be cpreg_r
-
-
When creating the clamav-clamd file you need clamd.conf to be in "/usr/local/etc" rather than "/etc" and the path to clamdscan is "/usr/local/bin" rather than "/bin".
Where did you found on code that it's not saved on /usr/local?
There is a typo in line 1160. cpreg_p should be cpreg_r
Found (and fixed), thanks. :)
-
I keep getting "Error connecting to the clamd socket" when trying to access through DG. DG and Squid are running.
-
I keep getting "Error connecting to the clamd socket" when trying to access through DG. DG and Squid are running.
Check your /usr/local/etc/rc.d/clamd-clamav file. If it has a lot of duplicated files, try to remove it and fetch original file from my previous post.
@marcelloc:Note1:If you have a messed up startup script, you can download default script with this cmd on 2.0.x pfsense version:
fetch -o /usr/local/etc/rc.d/clamav-clamd http://e-sac.siteseguro.ws/packages/dansguardian/clamav-clamdTry to run freshclam on console too.
-
I keep getting "Error connecting to the clamd socket" when trying to access through DG. DG and Squid are running.
Check your /usr/local/etc/rc.d/clamd-clamav file. If it has a lot of duplicated files, try to remove it and fetch original file from my previous post.
@marcelloc:Note1:If you have a messed up startup script, you can download default script with this cmd on 2.0.x pfsense version:
fetch -o /usr/local/etc/rc.d/clamav-clamd http://e-sac.siteseguro.ws/packages/dansguardian/clamav-clamdTry to run freshclam on console too.
I replaced the clamd-clamav file with yours and did run freshclam on the console with success. I also did a reboot. But the error is still there if i try to access websites through DG.
-
I replaced the clamd-clamav file with yours and did run freshclam on the console with success. I also did a reboot. But the error is still there if i try to access websites through DG.
What you got running freshclam on console?
-
What you got running freshclam on console?
ClamAV update process started at Fri Apr 26 15:26:53 2013
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.97.6 Recommended version: 0.97.8
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
daily.cvd is up to date (version: 17096, sigs: 1164088, f-level: 63, builder: neo)
safebrowsing.cvd is up to date (version: 40506, sigs: 1254288, f-level: 63, builder: google)
bytecode.cvd is up to date (version: 214, sigs: 41, f-level: 63, builder: neo) -
ok, now try to start dansguardian from console too.
/usr/local/etc/rc.d/dansguardian.sh start
kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 4096 -> 4096 Starting dansguardian.and then check if clamd is running
ps ax | grep -i clamd42895 ?? Is 0:09.65 /usr/local/sbin/clamd 41545 4 S+ 0:00.00 grep -i clam -
ok, now try to start dansguardian from console too.
/usr/local/etc/rc.d/dansguardian.sh startThis is my output :
/usr/local/etc/rc.d/dansguardian.sh start kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 4096 -> 4096 Starting dansguardian.and then check if clamd is running
ps ax | grep -i clamdThis is my output :
30435 ?? Is 1:16.02 clamd 52395 0 S+ 0:00.00 grep -i clamd -
your clamd is running ???
check what user is running dansguardian and clamav
ps aux | grep "dansguardian|clamd"
-
your clamd is running ???
check what user is running dansguardian and clamav
ps aux | grep "dansguardian|clamd"
ps aux | grep "dansguardian\|clamd" clamav 46857 25.5 0.3 9680 5992 ?? S 3:49PM 0:00.00 /usr/local/sbin/dansguardian -Q clamav 47164 25.5 0.3 10704 6000 ?? S 3:49PM 0:00.00 /usr/local/sbin/dansguardian -Q clamav 47418 25.5 0.4 11728 7816 ?? S 3:49PM 0:00.00 /usr/local/sbin/dansguardian -Q clamav 47487 25.5 0.4 11728 7820 ?? S 3:49PM 0:00.00 /usr/local/sbin/dansguardian -Q clamav 47625 25.5 0.4 11728 7820 ?? S 3:49PM 0:00.00 /usr/local/sbin/dansguardian -Q clamav 47643 25.5 0.4 11728 7824 ?? S 3:49PM 0:00.00 /usr/local/sbin/dansguardian -Q clamav 47717 25.5 0.4 11728 7824 ?? S 3:49PM 0:00.00 /usr/local/sbin/dansguardian -Q clamav 48011 25.5 0.4 11728 7824 ?? S 3:49PM 0:00.00 /usr/local/sbin/dansguardian -Q clamav 48045 25.5 0.4 11728 7828 ?? S 3:49PM 0:00.00 /usr/local/sbin/dansguardian -Q clamav 48336 25.5 0.4 11728 7828 ?? S 3:49PM 0:00.00 /usr/local/sbin/dansguardian -Q clamav 46714 25.4 0.4 11728 7872 ?? Ss 3:49PM 0:00.01 /usr/local/sbin/dansguardian -Q root 62146 0.0 0.1 3468 1252 0 S+ 3:49PM 0:00.00 grep dansguardian\\|clamd
