Dansguardian freshclam issue

asterix · Jun 16, 2013, 9:36 PM

Running latest 2.1 snapshot. Getting this error when trying to get freshclam

$ freshclam
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).

asterix · Jun 19, 2013, 4:59 AM

anyone ???

asterix · Jun 21, 2013, 11:52 PM

So no one has this issue? No one has installed Dansguardian on 2.1RC and not using clamd?

asterix · Jun 29, 2013, 4:58 PM

Almost 2 weeks and 270 views and no one has seen this or knows how to resolve this?

Legion · Jul 1, 2013, 6:39 AM

Are you familiar with using CLIs? Do you have a ssh setup into your pfSense box, or a monitor/keyboard on your pfSense box?

If you answered yes to those questions, log in to pfSense and:

cd /var/log
ls

You possibly won't have a clamav directory. So if not:

mkdir clamav

If you did have a clamav directory or if you just created it as above, do:

ls -l clamav

and it'll show something like r-xr–r-- clamav root wheel, so:

chown -R clamav clamav
cd clamav
ls

and my guess is there is no freshclam.log, but now that you've given ownership to clamav it can create the log file when it needs to or you can explicitly create it:

touch freshclam.log
chown clamav freshclam.log
chmod 644 freshclam.log

Or something like that.

I did have similar issues at various stages due to installing various versions of DG. I'm currently not using the latest and I'm not using clamav, but I'm not sure if other people have experienced this issue or if marcelloc has changed things to fix this.

If you're not familiar with CLIs, probably best not to go messing around in there.

asterix · Jul 2, 2013, 5:06 PM

After a lot of research I tried CLI after my last post. It kind a moved forward in fetching the files. But Dans would fail to work with Squid 3 and the whole install will get corrupted. I have multiple subnets and Squid 2 in transparent mode works beautifully but with Squid 3 in the squid.conf I see the "http_port 127.0.0.1:3128 transparent" is replaced with "http_port 127.0.0.1:3128 trancrete(or discrete)" and that is creating an issue as Dans starts to give errors of not able to connect to Sqiud proxy port.

I haven't tried Squid 2 on pfSesne 2.1. Will try that instead.

Legion · Jul 3, 2013, 1:28 AM

I don't think Squid should be in transparent mode if your configuration looks like mine:

pfSense -> DG -> Squid -> internet

In DG you have Squid as parent proxy, normally on 127.0.0.1, port 3128 (or is it 3125?). DG listens on whatever interface you want to configure (for me: LAN, wifi, VLANs).

In Squid you have transparent off, and listening on localhost.

You also need to have your traffic going to DG. Mine's enforced through a combination of wpad, NAT rules and firewall rules and devices are either auto-detecting or manually configured to hit DG (or NAT enforces it).

asterix · Jul 3, 2013, 1:35 AM

Squid fails to work on just localhost selected. I am forced to select my 5 subnets in Squid and then select transparent option to ensure I don't have to do manual proxy configuration on every client.

This config works just perfect in v2.0.3

Legion · Jul 3, 2013, 2:12 AM

That will bypass DG.

I use the NAT rules to force traffic through DG.

I have a redirection rule where all traffic on all interfaces heading to port 80 is redirected to pfSense's IP : port 8080 instead (the default DG port, which is where I have DG). So even if my manual proxy config on some devices fails, my auto-detect/wpad proxy config on other devices fails, the NAT redirection ensures all traffic goes to DG whether it likes it or not.

The rule has an exception for traffic heading to pfSense:80, so that if a device wants to use wpad it can still do that.

This is obviously only for http traffic. I haven't tackled https traffic through DG/Squid yet.

asterix · Jul 3, 2013, 4:06 AM

Yes, I keep the same NAT settings as well.

asterix · Jul 7, 2013, 5:56 PM

So, I finally managed to get freshclam started. It did complain in between about missing /var/db/clamav so I created that as well and gave permissions. But it fails when I start dansguardian with this log

Jul 7 13:55:13 dansguardian[13871]: Unknown return code from content scanner: -1
Jul 7 13:55:13 dansguardian[13871]: Error connecting to ClamD socket
Jul 7 13:55:13 dansguardian[13871]: Unknown return code from content scanner: -1
Jul 7 13:55:13 dansguardian[13871]: Error connecting to ClamD socket
Jul 7 13:55:13 lighttpd[44102]: (connections.c.137) (warning) close: 23 Connection reset by peer
Jul 7 13:54:44 php: /pkg_edit.php: Starting Dansguardian
Jul 7 13:54:44 php: /pkg_edit.php: Starting clamav-clamd

kejianshi · Jul 7, 2013, 7:02 PM

When I was having problems with my dansguardian / clam / squid install, the packages wouldn't work after changing my config not long ago.

So, I backed up my settings.
reinstalled pfsense.
restored my settings.
rebooted.
Reinstalled my missing packages (the setting were all still there)
Purged my squid cache.

rebooted and all was fine.

asterix · Jul 8, 2013, 12:20 AM

Yeah well I tried that.. doesn't work on 2.1. I presume the dansguardian package is not yet fully compatible with 2.1 and needs work..

Here is what I get with clamd enabled… ofcourse the scanner is not working.

Access to the page:

http://www.msn.com

... has been denied for the following reason:

WARNING: Could not perform content scan!

Categories:

Content scanning

kejianshi · Jul 8, 2013, 2:03 AM

haha - yeah. That seems a little suspect.

1 last thing I have done. Go to pfsense console menu, go to command shell and do a freshclam.

freshclam

clamd

asterix · Jul 8, 2013, 2:14 PM

Yeah I did that already :)

It complained at first about freshclam.log being in use by some other process. After a 10 min wait I reboot the box and ran freshclam again. Worked this time and I see the files being download. Though it complains about old signatures.

kejianshi · Jul 8, 2013, 5:45 PM

Well, you are running a beta package on a beta/RC. What could possibly go wrong?
When I get this far down the rabbit hole, I usually start looking towards a fresh install.

asterix · Jul 9, 2013, 4:01 AM

Well I do fresh installs all the time. One small error makes me get rid of the install and start fresh.. :)

kejianshi · Jul 9, 2013, 5:22 AM

Yep - For sure for me.

Because fresh install takes 4 minutes, restore config - 1 minute, reload missing packages, 2 minutes.

Then usually all is well.

asterix · Jul 21, 2013, 5:59 PM

marcelloc,
Can u please fix this freshclam issue on 2.1 . :)

clauded1 · Aug 2, 2013, 8:51 PM

Got it working with many manipulations that should be corrected in the package (tested on 2.1 RC1):

1. Create missing directories : mkdir /var/log/clamav /var/db/clamav /var/run/clamav
2. Change ownership of these directories : chown clamav /var/log/clamav /var/db/clamav /var/run/clamav
3. Refresh clam db : freshclam
4. Start clam daemon : clamd &

Those settings won't survive a reboot : pfSense reset permissions in /var/log and removes directories created in /var/run. This should be coded in the startup script of Dansguardian but I haven't found it yet.