• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Dansguardian freshclam issue

Scheduled Pinned Locked Moved pfSense Packages
60 Posts 8 Posters 26.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    asterix
    last edited by Jun 16, 2013, 10:17 PM Jun 16, 2013, 9:36 PM

    Running latest 2.1 snapshot. Getting this error when trying to get freshclam

    $ freshclam
    ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
    ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).

    1 Reply Last reply Reply Quote 0
    • A
      asterix
      last edited by Jun 19, 2013, 4:59 AM

      anyone ???

      1 Reply Last reply Reply Quote 0
      • A
        asterix
        last edited by Jun 21, 2013, 11:52 PM

        So no one has this issue? No one has installed Dansguardian on 2.1RC and not using clamd?

        1 Reply Last reply Reply Quote 0
        • A
          asterix
          last edited by Jun 29, 2013, 4:58 PM

          Almost 2 weeks and 270 views and no one has seen this or knows how to resolve this?

          1 Reply Last reply Reply Quote 0
          • L
            Legion
            last edited by Jul 1, 2013, 6:39 AM

            Are you familiar with using CLIs? Do you have a ssh setup into your pfSense box, or a monitor/keyboard on your pfSense box?

            If you answered yes to those questions, log in to pfSense and:

            cd /var/log
            ls

            You possibly won't have a clamav directory. So if not:

            mkdir clamav

            If you did have a clamav directory or if you just created it as above, do:

            ls -l clamav

            and it'll show something like r-xr–r-- clamav root wheel, so:

            chown -R clamav clamav
            cd clamav
            ls

            and my guess is there is no freshclam.log, but now that you've given ownership to clamav it can create the log file when it needs to or you can explicitly create it:

            touch freshclam.log
            chown clamav freshclam.log
            chmod 644 freshclam.log

            Or something like that.

            I did have similar issues at various stages due to installing various versions of DG. I'm currently not using the latest and I'm not using clamav, but I'm not sure if other people have experienced this issue or if marcelloc has changed things to fix this.

            If you're not familiar with CLIs, probably best not to go messing around in there.

            1 Reply Last reply Reply Quote 0
            • A
              asterix
              last edited by Jul 2, 2013, 5:06 PM Jul 2, 2013, 12:42 PM

              After a lot of research I tried CLI after my last post. It kind a moved forward in fetching the files. But Dans would fail to work with Squid 3 and the whole install will get corrupted. I have multiple subnets and Squid 2 in transparent mode works beautifully but with Squid 3 in the squid.conf I see the "http_port 127.0.0.1:3128 transparent" is replaced with "http_port 127.0.0.1:3128 trancrete(or discrete)" and that is creating an issue as Dans starts to give errors of not able to connect to Sqiud proxy port.

              I haven't tried Squid 2 on pfSesne 2.1. Will try that instead.

              1 Reply Last reply Reply Quote 0
              • L
                Legion
                last edited by Jul 3, 2013, 1:28 AM

                I don't think Squid should be in transparent mode if your configuration looks like mine:

                pfSense -> DG -> Squid -> internet

                In DG you have Squid as parent proxy, normally on 127.0.0.1, port 3128 (or is it 3125?). DG listens on whatever interface you want to configure (for me: LAN, wifi, VLANs).

                In Squid you have transparent off, and listening on localhost.

                You also need to have your traffic going to DG. Mine's enforced through a combination of wpad, NAT rules and firewall rules and devices are either auto-detecting or manually configured to hit DG (or NAT enforces it).

                1 Reply Last reply Reply Quote 0
                • A
                  asterix
                  last edited by Jul 3, 2013, 1:35 AM Jul 3, 2013, 1:32 AM

                  Squid fails to work on just localhost selected. I am forced to select my 5 subnets in Squid and then select transparent option to ensure I don't have to do manual proxy configuration on every client.

                  This config works just perfect in v2.0.3

                  1 Reply Last reply Reply Quote 0
                  • L
                    Legion
                    last edited by Jul 3, 2013, 2:12 AM

                    That will bypass DG.

                    I use the NAT rules to force traffic through DG.

                    I have a redirection rule where all traffic on all interfaces heading to port 80 is redirected to pfSense's IP : port 8080 instead (the default DG port, which is where I have DG). So even if my manual proxy config on some devices fails, my auto-detect/wpad proxy config on other devices fails, the NAT redirection ensures all traffic goes to DG whether it likes it or not.

                    The rule has an exception for traffic heading to pfSense:80, so that if a device wants to use wpad it can still do that.

                    This is obviously only for http traffic. I haven't tackled https traffic through DG/Squid yet.

                    1 Reply Last reply Reply Quote 0
                    • A
                      asterix
                      last edited by Jul 3, 2013, 4:06 AM

                      Yes, I keep the same NAT settings as well.

                      1 Reply Last reply Reply Quote 0
                      • A
                        asterix
                        last edited by Jul 7, 2013, 5:56 PM

                        So, I finally managed to get freshclam started. It did complain in between about missing /var/db/clamav so I created that as well and gave permissions. But it fails when I start dansguardian with this log

                        Jul 7 13:55:13 dansguardian[13871]: Unknown return code from content scanner: -1
                        Jul 7 13:55:13 dansguardian[13871]: Error connecting to ClamD socket
                        Jul 7 13:55:13 dansguardian[13871]: Unknown return code from content scanner: -1
                        Jul 7 13:55:13 dansguardian[13871]: Error connecting to ClamD socket
                        Jul 7 13:55:13 lighttpd[44102]: (connections.c.137) (warning) close: 23 Connection reset by peer
                        Jul 7 13:54:44 php: /pkg_edit.php: Starting Dansguardian
                        Jul 7 13:54:44 php: /pkg_edit.php: Starting clamav-clamd

                        1 Reply Last reply Reply Quote 0
                        • K
                          kejianshi
                          last edited by Jul 7, 2013, 7:02 PM

                          When I was having problems with my dansguardian / clam / squid install, the packages wouldn't work after changing my config not long ago.

                          So, I backed up my settings.
                          reinstalled pfsense.
                          restored my settings.
                          rebooted.
                          Reinstalled my missing packages (the setting were all still there)
                          Purged my squid cache.

                          rebooted and all was fine.

                          1 Reply Last reply Reply Quote 0
                          • A
                            asterix
                            last edited by Jul 8, 2013, 12:20 AM

                            Yeah well I tried that.. doesn't work on 2.1. I presume the dansguardian package is not yet fully compatible with 2.1 and needs work..

                            Here is what I get with clamd enabled… ofcourse the scanner is not working.


                            Access to the page:

                            http://www.msn.com

                            ... has been denied for the following reason:

                            WARNING: Could not perform content scan!

                            Categories:

                            Content scanning

                            1 Reply Last reply Reply Quote 0
                            • K
                              kejianshi
                              last edited by Jul 8, 2013, 2:03 AM

                              haha - yeah.  That seems a little suspect.

                              1 last thing I have done.  Go to pfsense console menu, go to command shell and do a freshclam.

                              freshclam

                              clamd

                              1 Reply Last reply Reply Quote 0
                              • A
                                asterix
                                last edited by Jul 8, 2013, 2:14 PM

                                Yeah I did that already :)

                                It complained at first about freshclam.log being in use by some other process. After a 10 min wait I reboot the box and ran freshclam again. Worked this time and I see the files being download. Though it complains about old signatures.

                                1 Reply Last reply Reply Quote 0
                                • K
                                  kejianshi
                                  last edited by Jul 8, 2013, 5:45 PM

                                  Well, you are running a beta package on a beta/RC.  What could possibly go wrong?
                                  When I get this far down the rabbit hole, I usually start looking towards a fresh install.

                                  1 Reply Last reply Reply Quote 0
                                  • A
                                    asterix
                                    last edited by Jul 9, 2013, 4:01 AM

                                    Well I do fresh installs all the time. One small error makes me get rid of the install and start fresh.. :)

                                    1 Reply Last reply Reply Quote 0
                                    • K
                                      kejianshi
                                      last edited by Jul 9, 2013, 5:22 AM

                                      Yep - For sure for me.

                                      Because fresh install takes 4 minutes, restore config - 1 minute, reload missing packages, 2 minutes.

                                      Then usually all is well.

                                      1 Reply Last reply Reply Quote 0
                                      • A
                                        asterix
                                        last edited by Jul 21, 2013, 5:59 PM

                                        marcelloc,
                                        Can u please fix this freshclam issue on 2.1 . :)

                                        1 Reply Last reply Reply Quote 0
                                        • C
                                          clauded1
                                          last edited by Aug 2, 2013, 8:51 PM

                                          Got it working with many manipulations that should be corrected in the package (tested on 2.1 RC1):

                                          1. Create missing directories : mkdir /var/log/clamav /var/db/clamav /var/run/clamav
                                          2. Change ownership of these directories : chown clamav /var/log/clamav /var/db/clamav /var/run/clamav
                                          3. Refresh clam db : freshclam
                                          4. Start clam daemon : clamd &

                                          Those settings won't survive a reboot : pfSense reset permissions in /var/log and removes directories created in /var/run. This should be coded in the startup script of Dansguardian but I haven't found it yet.

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            [[user:consent.lead]]
                                            [[user:consent.not_received]]