HAVP - trying to get working on 2.1RC
-
I was setting up a new install of 2.1RC the other day, and was trying to get my packages working. I like to use Squid, SG, and HAVP. I got Squid and SG set up, then I installed HAVP, and didn't get it working. I messed with it for a day or so, but didn't figure it out.
I was about to look into it again today, and I noticed the package is no longer in the list? Is it gone for good? Is anyone working on it, or a replacement for it?
Anyone have any tips for getting any AV working on latest pfSense?
Thanks…
-
Nothing gone.
https://github.com/pfsense/pfsense-packages/commits/master/config/havp
-
Ok, that is helpful. I've started looking thru that code and I've already identified one error. I'm prepared to try and debug this and get it working, but need a little more help.
Once I modify the files how do I put them into a pkg and actually install them on my pfsense box?
or do I need to put them into a pkg? How can I just run them on my box to test them out?
Thanks
-
Uh. The package is there and installs just fine.
-
Ah, ok. I think I must have been checking for available pkgs on a machine with HAVP already installed; then it doesn't show up as available (is this something new?).
So it IS in the list. My mistake.
Now onto the the next issues. I'm trying to install on 2.1 RC. There is a bug in the install script, havp.inc, line 82:
if(preg_match("/^2.0/",$pfSversion))
should be (like on line 107):
if(preg_match("/^2./",$pfSversion))
This bug (if installed on 2.1) causes all files/dirs in /var/log to have their owner and group changed to havp.
Also, in havp.inc, where the permissions are changed, the dir must be checked for existence first, because file_put_contents will not create the dirs. Starting at line 416, it should be:
# log dir exists ? if (!file_exists(HVDEF_LOG_DIR)) mwexec("mkdir -p " . HVDEF_LOG_DIR); # log files exists ? if (!file_exists(HVDEF_HAVP_ACCESSLOG)) file_put_contents(HVDEF_HAVP_ACCESSLOG, ''); if (!file_exists(HVDEF_HAVP_ERRORLOG)) file_put_contents(HVDEF_HAVP_ERRORLOG, ''); # log dir permissions havp_set_file_access(HVDEF_LOG_DIR, HVDEF_USER, '0764'); # pid file if (!file_exists(HVDEF_PID_FILE)) file_put_contents(HVDEF_PID_FILE, ''); havp_set_file_access(HVDEF_PID_FILE, HVDEF_USER, '0664'); # freshclam config permissions if (!file_exists(HVDEF_FRESHCLAM_CONF)) file_put_contents(HVDEF_FRESHCLAM_CONF, ''); havp_set_file_access(HVDEF_FRESHCLAM_CONF, HVDEF_AVUSER, '0664'); if (!file_exists(HVDEF_AVLOG_DIR)) mwexec("mkdir -p " . HVDEF_AVLOG_DIR); # log files exists ? if (!file_exists(HVDEF_CLAM_LOG)) file_put_contents(HVDEF_CLAM_LOG, ''); if (!file_exists(HVDEF_FRESHCLAM_LOG)) file_put_contents(HVDEF_FRESHCLAM_LOG, ''); # log dir permissions havp_set_file_access(HVDEF_AVLOG_DIR, HVDEF_USER, '0777');
So, I'm trying to get HAVP to run on 2.1RC. I've identified these issues, but I'm not sure how to get them into the pkg to test them?
Can you give me some direction please?
Thanks.
-
Create a pull request for the maintainer? On that note, this thing is a plain PITA to use, I only tested the install, that's it; I personally have zero interest in using it. Been playing with this some years ago (not on pfS) and apparently it still sucks the same as always.
-
When you say "this thing", you mean clamAV or what are you talking about?
I'm looking for some sort of AV protection at the firewall level, do you have any other suggestions?
-
@avp:
When you say "this thing", you mean clamAV or what are you talking about?
HAVP + ClamAV, yes… Sloooow, buggy, breaking things, pathetic detection rate - yet plagued with tons of false positives. Use AVs on workstations and move on.
-
Lots of work stations don't even need AV. If its linux/unix/BSD, AV is basically just wasted cycles. I wonder how much extra coal is burned every year just so everything that that touches Microsoft can get scanned to protect their delicate OS?
-
While I agree that AV scanning is a waste of time in many cases, customers feel comforted by having it. I think it is like an insurance to them. I don't run any AV on my own systems. I agree in many cases it cripples the workstation. BTW, what are your recommendations for workstation scanning these days? lightweight and effective?
I feel the firewall is the ideal spot to scan for viruses. It is a choke point, one set of definitions to update, etc… I feel, even if it has a low detection rate, it is still better than nothing.
The customer may want to augment this with workstation AV software as well...
So, I think I will continue for a little while longer trying to get HAVP + clamd working on pfSense 2.1RC...
Any help, suggestions, alternative approaches or collaboration would be welcomed.
-
I suppose your choices are HAPV + clamd or dansguardian + clamav. Haven't tried HAPV because it looked like was going to maybe cause issues with my simple squid setup I run.
I was using dansguardian + clamav with all the filters except clamav turned off for a while. I made an alias group of only windows computers on the network and only those were "filtered" through dansguardian, which was only doing AV scanning and no filtering.
That works, but I eventually turned it off because I have government issue symantec corporate AV solutions that never expire on all the windows machines running on the network, so they were pretty much covered anyway.