Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dansguardian freshclam issue

    pfSense Packages
    8
    60
    26.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kejianshi
      last edited by

      Does Dansguardian + squid (not cutting edge new and improved squid) work for you with 2.1?

      1 Reply Last reply Reply Quote 0
      • A
        asterix
        last edited by

        There is a definite issue with Dans package. No one is accepting this fact. A simple VM shouldnt have this issue. Its on the very basic config

        Dans at the moment is not working for me on 2.0.3 and 2.1 .. well it never worked with 2.1 .. ever.

        Squid2 and Squid3 works fine on both versions.

        1 Reply Last reply Reply Quote 0
        • K
          kejianshi
          last edited by

          Running pfsense on very compatible hardware is much better than in a VM.  If you have a box you can spare…

          1 Reply Last reply Reply Quote 0
          • A
            asterix
            last edited by

            So finally I got dans working on 2.1

            This time I just installed Dans with no other package.. not even Squid. Got it to start after reboot. Then I installed Squid.

            There is still one issue … clamd... :(

            I created the missing directories and got freshclam download the signatures..

            freshclam
            ClamAV update process started at Sat Sep 21 23:11:58 2013
            WARNING: Your ClamAV installation is OUTDATED!
            WARNING: Local version: 0.97.6 Recommended version: 0.98
            DON'T PANIC! Read http://www.clamav.net/support/faq
            main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
            daily.cvd is up to date (version: 17882, sigs: 358207, f-level: 63, builder: neo)
            bytecode.cvd is up to date (version: 226, sigs: 43, f-level: 63, builder: neo)

            But clamd wont start...

            clamd
            ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: No such file or directory

            So I created clamav directory in /var/run and then did a
            chown -R clamav clamav

            Now I ran clamd again and this time it worked !!!

            But the clamav directory in /var/run vanishes after a reboot. Not sure how to make it stick..

            The package really needs to be fixed.

            1 Reply Last reply Reply Quote 0
            • R
              rjcrowder
              last edited by

              I had this problem one time and never figured out why it happened… interesting thing is that it hasn't happened again.

              The directory is created by the code in /usr/local/pkg/dansguardian.inc.  I believe the directory create logic starts at line 1146.  Look and see if you have a "clamav-clamd" file in /usr/local/etc/rc.d. If not, create one using the code attached.

              #!/bin/sh
              #
              # $FreeBSD: ports/security/clamav/files/clamav-clamd.in,v 1.10 2012/11/17 06:01:01 svnexp Exp $
              #
              
              # PROVIDE: clamd
              # REQUIRE: LOGIN
              # BEFORE: mail
              # KEYWORD: shutdown
              
              #
              # Add the following lines to /etc/rc.conf to enable clamd:
              #
              # clamav_clamd_enable="YES"
              # clamav_clamd_flags="<set as="" needed="">"
              #
              # See clamd(8) for flags
              #
              
              . /etc/rc.subr
              
              name=clamav_clamd
              rcvar=clamav_clamd_enable
              
              if [ ! -d /var/run/clamav ];then /bin/mkdir /var/run/clamav;fi
              if [ ! -d /var/db/clamav ];then /bin/mkdir /var/db/clamav;fi
              if [ ! -d /var/log/clamav ];then /bin/mkdir -p /var/log/clamav;fi
              chown -R clamav /var/run/clamav
              chown -R clamav /var/db/clamav
              chown -R clamav /var/log/clamav
              command=/usr/local/sbin/clamd
              required_dirs=/var/db/clamav
              required_files=/usr/pbi/dansguardian-amd64/etc/clamd.conf
              
              # read settings, set default values
              load_rc_config "$name"
              : ${clamav_clamd_enable="YES"}
              : ${clamav_clamd_socket="/var/run/clamav/clamd.sock"}
              
              start_precmd=clamav_clamd_precmd
              
              #clamav .93 won't start without a valid main.c[vl]d file
              clamav_clamd_precmd() {
              	if [ ! -f /var/db/clamav/main.cvd -a ! -f /var/db/clamav/main.cld ];then
              		echo "Missing /var/db/clamav/clamav/*.cvd or *.cld files.  You must run freshclam first"
              		exit 1
              	fi
              }
              
              extra_commands="reload"
              reload_cmd=clamd_reload
              
              clamd_reload()
              {
                /usr/pbi/dansguardian-amd64/bin/clamdscan --reload
              }
              
              run_rc_command "$1"</set> 
              
              1 Reply Last reply Reply Quote 0
              • A
                asterix
                last edited by

                Will have a look at it again. Right now I have switched back to 2.0.3. Next week I will shut down the 2.0.3 instance and test the 2.1 again. Such a good product but I wouldn't use it till the dans clamd issue is resolved. I just can't let someone in the family download a virus infected file and screw my entire network. Have experienced it a few times and believe me.. its frustrating.

                1 Reply Last reply Reply Quote 0
                • T
                  ToxIcon
                  last edited by

                  Could not get Dansguardian Clamd or squid to work so I decided to try something and this works for me
                  havp clamav + Dansguardian + Squid-dev

                  HAVP antivirus 0.91_1 + clamav-0.97.8

                  Cron 0.1.7

                  Dansguardian 2.12.0.3

                  squid3-dev 3.3.8

                  1: Installed Havp update it,set to LAN, Enable Transparent test it to make sure it was working and blocking
                    make sure Havp service is running.

                  2 Install cron

                  3 reboot

                  3 create clamav directory in /var/run and run chown -R clamav clamav
                    Install Dansguardian update Blacklist, set ACLs, set to LAN, Enable dansguardian
                    make sure dansguardian service is running.

                  4 Install squid3-dev and missing lib, set to LAN Enable Transparent (did not enable Antivirus or c-icap)
                    make sure squid service is running.

                  5 Now go to Dansguardian set Parent proxy Settings to squid save.

                  look in system logs you will see an error about have and squid set to Transparent
                  just go to have and change to parent of squid and save.

                  Create a NAT: Port Forward rule for Dansguardian

                  Dansguardian squid-dev havp all working and blocking.

                  ERRORS: Dansguardian 2.12.0.3 pkg v.0.1.8

                  The only errors that I am having are the

                  Web upload is banned.

                  Using Shalla's Blacklists - shallalist.tar.gz

                  Category not showing up on Access has been Denied! Page I have to modify my lists, putting
                  #listcategory: "category" at the top of each list in /usr/pbi/dansguardian-amd64/etc/dansguardian/lists/blacklists/

                  for example
                  /usr/pbi/dansguardian-amd64/etc/dansguardian/lists/blacklists/adv/domains
                  /usr/pbi/dansguardian-amd64/etc/dansguardian/lists/blacklists/adv/urls
                  and then it work the category is listed on the Access has been Denied!

                  Do anyone have a script to automatically update the blacklists lists domains/urls with the #listcategory: "category" ?? at the top of each list.

                  1 Reply Last reply Reply Quote 0
                  • S
                    samham
                    last edited by

                    I would say package inconsistency is the worst thing about Pfsense, Dansguardian is a great product; however, the package here is a true garbage and the maintainer probably knows it just refuses to admit it. Sure you can get to work but it need a lot of tweaking and most users aren't apt for it.

                    1 Reply Last reply Reply Quote 0
                    • A
                      asterix
                      last edited by

                      @samham:

                      I would say package inconsistency is the worst thing about Pfsense, Dansguardian is a great product; however, the package here is a true garbage and the maintainer probably knows it just refuses to admit it. Sure you can get to work but it need a lot of tweaking and most users aren't apt for it.

                      I am have been saying this all along. After trying to make it work countless times I have switched back to 2.0.3 which works just perfectly. Missing 2.1 as I have been meaning to use it for a long time but I don't wanna use it without Dans-clamd. HAVP is crap and I will never use it. clamd works perfectly with Dans (if you are able to configure it .. ever)

                      1 Reply Last reply Reply Quote 0
                      • A
                        asterix
                        last edited by

                        @ToxIcon:

                        Could not get Dansguardian Clamd or squid to work so I decided to try something and this works for me
                        havp clamav + Dansguardian + Squid-dev

                        HAVP antivirus 0.91_1 + clamav-0.97.8

                        Cron 0.1.7

                        Dansguardian 2.12.0.3

                        squid3-dev 3.3.8

                        squid3-dev is buggy.. use squid3.

                        On fresh clean pfSense.. install Dans first and then squid3 "after" configuring dans. I got it work by creating some directories but the directories would be deleted on every reboot. I hate to use band aid fixes so I don't want to use a script to re-create the missing directories on every reboot.

                        1 Reply Last reply Reply Quote 0
                        • A
                          asterix
                          last edited by

                          Finally found a workaround on this clamd issue.

                          I did a clean 2.1 install and just installed dans and noticed many of the freshclam clamd files missing after install. Tried to add those files but it just didn't work.

                          Files in /usr/local/etc and /usr/local/etc/rc.d were missing.

                          So I did a clean install of 2.0.3 and installed just dans and configured clamd on it. Service started and worked as before. Now I upgraded to 2.1 and let it reinstall the dans package after the upgrade. Since the upgrade does not delete previous version's package files, this time the service started up and worked without any hiccups.

                          After this I installed Squid3, Snort, RRD Summary. Have a good stable UTM now.

                          Not a clean way of configuring Dans on 2.1 but it's the only way for now till someone updates it to be compatible with v2.1

                          1 Reply Last reply Reply Quote 0
                          • W
                            wheelz
                            last edited by

                            I had this same issue and found a solution.

                            I first got freshclam to run by creating /var/log/clamav and /var/db/clamav directories and using chown -R clamav clamav to change the ownership.

                            I noticed that /usr/local/etc/rc.d/clamav-clamd was empty.  I copied the contents from /usr/pbi/dansguardian-amd64/etc/rc.d/clamav-clamd into it.  I then created a new file /usr/local/etc/rc.d/clamav-freshclam and copied the contents of /usr/pbi/dansguardian-amd64/etc/rc.d/clamav-freshclam into it.

                            After a reboot the clamav service started and I was able to use DG to filter web traffic with clamav enabled.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.