Dansguardian freshclam issue
-
Does Dansguardian + squid (not cutting edge new and improved squid) work for you with 2.1?
-
There is a definite issue with Dans package. No one is accepting this fact. A simple VM shouldnt have this issue. Its on the very basic config
Dans at the moment is not working for me on 2.0.3 and 2.1 .. well it never worked with 2.1 .. ever.
Squid2 and Squid3 works fine on both versions.
-
Running pfsense on very compatible hardware is much better than in a VM. If you have a box you can spare…
-
So finally I got dans working on 2.1
This time I just installed Dans with no other package.. not even Squid. Got it to start after reboot. Then I installed Squid.
There is still one issue … clamd... :(
I created the missing directories and got freshclam download the signatures..
freshclam
ClamAV update process started at Sat Sep 21 23:11:58 2013
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.97.6 Recommended version: 0.98
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cvd is up to date (version: 17882, sigs: 358207, f-level: 63, builder: neo)
bytecode.cvd is up to date (version: 226, sigs: 43, f-level: 63, builder: neo)But clamd wont start...
clamd
ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: No such file or directorySo I created clamav directory in /var/run and then did a
chown -R clamav clamavNow I ran clamd again and this time it worked !!!
But the clamav directory in /var/run vanishes after a reboot. Not sure how to make it stick..
The package really needs to be fixed.
-
I had this problem one time and never figured out why it happened… interesting thing is that it hasn't happened again.
The directory is created by the code in /usr/local/pkg/dansguardian.inc. I believe the directory create logic starts at line 1146. Look and see if you have a "clamav-clamd" file in /usr/local/etc/rc.d. If not, create one using the code attached.
#!/bin/sh # # $FreeBSD: ports/security/clamav/files/clamav-clamd.in,v 1.10 2012/11/17 06:01:01 svnexp Exp $ # # PROVIDE: clamd # REQUIRE: LOGIN # BEFORE: mail # KEYWORD: shutdown # # Add the following lines to /etc/rc.conf to enable clamd: # # clamav_clamd_enable="YES" # clamav_clamd_flags="<set as="" needed="">" # # See clamd(8) for flags # . /etc/rc.subr name=clamav_clamd rcvar=clamav_clamd_enable if [ ! -d /var/run/clamav ];then /bin/mkdir /var/run/clamav;fi if [ ! -d /var/db/clamav ];then /bin/mkdir /var/db/clamav;fi if [ ! -d /var/log/clamav ];then /bin/mkdir -p /var/log/clamav;fi chown -R clamav /var/run/clamav chown -R clamav /var/db/clamav chown -R clamav /var/log/clamav command=/usr/local/sbin/clamd required_dirs=/var/db/clamav required_files=/usr/pbi/dansguardian-amd64/etc/clamd.conf # read settings, set default values load_rc_config "$name" : ${clamav_clamd_enable="YES"} : ${clamav_clamd_socket="/var/run/clamav/clamd.sock"} start_precmd=clamav_clamd_precmd #clamav .93 won't start without a valid main.c[vl]d file clamav_clamd_precmd() { if [ ! -f /var/db/clamav/main.cvd -a ! -f /var/db/clamav/main.cld ];then echo "Missing /var/db/clamav/clamav/*.cvd or *.cld files. You must run freshclam first" exit 1 fi } extra_commands="reload" reload_cmd=clamd_reload clamd_reload() { /usr/pbi/dansguardian-amd64/bin/clamdscan --reload } run_rc_command "$1"</set> -
Will have a look at it again. Right now I have switched back to 2.0.3. Next week I will shut down the 2.0.3 instance and test the 2.1 again. Such a good product but I wouldn't use it till the dans clamd issue is resolved. I just can't let someone in the family download a virus infected file and screw my entire network. Have experienced it a few times and believe me.. its frustrating.
-
Could not get Dansguardian Clamd or squid to work so I decided to try something and this works for me
havp clamav + Dansguardian + Squid-devHAVP antivirus 0.91_1 + clamav-0.97.8
Cron 0.1.7
Dansguardian 2.12.0.3
squid3-dev 3.3.8
1: Installed Havp update it,set to LAN, Enable Transparent test it to make sure it was working and blocking
make sure Havp service is running.2 Install cron
3 reboot
3 create clamav directory in /var/run and run chown -R clamav clamav
Install Dansguardian update Blacklist, set ACLs, set to LAN, Enable dansguardian
make sure dansguardian service is running.4 Install squid3-dev and missing lib, set to LAN Enable Transparent (did not enable Antivirus or c-icap)
make sure squid service is running.5 Now go to Dansguardian set Parent proxy Settings to squid save.
look in system logs you will see an error about have and squid set to Transparent
just go to have and change to parent of squid and save.Create a NAT: Port Forward rule for Dansguardian
Dansguardian squid-dev havp all working and blocking.
ERRORS: Dansguardian 2.12.0.3 pkg v.0.1.8
The only errors that I am having are the
Web upload is banned.
Using Shalla's Blacklists - shallalist.tar.gz
Category not showing up on Access has been Denied! Page I have to modify my lists, putting
#listcategory: "category" at the top of each list in /usr/pbi/dansguardian-amd64/etc/dansguardian/lists/blacklists/for example
/usr/pbi/dansguardian-amd64/etc/dansguardian/lists/blacklists/adv/domains
/usr/pbi/dansguardian-amd64/etc/dansguardian/lists/blacklists/adv/urls
and then it work the category is listed on the Access has been Denied!Do anyone have a script to automatically update the blacklists lists domains/urls with the #listcategory: "category" ?? at the top of each list.
-
I would say package inconsistency is the worst thing about Pfsense, Dansguardian is a great product; however, the package here is a true garbage and the maintainer probably knows it just refuses to admit it. Sure you can get to work but it need a lot of tweaking and most users aren't apt for it.
-
I would say package inconsistency is the worst thing about Pfsense, Dansguardian is a great product; however, the package here is a true garbage and the maintainer probably knows it just refuses to admit it. Sure you can get to work but it need a lot of tweaking and most users aren't apt for it.
I am have been saying this all along. After trying to make it work countless times I have switched back to 2.0.3 which works just perfectly. Missing 2.1 as I have been meaning to use it for a long time but I don't wanna use it without Dans-clamd. HAVP is crap and I will never use it. clamd works perfectly with Dans (if you are able to configure it .. ever)
-
Could not get Dansguardian Clamd or squid to work so I decided to try something and this works for me
havp clamav + Dansguardian + Squid-devHAVP antivirus 0.91_1 + clamav-0.97.8
Cron 0.1.7
Dansguardian 2.12.0.3
squid3-dev 3.3.8
squid3-dev is buggy.. use squid3.
On fresh clean pfSense.. install Dans first and then squid3 "after" configuring dans. I got it work by creating some directories but the directories would be deleted on every reboot. I hate to use band aid fixes so I don't want to use a script to re-create the missing directories on every reboot.
-
Finally found a workaround on this clamd issue.
I did a clean 2.1 install and just installed dans and noticed many of the freshclam clamd files missing after install. Tried to add those files but it just didn't work.
Files in /usr/local/etc and /usr/local/etc/rc.d were missing.
So I did a clean install of 2.0.3 and installed just dans and configured clamd on it. Service started and worked as before. Now I upgraded to 2.1 and let it reinstall the dans package after the upgrade. Since the upgrade does not delete previous version's package files, this time the service started up and worked without any hiccups.
After this I installed Squid3, Snort, RRD Summary. Have a good stable UTM now.
Not a clean way of configuring Dans on 2.1 but it's the only way for now till someone updates it to be compatible with v2.1
-
I had this same issue and found a solution.
I first got freshclam to run by creating /var/log/clamav and /var/db/clamav directories and using chown -R clamav clamav to change the ownership.
I noticed that /usr/local/etc/rc.d/clamav-clamd was empty. I copied the contents from /usr/pbi/dansguardian-amd64/etc/rc.d/clamav-clamd into it. I then created a new file /usr/local/etc/rc.d/clamav-freshclam and copied the contents of /usr/pbi/dansguardian-amd64/etc/rc.d/clamav-freshclam into it.
After a reboot the clamav service started and I was able to use DG to filter web traffic with clamav enabled.