Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    I need help - HAVP is running, but not checking

    Scheduled Pinned Locked Moved pfSense Packages
    7 Posts 3 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      keinstein
      last edited by

      Hi guys,

      HAVP is driving me crazy. I am not able get it working. Does anybody of you see a chance to help me?

      First I installed only HAVP and I thought this would be enough. Since HAVP stands for "Antivirus Proxy", I thought I do not need squid. But it simply did not work. Then I installed squid3 and somehow it started working.

      But now I made a reboot and something haeppened. I am not able to get HAVP running properly. Websites are browsable, but if I download the eicar-testfile nothing happens. The antivirus proxy is simply not checking the files.

      I tried all the settings, but nothing worked. I tried the "transparent" and the "parent for squid" modes, but the did not the trick. Then I uninstalled and reinstalled the packages -> with no success.

      I am getting nuts. Please help me.

      keinstein

      Oct 20 14:44:30 	havp[16304]: Use transparent proxy mode
Oct 20 14:44:30 	havp[16304]: --- Initializing Clamd Socket Scanner
Oct 20 14:44:30 	havp[16304]: Clamd Socket Scanner passed EICAR virus test (Eicar-Test-Signature)
Oct 20 14:44:30 	havp[16304]: --- All scanners initialized
Oct 20 14:44:30 	havp[16437]: Process ID: 16437
Oct 20 14:44:45 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708
Oct 20 14:44:50 	php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2013/10/20 14:44:45| aclParseIpData: unknown netmask '0.047109690603708' in '0.57.32.80/0.047109690603708' FATAL: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708 Squid Cache (Version 3.1.22): Terminated abnormally. CPU Usage: 0.019 seconds = 0.013 user + 0.006 sys Maximum Resident Size: 6040 KB Page faults with physical i/o: 0'
Oct 20 14:44:57 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708
Oct 20 14:45:02 	php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2013/10/20 14:44:57| aclParseIpData: unknown netmask '0.047109690603708' in '0.57.32.80/0.047109690603708' FATAL: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708 Squid Cache (Version 3.1.22): Terminated abnormally. CPU Usage: 0.020 seconds = 0.013 user + 0.007 sys Maximum Resident Size: 6272 KB Page faults with physical i/o: 0'
Oct 20 14:45:04 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708
Oct 20 14:45:15 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708
Oct 20 14:45:20 	php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2013/10/20 14:45:15| aclParseIpData: unknown netmask '0.047109690603708' in '0.57.32.80/0.047109690603708' FATAL: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708 Squid Cache (Version 3.1.22): Terminated abnormally. CPU Usage: 0.019 seconds = 0.013 user + 0.006 sys Maximum Resident Size: 6124 KB Page faults with physical i/o: 0'
Oct 20 14:45:22 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708
Oct 20 14:49:22 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708
Oct 20 14:49:27 	php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2013/10/20 14:49:22| aclParseIpData: unknown netmask '0.047109690603708' in '0.57.32.80/0.047109690603708' FATAL: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708 Squid Cache (Version 3.1.22): Terminated abnormally. CPU Usage: 0.019 seconds = 0.019 user + 0.000 sys Maximum Resident Size: 5468 KB Page faults with physical i/o: 0'
Oct 20 14:49:29 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708
Oct 20 14:50:06 	php: /pkg_edit.php: Starting Squid
Oct 20 14:50:06 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708
Oct 20 14:50:06 	php: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '1', the output was '2013/10/20 14:50:06| aclParseIpData: unknown netmask '0.047109690603708' in '0.57.32.80/0.047109690603708' FATAL: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708 Squid Cache (Version 3.1.22): Terminated abnormally. CPU Usage: 0.023 seconds = 0.023 user + 0.000 sys Maximum Resident Size: 5540 KB Page faults with physical i/o: 0'
Oct 20 14:50:16 	check_reload_status: Reloading filter
Oct 20 14:50:20 	check_reload_status: Syncing firewall
Oct 20 14:50:22 	php: rc.filter_configure_sync: Havp: Squid is already configured as transparent proxy. Use 'Standard' proxy mode.
Oct 20 14:50:22 	php: rc.filter_configure_sync: SQUID is installed but not started. Not installing "nat" rules.
Oct 20 14:50:22 	php: rc.filter_configure_sync: Adding TFTP nat rules
Oct 20 14:50:22 	php: rc.filter_configure_sync: Havp: Squid is already configured as transparent proxy. Use 'Standard' proxy mode.
Oct 20 14:50:23 	php: rc.filter_configure_sync: SQUID is installed but not started. Not installing "pfearly" rules.
Oct 20 14:50:23 	php: rc.filter_configure_sync: Havp: Squid is already configured as transparent proxy. Use 'Standard' proxy mode.
Oct 20 14:50:23 	php: rc.filter_configure_sync: SQUID is installed but not started. Not installing "filter" rules.
Oct 20 14:50:23 	php: /pkg_edit.php: Starting Squid
Oct 20 14:50:23 	squid[41282]: Squid Parent: child process 41427 started
Oct 20 14:50:27 	php: rc.filter_configure_sync: Havp: Squid is already configured as transparent proxy. Use 'Standard' proxy mode.
Oct 20 14:50:27 	php: rc.filter_configure_sync: Adding TFTP nat rules
Oct 20 14:50:27 	php: rc.filter_configure_sync: Havp: Squid is already configured as transparent proxy. Use 'Standard' proxy mode.
Oct 20 14:50:27 	php: rc.filter_configure_sync: Havp: Squid is already configured as transparent proxy. Use 'Standard' proxy mode.
Oct 20 14:54:20 	squid[41282]: Squid Parent: child process 41427 exited with status 0
Oct 20 14:54:21 	php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was ''
Oct 20 14:54:23 	squid[5530]: Squid Parent: child process 5785 started
Oct 20 15:03:14 	check_reload_status: Syncing firewall
Oct 20 15:03:16 	php: /pkg_edit.php: Starting HAVP
Oct 20 15:03:20 	php: /pkg_edit.php: Reloading Squid for configuration sync
Oct 20 15:03:20 	havp[43620]: === Starting HAVP Version: 0.91
Oct 20 15:03:20 	havp[43620]: === Mandatory locking disabled! KEEPBACK settings not used!
Oct 20 15:03:20 	havp[43620]: Running as user: havp, group: havp
Oct 20 15:03:20 	havp[43620]: --- Initializing Clamd Socket Scanner
Oct 20 15:03:20 	havp[43620]: Clamd Socket Scanner passed EICAR virus test (Eicar-Test-Signature)
Oct 20 15:03:20 	havp[43620]: --- All scanners initialized
Oct 20 15:03:20 	havp[43950]: Process ID: 43950
Oct 20 15:03:21 	check_reload_status: Reloading filter
Oct 20 15:03:26 	php: rc.filter_configure_sync: Adding TFTP nat rules
Oct 20 15:03:33 	php: rc.filter_configure_sync: Adding TFTP nat rules
```![todel_pf_1_services.JPG](/public/_imported_attachments_/1/todel_pf_1_services.JPG)
![todel_pf_1_services.JPG_thumb](/public/_imported_attachments_/1/todel_pf_1_services.JPG_thumb)
![todel_pf_2_havp.JPG](/public/_imported_attachments_/1/todel_pf_2_havp.JPG)
![todel_pf_2_havp.JPG_thumb](/public/_imported_attachments_/1/todel_pf_2_havp.JPG_thumb)
![todel_pf_3_squid.JPG](/public/_imported_attachments_/1/todel_pf_3_squid.JPG)
![todel_pf_3_squid.JPG_thumb](/public/_imported_attachments_/1/todel_pf_3_squid.JPG_thumb)
      1 Reply Last reply Reply Quote 0
      • K
        keinstein
        last edited by

        two other screenshots..

        todel_pf_4_squid.JPG
        todel_pf_4_squid.JPG_thumb
        todel_pf_5_havp.JPG
        todel_pf_5_havp.JPG_thumb

        1 Reply Last reply Reply Quote 0
        • K
          keinstein
          last edited by

          Hi,

          as I said, I am getting nuts. Now, after a while, it seems to be working and I do not know why. After maybe 15 minutes it suddenly started checking the files.

          Can anybody check my settings in the screenshots? Did I configure the package correctly?

          keinstein

          1 Reply Last reply Reply Quote 0
          • K
            keinstein
            last edited by

            Hi guys. I do not know, if anybody is out there.

            Anyway, I made a reboot and HAVP stopped working.

            This is what I found in the syslog:

            
Oct 20 21:15:44 havp[34823]: === Mandatory locking disabled! KEEPBACK settings not used! 
Oct 20 21:15:44 havp[34823]: Running as user: havp, group: havp 
Oct 20 21:15:44 havp[34823]: --- Initializing Clamd Socket Scanner 
Oct 20 21:15:56 clamd[45503]: Can't open file or directory 
Oct 20 21:15:58 havp[49172]: === Starting HAVP Version: 0.91 
Oct 20 21:15:58 havp[49172]: === Mandatory locking disabled! KEEPBACK settings not used! 
Oct 20 21:15:58 havp[49172]: Running as user: havp, group: havp 
Oct 20 21:15:58 havp[49172]: --- Initializing Clamd Socket Scanner

            and

            Oct 20 21:46:13 	php: /index.php: Successful login for user 'admin' from: 192.168.222.22
Oct 20 21:46:34 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.121.65.51/0.20866550354197
Oct 20 21:46:39 	php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2013/10/20 21:46:34| aclParseIpData: unknown netmask '0.20866550354197' in '0.121.65.51/0.20866550354197' FATAL: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.121.65.51/0.20866550354197 Squid Cache (Version 3.1.22): Terminated abnormally. CPU Usage: 0.019 seconds = 0.013 user + 0.006 sys Maximum Resident Size: 6080 KB Page faults with physical i/o: 0'
Oct 20 21:46:42 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.121.65.51/0.20866550354197
            1 Reply Last reply Reply Quote 0
            • F
              firefox
              last edited by

              I have the same problem
              I get the same message
              You can scan files through a graphical interface

              Here is my message

              http://forum.pfsense.org/index.php/topic,67949.0.html

              I searched the forum and I got another message
              Where someone specifies what action he did and fix the problem

              http://forum.pfsense.org/index.php/topic,58254.msg311939.html#msg311939

              I have not tried because I do not know it will fit

              1 Reply Last reply Reply Quote 0
              • D
                dvserg
                last edited by

                2  keinstein
                You can't use 2 proxies at the same time as transpared.
                You must cascade it.
                For example use HAVP option Proxy mode = Paren for Squid.

                SquidGuardDoc EN  RU Tutorial
                Localization ru_PFSense

                1 Reply Last reply Reply Quote 0
                • K
                  keinstein
                  last edited by

                  @dversg: well, that makes sense.

                  @rest: I found a solutition: I am sorry, but pfsense had its chance. Maybe it has been my fault, but in the end i spent too much time in this. I was even that far to buy an commercial product. Finally I tried ipfire and I am surprised how easy it was to install and activate the squidproxy. I think pfsense is a very good piece of software, but in my case it did not work.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.