I need help - HAVP is running, but not checking

keinstein

Hi guys,

HAVP is driving me crazy. I am not able get it working. Does anybody of you see a chance to help me?

First I installed only HAVP and I thought this would be enough. Since HAVP stands for "Antivirus Proxy", I thought I do not need squid. But it simply did not work. Then I installed squid3 and somehow it started working.

But now I made a reboot and something haeppened. I am not able to get HAVP running properly. Websites are browsable, but if I download the eicar-testfile nothing happens. The antivirus proxy is simply not checking the files.

I tried all the settings, but nothing worked. I tried the "transparent" and the "parent for squid" modes, but the did not the trick. Then I uninstalled and reinstalled the packages -> with no success.

I am getting nuts. Please help me.

keinstein

Oct 20 14:44:30 	havp[16304]: Use transparent proxy mode
Oct 20 14:44:30 	havp[16304]: --- Initializing Clamd Socket Scanner
Oct 20 14:44:30 	havp[16304]: Clamd Socket Scanner passed EICAR virus test (Eicar-Test-Signature)
Oct 20 14:44:30 	havp[16304]: --- All scanners initialized
Oct 20 14:44:30 	havp[16437]: Process ID: 16437
Oct 20 14:44:45 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708
Oct 20 14:44:50 	php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2013/10/20 14:44:45| aclParseIpData: unknown netmask '0.047109690603708' in '0.57.32.80/0.047109690603708' FATAL: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708 Squid Cache (Version 3.1.22): Terminated abnormally. CPU Usage: 0.019 seconds = 0.013 user + 0.006 sys Maximum Resident Size: 6040 KB Page faults with physical i/o: 0'
Oct 20 14:44:57 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708
Oct 20 14:45:02 	php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2013/10/20 14:44:57| aclParseIpData: unknown netmask '0.047109690603708' in '0.57.32.80/0.047109690603708' FATAL: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708 Squid Cache (Version 3.1.22): Terminated abnormally. CPU Usage: 0.020 seconds = 0.013 user + 0.007 sys Maximum Resident Size: 6272 KB Page faults with physical i/o: 0'
Oct 20 14:45:04 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708
Oct 20 14:45:15 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708
Oct 20 14:45:20 	php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2013/10/20 14:45:15| aclParseIpData: unknown netmask '0.047109690603708' in '0.57.32.80/0.047109690603708' FATAL: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708 Squid Cache (Version 3.1.22): Terminated abnormally. CPU Usage: 0.019 seconds = 0.013 user + 0.006 sys Maximum Resident Size: 6124 KB Page faults with physical i/o: 0'
Oct 20 14:45:22 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708
Oct 20 14:49:22 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708
Oct 20 14:49:27 	php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2013/10/20 14:49:22| aclParseIpData: unknown netmask '0.047109690603708' in '0.57.32.80/0.047109690603708' FATAL: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708 Squid Cache (Version 3.1.22): Terminated abnormally. CPU Usage: 0.019 seconds = 0.019 user + 0.000 sys Maximum Resident Size: 5468 KB Page faults with physical i/o: 0'
Oct 20 14:49:29 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708
Oct 20 14:50:06 	php: /pkg_edit.php: Starting Squid
Oct 20 14:50:06 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708
Oct 20 14:50:06 	php: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '1', the output was '2013/10/20 14:50:06| aclParseIpData: unknown netmask '0.047109690603708' in '0.57.32.80/0.047109690603708' FATAL: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708 Squid Cache (Version 3.1.22): Terminated abnormally. CPU Usage: 0.023 seconds = 0.023 user + 0.000 sys Maximum Resident Size: 5540 KB Page faults with physical i/o: 0'
Oct 20 14:50:16 	check_reload_status: Reloading filter
Oct 20 14:50:20 	check_reload_status: Syncing firewall
Oct 20 14:50:22 	php: rc.filter_configure_sync: Havp: Squid is already configured as transparent proxy. Use 'Standard' proxy mode.
Oct 20 14:50:22 	php: rc.filter_configure_sync: SQUID is installed but not started. Not installing "nat" rules.
Oct 20 14:50:22 	php: rc.filter_configure_sync: Adding TFTP nat rules
Oct 20 14:50:22 	php: rc.filter_configure_sync: Havp: Squid is already configured as transparent proxy. Use 'Standard' proxy mode.
Oct 20 14:50:23 	php: rc.filter_configure_sync: SQUID is installed but not started. Not installing "pfearly" rules.
Oct 20 14:50:23 	php: rc.filter_configure_sync: Havp: Squid is already configured as transparent proxy. Use 'Standard' proxy mode.
Oct 20 14:50:23 	php: rc.filter_configure_sync: SQUID is installed but not started. Not installing "filter" rules.
Oct 20 14:50:23 	php: /pkg_edit.php: Starting Squid
Oct 20 14:50:23 	squid[41282]: Squid Parent: child process 41427 started
Oct 20 14:50:27 	php: rc.filter_configure_sync: Havp: Squid is already configured as transparent proxy. Use 'Standard' proxy mode.
Oct 20 14:50:27 	php: rc.filter_configure_sync: Adding TFTP nat rules
Oct 20 14:50:27 	php: rc.filter_configure_sync: Havp: Squid is already configured as transparent proxy. Use 'Standard' proxy mode.
Oct 20 14:50:27 	php: rc.filter_configure_sync: Havp: Squid is already configured as transparent proxy. Use 'Standard' proxy mode.
Oct 20 14:54:20 	squid[41282]: Squid Parent: child process 41427 exited with status 0
Oct 20 14:54:21 	php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was ''
Oct 20 14:54:23 	squid[5530]: Squid Parent: child process 5785 started
Oct 20 15:03:14 	check_reload_status: Syncing firewall
Oct 20 15:03:16 	php: /pkg_edit.php: Starting HAVP
Oct 20 15:03:20 	php: /pkg_edit.php: Reloading Squid for configuration sync
Oct 20 15:03:20 	havp[43620]: === Starting HAVP Version: 0.91
Oct 20 15:03:20 	havp[43620]: === Mandatory locking disabled! KEEPBACK settings not used!
Oct 20 15:03:20 	havp[43620]: Running as user: havp, group: havp
Oct 20 15:03:20 	havp[43620]: --- Initializing Clamd Socket Scanner
Oct 20 15:03:20 	havp[43620]: Clamd Socket Scanner passed EICAR virus test (Eicar-Test-Signature)
Oct 20 15:03:20 	havp[43620]: --- All scanners initialized
Oct 20 15:03:20 	havp[43950]: Process ID: 43950
Oct 20 15:03:21 	check_reload_status: Reloading filter
Oct 20 15:03:26 	php: rc.filter_configure_sync: Adding TFTP nat rules
Oct 20 15:03:33 	php: rc.filter_configure_sync: Adding TFTP nat rules
```![todel_pf_1_services.JPG](/public/_imported_attachments_/1/todel_pf_1_services.JPG)
![todel_pf_1_services.JPG_thumb](/public/_imported_attachments_/1/todel_pf_1_services.JPG_thumb)
![todel_pf_2_havp.JPG](/public/_imported_attachments_/1/todel_pf_2_havp.JPG)
![todel_pf_2_havp.JPG_thumb](/public/_imported_attachments_/1/todel_pf_2_havp.JPG_thumb)
![todel_pf_3_squid.JPG](/public/_imported_attachments_/1/todel_pf_3_squid.JPG)
![todel_pf_3_squid.JPG_thumb](/public/_imported_attachments_/1/todel_pf_3_squid.JPG_thumb)

keinstein

two other screenshots..

keinstein

Hi,

as I said, I am getting nuts. Now, after a while, it seems to be working and I do not know why. After maybe 15 minutes it suddenly started checking the files.

Can anybody check my settings in the screenshots? Did I configure the package correctly?

keinstein

keinstein

Hi guys. I do not know, if anybody is out there.

Anyway, I made a reboot and HAVP stopped working.

This is what I found in the syslog:

Oct 20 21:15:44 havp[34823]: === Mandatory locking disabled! KEEPBACK settings not used! 
Oct 20 21:15:44 havp[34823]: Running as user: havp, group: havp 
Oct 20 21:15:44 havp[34823]: --- Initializing Clamd Socket Scanner 
Oct 20 21:15:56 clamd[45503]: Can't open file or directory 
Oct 20 21:15:58 havp[49172]: === Starting HAVP Version: 0.91 
Oct 20 21:15:58 havp[49172]: === Mandatory locking disabled! KEEPBACK settings not used! 
Oct 20 21:15:58 havp[49172]: Running as user: havp, group: havp 
Oct 20 21:15:58 havp[49172]: --- Initializing Clamd Socket Scanner 

and

Oct 20 21:46:13 	php: /index.php: Successful login for user 'admin' from: 192.168.222.22
Oct 20 21:46:34 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.121.65.51/0.20866550354197
Oct 20 21:46:39 	php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2013/10/20 21:46:34| aclParseIpData: unknown netmask '0.20866550354197' in '0.121.65.51/0.20866550354197' FATAL: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.121.65.51/0.20866550354197 Squid Cache (Version 3.1.22): Terminated abnormally. CPU Usage: 0.019 seconds = 0.013 user + 0.006 sys Maximum Resident Size: 6080 KB Page faults with physical i/o: 0'
Oct 20 21:46:42 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.121.65.51/0.20866550354197

firefox

I have the same problem
I get the same message
You can scan files through a graphical interface

Here is my message

http://forum.pfsense.org/index.php/topic,67949.0.html

I searched the forum and I got another message
Where someone specifies what action he did and fix the problem

http://forum.pfsense.org/index.php/topic,58254.msg311939.html#msg311939

I have not tried because I do not know it will fit

dvserg

2  keinstein
You can't use 2 proxies at the same time as transpared.
You must cascade it.
For example use HAVP option Proxy mode = Paren for Squid.

keinstein

@dversg: well, that makes sense.

@rest: I found a solutition: I am sorry, but pfsense had its chance. Maybe it has been my fault, but in the end i spent too much time in this. I was even that far to buy an commercial product. Finally I tried ipfire and I am surprised how easy it was to install and activate the squidproxy. I think pfsense is a very good piece of software, but in my case it did not work.