Dansguardian clamav and other issues fix

rjcrowder

Always works reliably for me… What I do.

1.) Install dansguardian
2.) Install Squid3.
3.) Manually create clamav-clamd and clamav-freshclam shell scripts in /usr/local/etc/rc.d
4.) Replace dansguardian executable with one form 2.12.0.6

bilbo

@rjcrowder:

Always works reliably for me… What I do.

4.) Replace dansguardian executable with one form 2.12.0.6

Whats the command for this?

rjcrowder

You can find a link on this thread http://forum.pfsense.org/index.php/topic,61811.25.html. I didn't try to do a full install of Marcello's zip file. Instead I copied the file to my local machine and pulled the dansguardian executable out of it. Then I copied the executable up to my pfsense box.

Now that I think about it, version 2.12.0.6 requires a small change to the dansguardian config file. You can accomplish the change by applying this patch to /usr/local/pkg/dansguardian.conf.template

412a413,430
> # - RJC - Some hard coded values required for 2.12.0.6
> #
> # Proxy timeout 
> # Set tcp timeout between the Proxy and DansGuardian 
> # Min 5 - Max 100
> proxytimeout = 20
> 
> # Proxy header exchange
> # Set timeout between the Proxy and DansGuardian 
> # Min 20 - Max 300
> proxyexchange = 20
> 
> # Pconn timeout
> # how long a persistent connection will wait for other requests
> # squid apparently defaults to 1 minute (persistent_request_timeout),
> # so wait slightly less than this to avoid duff pconns.
> # Min 5 - Max 300
> pcontimeout = 55

Guest

another issue is blacklists. unfortunately, dansguardian doesn't work with blacklist. when i select a banned list, config file doesn't change.

rjcrowder

@Amirkabir:

another issue is blacklists. unfortunately, dansguardian doesn't work with blacklist. when i select a banned list, config file doesn't change.

Works fine for me… can you give me any more info about your setup?

Guest

I updated dansguardian with bigblacklist.tar.gz.  i configured squid server on loopback interface and default port.
in dansguardian banned list, i select news domains and press save button. config file doesn't change. i change my proxy settings in firefox to dansguardian ip:8080.
badboys.com is blocked but all news domain (like http://beebenews.com/) can be accessed.

rjcrowder

How did you update the blacklist? Did you re-download them? Let me give you a couple of debugging ideas.

First, you'll have to force it to run "/usr/local/bin/php /usr/local/www/dansguardian.php fetch_blacklist". You can do this from the UI, but I'd just set the URL of the blacklist download in the UI and then go run it from the command line.  The package keeps an internal list of directories that you are allowed to pick from in the UI. The list is built when the above code is executed.

So…
1.) make sure you've run the fetch_blacklist code.
2.) make sure it properl updated the blacklist directories
3.) check the internal list of those directories (kept in config.xml)

Guest

Thanks rjcrowder
I use my local package and blacklist repository. our admins doesn't have shell access.
have you hardcoded blacklist url?  how can i change this url and get blacklist from my repository during package installation? (checking dansguardian blacklist …)

rjcrowder

@Amirkabir:

Thanks rjcrowder
I use my local package and blacklist repository. our admins doesn't have shell access.
have you hardcoded blacklist url?  how can i change this url and get blacklist from my repository during package installation? (checking dansguardian blacklist …)

You can change the blacklist URL in the blacklist tab under dansguardian. Then change the update frequency to "download and update now" and click save.

Guest

I know…i want to change some code to update blacklist during package installation. this message appears during package installation:  checking dansguardian blacklist ...

rjcrowder

I'm not sure how the whole install flow works, but the code is in /usr/local/pkg/dansguardian.inc and the function is sync_package_dansguardian(). Then blacklist check is done by line 931 (says "fetch_blacklist(…").

ToxIcon

Dansguardian Antivirus  not blocking

installed Dansguardian created all missing dir and files

freshclam updated

clamd started

install squid

Test with eicar antimalware testfile

Dansguardian Antivirus Clamdscan not scanning or blocking

eicar antimalware testfile did not get block by

(ps -ax | grep clam, ps -ax | grep dans, ps -ax | grep squid)

$ ps -ax | grep clam
87531  ??  Is    0:16.74 clamd
96153  ??  S      0:00.00 sh -c ps -ax | grep clam 2>&1
96241  ??  S      0:00.00 grep clam

$ ps -ax | grep dans
34253  ??  S      0:00.00 sh -c ps -ax | grep dans 2>&1
34663  ??  S      0:00.00 grep dans
88079  ??  Is    0:00.22 /usr/local/sbin/dansguardian
91229  ??  I      0:00.00 /usr/local/sbin/dansguardian
91304  ??  I      0:00.00 /usr/local/sbin/dansguardian
91316  ??  I      0:00.26 /usr/local/sbin/dansguardian
91600  ??  I      0:00.05 /usr/local/sbin/dansguardian
91636  ??  I      0:00.04 /usr/local/sbin/dansguardian
91908  ??  I      0:00.06 /usr/local/sbin/dansguardian
92171  ??  I      0:00.01 /usr/local/sbin/dansguardian
92478  ??  I      0:00.02 /usr/local/sbin/dansguardian
92824  ??  I      0:00.01 /usr/local/sbin/dansguardian
93086  ??  I      0:00.01 /usr/local/sbin/dansguardian
93343  ??  I      0:00.00 /usr/local/sbin/dansguardian
93621  ??  I      0:00.00 /usr/local/sbin/dansguardian
93870  ??  I      0:00.00 /usr/local/sbin/dansguardian
94076  ??  I      0:00.00 /usr/local/sbin/dansguardian
94298  ??  I      0:00.00 /usr/local/sbin/dansguardian
94479  ??  I      0:00.00 /usr/local/sbin/dansguardian
94565  ??  I      0:00.00 /usr/local/sbin/dansguardian
94652  ??  I      0:00.00 /usr/local/sbin/dansguardian
94988  ??  I      0:00.00 /usr/local/sbin/dansguardian
95298  ??  I      0:00.00 /usr/local/sbin/dansguardian

$ ps -ax | grep squid
40576  ??  INs    0:00.00 /usr/pbi/squid-amd64/sbin/squid -f /usr/pbi/squid-amd
41318  ??  SN    0:01.36 (squid-1) -f /usr/pbi/squid-amd64/etc/squid/squid.con
64541  ??  S      0:00.00 sh -c ps -ax | grep squid 2>&1
65018  ??  S      0:00.00 grep squid

Guest

thanks rjcrowder, But it doesn't work.
I run "/usr/local/bin/php /usr/local/www/dansguardian.php fetch_blacklist" from shell .
output message is :

Content-type: text/html

my config.xml is correct:

<banned_includes>/usr/pbi/dansguardian-i386/etc/dansguardian/lists/blacklists/news/domains</banned_includes>

But dansguardian config file doesn't change and news domain can still be accessed.  :(

rjcrowder

Do you have a blacklist URL set in the UI (under the blacklists tab)? Does it work to manually retrieve the blacklist from the URL you've entered?

Guest

Yes, update works correctly.

Guest

Unfortunately, dansguardian files has been changed, but version numbers are same. i downloaded new files to my  package repository and problem solved.

rjcrowder

@Amirkabir:

Unfortunately, dansguardian files has been changed, but version numbers are same. i downloaded new files to my  package repository and problem solved.

Interesting… that is one of the things that I've noted Marcello doing occasionally. He makes minor changes and puts them out under the same version number. Or at least that's what I thought was happening...

Not good practice in my mind, but there must be some reason...

Guest

Very bad practice!