Dansguardian clamav and other issues fix

Guest

Thanks rjcrowder
I use my local package and blacklist repository. our admins doesn't have shell access.
have you hardcoded blacklist url?  how can i change this url and get blacklist from my repository during package installation? (checking dansguardian blacklist …)

rjcrowder

@Amirkabir:

Thanks rjcrowder
I use my local package and blacklist repository. our admins doesn't have shell access.
have you hardcoded blacklist url?  how can i change this url and get blacklist from my repository during package installation? (checking dansguardian blacklist …)

You can change the blacklist URL in the blacklist tab under dansguardian. Then change the update frequency to "download and update now" and click save.

Guest

I know…i want to change some code to update blacklist during package installation. this message appears during package installation:  checking dansguardian blacklist ...

rjcrowder

I'm not sure how the whole install flow works, but the code is in /usr/local/pkg/dansguardian.inc and the function is sync_package_dansguardian(). Then blacklist check is done by line 931 (says "fetch_blacklist(…").

ToxIcon

Dansguardian Antivirus  not blocking

installed Dansguardian created all missing dir and files

freshclam updated

clamd started

install squid

Test with eicar antimalware testfile

Dansguardian Antivirus Clamdscan not scanning or blocking

eicar antimalware testfile did not get block by

(ps -ax | grep clam, ps -ax | grep dans, ps -ax | grep squid)

$ ps -ax | grep clam
87531  ??  Is    0:16.74 clamd
96153  ??  S      0:00.00 sh -c ps -ax | grep clam 2>&1
96241  ??  S      0:00.00 grep clam

$ ps -ax | grep dans
34253  ??  S      0:00.00 sh -c ps -ax | grep dans 2>&1
34663  ??  S      0:00.00 grep dans
88079  ??  Is    0:00.22 /usr/local/sbin/dansguardian
91229  ??  I      0:00.00 /usr/local/sbin/dansguardian
91304  ??  I      0:00.00 /usr/local/sbin/dansguardian
91316  ??  I      0:00.26 /usr/local/sbin/dansguardian
91600  ??  I      0:00.05 /usr/local/sbin/dansguardian
91636  ??  I      0:00.04 /usr/local/sbin/dansguardian
91908  ??  I      0:00.06 /usr/local/sbin/dansguardian
92171  ??  I      0:00.01 /usr/local/sbin/dansguardian
92478  ??  I      0:00.02 /usr/local/sbin/dansguardian
92824  ??  I      0:00.01 /usr/local/sbin/dansguardian
93086  ??  I      0:00.01 /usr/local/sbin/dansguardian
93343  ??  I      0:00.00 /usr/local/sbin/dansguardian
93621  ??  I      0:00.00 /usr/local/sbin/dansguardian
93870  ??  I      0:00.00 /usr/local/sbin/dansguardian
94076  ??  I      0:00.00 /usr/local/sbin/dansguardian
94298  ??  I      0:00.00 /usr/local/sbin/dansguardian
94479  ??  I      0:00.00 /usr/local/sbin/dansguardian
94565  ??  I      0:00.00 /usr/local/sbin/dansguardian
94652  ??  I      0:00.00 /usr/local/sbin/dansguardian
94988  ??  I      0:00.00 /usr/local/sbin/dansguardian
95298  ??  I      0:00.00 /usr/local/sbin/dansguardian

$ ps -ax | grep squid
40576  ??  INs    0:00.00 /usr/pbi/squid-amd64/sbin/squid -f /usr/pbi/squid-amd
41318  ??  SN    0:01.36 (squid-1) -f /usr/pbi/squid-amd64/etc/squid/squid.con
64541  ??  S      0:00.00 sh -c ps -ax | grep squid 2>&1
65018  ??  S      0:00.00 grep squid

Guest

thanks rjcrowder, But it doesn't work.
I run "/usr/local/bin/php /usr/local/www/dansguardian.php fetch_blacklist" from shell .
output message is :

Content-type: text/html

my config.xml is correct:

<banned_includes>/usr/pbi/dansguardian-i386/etc/dansguardian/lists/blacklists/news/domains</banned_includes>

But dansguardian config file doesn't change and news domain can still be accessed.  :(

rjcrowder

Do you have a blacklist URL set in the UI (under the blacklists tab)? Does it work to manually retrieve the blacklist from the URL you've entered?

Guest

Yes, update works correctly.

Guest

Unfortunately, dansguardian files has been changed, but version numbers are same. i downloaded new files to my  package repository and problem solved.

rjcrowder

@Amirkabir:

Unfortunately, dansguardian files has been changed, but version numbers are same. i downloaded new files to my  package repository and problem solved.

Interesting… that is one of the things that I've noted Marcello doing occasionally. He makes minor changes and puts them out under the same version number. Or at least that's what I thought was happening...

Not good practice in my mind, but there must be some reason...

Guest

Very bad practice!