ClamAV possible?

MrGlasspoole · Oct 27, 2014, 10:17 PM

I must be lucky then.. I have it working using squid3-dev 3.3.10 pkg 2.2.6 on i386…

As i wrote I'm on x64 and the folder creation and permission stuff is shown in the link and something i tried.

But i can't execute freshclam cause there is no clwarn.cgi on my system.
And as the forum searchs show - I'm not the only one with this problems.

kejianshi · Oct 27, 2014, 10:19 PM

Cino - Cool. Then its possible with squid3 as well.

At the time that I tried it I had issues with that and no particular need for squid 3 over 2.

But its good to know its possible.

kejianshi · Oct 27, 2014, 10:24 PM

You took a look at this already?

http://egoncalves.com.br/pfsense/pfsense-squid3-dev-clamav-i386/

MrGlasspoole · Oct 27, 2014, 10:28 PM

@Thats the link i was talking about and i posted above ;D

kejianshi · Oct 27, 2014, 10:32 PM

Hmmmm…

Sorry. I guess I'm not helping.
My next move might be to wipe the box and start fresh following that guide on a fresh install.

That will be a controversial suggestion.

Cino · Oct 27, 2014, 10:40 PM

freshclam only updates the virus definitions. From what I can tell, the package wasn't setup to enable this for some reason but I was able to get it run.

edit /usr/pbi/squid-i386/etc/freshclam.conf to your liking. then run this from the cmdline


/usr/pbi/squid-i386/bin/freshclam -d /usr/pbi/squid-i386/etc/freshclam.conf

Auto start on reboots, create file /usr/local/etc/rc.d/freshclam.sh with 755


#!/bin/sh
# This file was automatically generated
# by the pfSense service handler.

rc_start() {
	/usr/pbi/squid-i386/bin/freshclam -d /usr/pbi/squid-i386/etc/freshclam.conf
}

rc_stop() {
	killall freshclam
}

case $1 in
	start)
		rc_start
		;;
	stop)
		rc_stop
		;;
	restart)
		rc_stop
		rc_start
		;;
esac

I copied /usr/pbi/squid-i386/libexec/squidclamav/clwarn.cgi to /usr/local/www/clwarn.cgi

adjust squid-i386 to squid-amd64 if your running amd64

Cino · Oct 27, 2014, 10:46 PM

i haven't tried it on amd64… It could be that the binaries are compiled run if you founded http://egoncalves.com.br/pfsense/pfsense-squid3-dev-clamav-i386/ cause that how-to looks basically what I did to get it to run..

MrGlasspoole · Oct 27, 2014, 10:48 PM

@Cino, ok i will give it another try.

I'm on 2.2 Beta cause i run in Hyper-V and it looks like there is not really a stable and working Squid:
https://forum.pfsense.org/index.php?topic=82232.msg450075#msg450075

Found it cause i wanted to try Squid3 and you can't install it.

Cino · Oct 27, 2014, 10:53 PM

I was able to get squid3-dev running on 2.2 using the work around in the first post in that thread. https://forum.pfsense.org/index.php?topic=82232.msg449847#msg449847

I didn't try all the feature in squid tho, just got it to run and used it over the weekend. I'd like to move to 2.2 but not ready (no time) tweak all the packages i use

MrGlasspoole · Oct 28, 2014, 12:35 AM

No luck >:(
I did:

killall squid
cd /usr/pbi/squid-amd64/
cp -r ./local/* /usr/local/
rm -rf ./local
ln -s /usr/local ./local
sync
squid
/usr/pbi/squid-amd64/bin/freshclam -d /usr/pbi/squid-amd64/etc/freshclam.conf
cp -p /usr/pbi/squid-amd64/libexec/squidclamav/clwarn.cgi /usr/local/www/
pw useradd clamav -G wheel
pw usermod clamav -G wheel
mkdir /var/log/clamav
chmod 777 /var/log/clamav
mkdir /var/db/clamav
chmod 777 /var/db/clamav
mkdir /var/run/clamav
chmod 777 /var/run/clamav
chmod 775 /usr/local/www/clwarn.cgi
freshclam

The log is full of:

Squid_Alarm[42503]: Squid has exited. Reconfiguring filter.
Squid_Alarm[42836]: Attempting restart...
squid[47315]: Squid Parent: will start 1 kids
squid[47315]: Squid Parent: (squid-1) process 48073 started
squid[47315]: Squid Parent: (squid-1) process 48073 exited with status 1
squid[47315]: Squid Parent: (squid-1) process 49046 started
Squid_Alarm[48826]: Reconfiguring filter...
squid[47315]: Squid Parent: (squid-1) process 49046 exited with status 1
Squid_Alarm[50721]: Squid has resumed. Reconfiguring filter.
check_reload_status: Reloading filter
squid[47315]: Squid Parent: (squid-1) process 58000 started
squid[47315]: Squid Parent: (squid-1) process 58000 exited with status 1
squid[47315]: Squid Parent: (squid-1) process 58304 started
squid[47315]: Squid Parent: (squid-1) process 58304 exited with status 1
squid[47315]: Squid Parent: (squid-1) process 58620 started
squid[47315]: Squid Parent: (squid-1) process 58620 exited with status 1
squid[47315]: Squid Parent: (squid-1) process 58620 will not be restarted due to repeated, frequent failures

What is the right way to disable squid without uninstalling?
Stoping the service does not allow me to surf the web.
Sure i can write here cause the side is ssl - but i can't browse plain http
as long squid is installed.

EDIT:
Stupid me - disable transparent and i can surf

MrGlasspoole · Nov 7, 2014, 12:22 AM

Nobody some idea? :(