Squid3-dev - c-icap - amd64 - ICAP protocol error

tfjelde · Oct 8, 2014, 6:48 PM

Hi

Is there any solution to getting clamav working together with squid3-dev on amd64
i'm currently on

2.1.5-RELEASE (amd64)
FreeBSD 8.3-RELEASE-p16
and
squid3-dev
3.3.10 pkg 2.2.6

when activating the antivirus option on squid i end up with this error when trying to access any web pages

"The following error was encountered while trying to retrieve the URL: http://www.itavisen.no/

ICAP protocol error.

The system returned: [No Error]

This means that some aspect of the ICAP communication failed.

Some possible problems are:

The ICAP server is not reachable.

An Illegal response was received from the ICAP server."

T.I.A
Thrond

webstor · Oct 15, 2014, 1:09 PM

Go to Diagnostics > edit file
Browse to /usr/local/pkg
Load squid.inc
modify these two lines:

icap_service service_req reqmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav
icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav

TO THIS:

icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav

Save file.

Then reboot. Done

_igor_ · Dec 1, 2014, 2:20 PM

I had that error too!
Second thing was that c-icap service died all time with error 11.

So looking at the c-icap.conf i found a whitespace after:

KeepAliveTimeout 600

Port 1344

Deleted the whitecaps and the suggested patch can be reverted. So the exits on Signal 11 are gone, but still ICAP-protocol-errors.
Then i changed the port to 1345 and now I don't get the ICAP-protocol-error anymore.

Only bad thing is that no virus is recognized (eicar testfile). :(

Antonio_Grande · Feb 5, 2015, 5:34 PM

@webstor:

Go to Diagnostics > edit file
Browse to /usr/local/pkg
Load squid.inc
modify these two lines:

icap_service service_req reqmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav
icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav

TO THIS:

icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav

Save file.

Then reboot. Done

This fix is disable antivirus integration.
How to fix error without bypass=1 ?!
Friends, please, help.

webstor · Feb 5, 2015, 6:14 PM

First: which Version of pfsense are you using?

marcelloc · Feb 5, 2015, 6:42 PM

@Antonio_Grande:

This fix is disable antivirus integration.
How to fix error without bypass=1 ?!

Yes, bypass disable integration.

follow instructions from other many squid3 posts

https://forum.pfsense.org/index.php?topic=77264.msg485524#msg485524

webstor · Feb 5, 2015, 6:57 PM

With V 2.2 it isn't needed anymore. I would consider an upgrade.

Antonio_Grande · Feb 6, 2015, 8:06 AM

Ok, thanks, I read it…
Error in system log (PFsense 2.1.5 x64, squid 3.3.10):

kernel: pid 85487 (c-icap), uid 9595: exited on signal 11

It is possible to fix it, or it really nonremovable error in 2.1.5 x64 in ICAP?

marcelloc · Feb 6, 2015, 1:42 PM

@Antonio_Grande:

It is possible to fix it, or it really nonremovable error in 2.1.5 x64 in ICAP?

https://forum.pfsense.org/index.php?topic=77264.msg487042#msg487042