What Squid version and SquidGuard or DansGuardian?

marcelloc

@MrGlasspoole:

And what to do now?

Update virus definitions, the version alert is just a warning, not a service stop.

MrGlasspoole

I can't find a tab where i see something like update definitions…

marcelloc

@MrGlasspoole:

I can't find a tab where i see something like update definitions…

run freshclam via console/ssh

MrGlasspoole

still the same message:

getfile: Can't write 1448 bytes to /var/db/clamav/clamav-e1dc9c51263e0827cd2a0b973ba41d4e.tmp/clamav-d6889ae227e0a4134d824971de0a4a84.tmp
WARNING: Can't download main.cvd from database.clamav.net

Cino

Can your ping database.clamav.net from your box?

MrGlasspoole

Yes

PING db.other.clamav.net (193.1.193.64): 56 data bytes
64 bytes from 193.1.193.64: icmp_seq=0 ttl=51 time=35.980 ms
64 bytes from 193.1.193.64: icmp_seq=1 ttl=51 time=40.412 ms
64 bytes from 193.1.193.64: icmp_seq=2 ttl=51 time=35.124 ms

--- db.other.clamav.net ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 35.124/37.172/40.412/2.318 ms

MrGlasspoole

And now?

Cino

reinstall squid3 and see if that resolves the issue. i'm wondering if a folder wasn't created to store the av db

MrGlasspoole

That did not help.

$ freshclam
ClamAV update process started at Fri Jan 30 23:32:23 2015
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.98.5 Recommended version: 0.98.6
DON'T PANIC! Read http://www.clamav.net/support/faq
ERROR: Can't download main.cvd from database.clamav.net
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in /usr/local/etc/freshclam.conf is working.

marcelloc

Check first if there is another freshclam process running before trying to execute another one.

Look foe other squid 3 threads on 2.2.  I've posted a really step by step guide to get it working on 64bits version.

MrGlasspoole

I already saw that other threads.

Now i had this:

/var: write failed, filesystem is full
getfile: Can't write 8192 bytes to /var/db/clamav/clamav-2786ca6469a9b9aafef1622f0f0f13be.tmp/clamav-f58a45f6084309de3a81938d410d397b.tmp
WARNING: Can't download main.cvd from database.clamav.net

After i saw the FULL i disabled "Use RAM Disks" and ClamAV works now.
But the squidGuard service still does not start.

Cino

why were you using a ram disk? I can see using it if your using pfSense without any packages… Once you add packages, you need /var to not disappear

anything in the log for squidguard? Which version did you install?

/var/squid/logs/cache.log
/var/squidGuard/log

doktornotor

@Cino:

why were you using a ram disk?

Because people have no clue what they are doing.

MrGlasspoole

@Cino:

why were you using a ram disk?

RAM is faster and takes stress away from the disk.
I increased the ram disk and thought after the virus definitions are now there i can turn ram disk
on again. But when i do that clamd does not start.

@Cino:

anything in the log for squidguard? Which version did you install?

squidGuard-squid3 1.4_7 pkg v.1.9.6

squidGuard/log is empty.

Here is some stuff from squid/logs/cache.log:

Shared object "libldap-2.4.so.2" not found, required by "squidGuard"
2015/01/31 13:50:37 kid1| WARNING: redirector #Hlpr0 exited
Shared object "libldap-2.4.so.2" not found, required by "squidGuard"
2015/01/31 13:50:37 kid1| Warning: empty ACL: acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
Shared object "libldap-2.4.so.2" not found, required by "squidGuard"
Shared object "libldap-2.4.so.2" not found, required by "squidGuard"
2015/01/31 13:50:37| pinger: Initialising ICMP pinger ...
2015/01/31 13:50:37|  icmp_sock: (1) Operation not permitted
2015/01/31 13:50:37| pinger: Unable to start ICMP pinger.
2015/01/31 13:50:37|  icmp_sock: (1) Operation not permitted
2015/01/31 13:50:37| pinger: Unable to start ICMPv6 pinger.
2015/01/31 13:50:37| FATAL: pinger: Unable to open any ICMP sockets.
Shared object "libldap-2.4.so.2" not found, required by "squidGuard"
Shared object "libldap-2.4.so.2" not found, required by "squidGuard"
2015/01/31 13:50:40 kid1| Warning: empty ACL: acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
2015/01/31 13:50:40| pinger: Initialising ICMP pinger ...
2015/01/31 13:50:40|  icmp_sock: (1) Operation not permitted
2015/01/31 13:50:40| pinger: Unable to start ICMP pinger.
2015/01/31 13:50:40|  icmp_sock: (1) Operation not permitted
2015/01/31 13:50:40| pinger: Unable to start ICMPv6 pinger.
2015/01/31 13:50:40| FATAL: pinger: Unable to open any ICMP sockets.
2015/01/31 13:50:47 kid1| Warning: empty ACL: acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
2015/01/31 13:50:47| pinger: Initialising ICMP pinger ...
2015/01/31 13:50:47|  icmp_sock: (1) Operation not permitted
2015/01/31 13:50:47| pinger: Unable to start ICMP pinger.
2015/01/31 13:50:47|  icmp_sock: (1) Operation not permitted
2015/01/31 13:50:47| pinger: Unable to start ICMPv6 pinger.
2015/01/31 13:50:47| FATAL: pinger: Unable to open any ICMP sockets.
FATAL: Received Segment Violation...dying.
CPU Usage: 659.029 seconds = 69.054 user + 589.975 sys
Maximum Resident Size: 154112 KB
Page faults with physical i/o: 12
2015/01/31 14:01:45 kid1| Starting Squid Cache version 3.4.10 for amd64-portbld-freebsd10.1...
2015/01/31 14:01:45| pinger: Initialising ICMP pinger ...
2015/01/31 14:01:45|  icmp_sock: (1) Operation not permitted
2015/01/31 14:01:45| pinger: Unable to start ICMP pinger.
2015/01/31 14:01:45|  icmp_sock: (1) Operation not permitted
2015/01/31 14:01:45| pinger: Unable to start ICMPv6 pinger.
2015/01/31 14:01:45| FATAL: pinger: Unable to open any ICMP sockets.
2015/01/31 16:38:35 kid1| Starting Squid Cache version 3.4.10 for amd64-portbld-freebsd10.1...
2015/01/31 16:38:36| pinger: Initialising ICMP pinger ...
2015/01/31 16:38:36|  icmp_sock: (1) Operation not permitted
2015/01/31 16:38:36| pinger: Unable to start ICMP pinger.
2015/01/31 16:38:36|  icmp_sock: (1) Operation not permitted
2015/01/31 16:38:36| pinger: Unable to start ICMPv6 pinger.
2015/01/31 16:38:36| FATAL: pinger: Unable to open any ICMP sockets.
2015/01/31 16:10:32 kid1| Warning: empty ACL: acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
2015/01/31 16:10:32| pinger: Initialising ICMP pinger ...
2015/01/31 16:10:32|  icmp_sock: (1) Operation not permitted

doktornotor

@MrGlasspoole:

I increased the ram disk and thought after the virus definitions are now there i can turn ram disk
on again. But when i do that clamd does not start.

They are NOT there any more. Guess why.  ::) ::) ::)

Sigh. Someone make the package bail out on install when people configure similar BS.

Cino

@MrGlasspoole:

@Cino:

why were you using a ram disk?

RAM is faster and takes stress away from the disk.
I increased the ram disk and thought after the virus definitions are now there i can turn ram disk
on again. But when i do that clamd does not start.

If your going to use squid or any package that writes persistent data to /var, dont use ramdisk. It will wipe /var every time you reboot and will make the packages fail to start. You will then have to re-install the packages again every reboot…

For the other issues. If you have searched the forum; you would have found solutions.

In the Squid config page. check 'Disable ICMP' to get rid of the 'FATAL: pinger: Unable to open any ICMP sockets' errors

for squidGuard run the following commands for amd64... (make sure path /usr/pbi/squidguard-squid3-amd64 exist first)

ln -s /usr/pbi/squidguard-squid3-amd64/local/lib/libldap-2.4.so.8 /usr/local/lib/libldap-2.4.so.8
ln -s /usr/pbi/squidguard-squid3-amd64/local/lib/libldap-2.4.so.8 /lib/libldap-2.4.so.8
ln -s /usr/pbi/squidguard-squid3-amd64/local/lib/libdb-4.6.so.0 /usr/local/lib/libdb-4.6.so.0
ln -s /usr/pbi/squidguard-squid3l-amd64/local/lib/libdb-4.6.so.0 /usr/lib/libdb-4.6.so.0

After you disable ramdisk, UN-install the packages. Reboot, install the packages.. Run the links for squidguard

MrGlasspoole

A search for libldap-2.4.so.2 did return nothing.

After a squid restart and trying to start squidGuart:

FATAL: Received Segment Violation...dying.
CPU Usage: 0.163 seconds = 0.112 user + 0.052 sys
Maximum Resident Size: 101712 KB
Page faults with physical i/o: 0
2015/01/31 17:24:29 kid1| Starting Squid Cache version 3.4.10 for amd64-portbld-freebsd10.1...
2015/01/31 17:24:31 kid1| Starting Squid Cache version 3.4.10 for amd64-portbld-freebsd10.1...
2015/01/31 17:25:47 kid1| Warning: empty ACL: acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
2015/01/31 17:25:49 kid1| Warning: empty ACL: acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
2015/01/31 17:26:02 kid1| Warning: empty ACL: acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
2015/01/31 17:26:06 kid1| Warning: empty ACL: acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
FATAL: Received Segment Violation...dying.
CPU Usage: 0.250 seconds = 0.194 user + 0.057 sys
Maximum Resident Size: 103280 KB
Page faults with physical i/o: 0
2015/01/31 17:26:31 kid1| Starting Squid Cache version 3.4.10 for amd64-portbld-freebsd10.1...
2015/01/31 17:26:33 kid1| Starting Squid Cache version 3.4.10 for amd64-portbld-freebsd10.1...

But squidGuard service status is still stopped.

marcelloc

What error you get in your browser?

MrGlasspoole

Error in the browser?
I did not setup a blacklist yet cause the service is not running.
I can surf the web normally if i point the browser to wpad.mydomain.net/wpad.dat

doktornotor

It's not running because it segfaults…

FATAL: Received Segment Violation...dying.

Are you still running this from ramdisk?