Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid3 Transparent Proxy with antivirus

    Scheduled Pinned Locked Moved Cache/Proxy
    12 Posts 7 Posters 9.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jeffhammett
      last edited by

      I installed Squid3 and configured it as a transparent proxy with antivirus enabled using c-icap.

      When I tried to browse the web on a device pages wouldn't load.

      I looked at services status and clamd was stopped. I started that and then got an error when trying to browse the web (which I failed to write down/screenshot)

      I disabled antivirus in Squid and then I was able to browse the web ok and squid is logging properly.

      When I tried to re-enable antivirus in squid I got the following error:

      Squidclamav warns redirect points to sample config domain (http://proxy.domain.dom/squid_clwarn.php)
Change redirect info on 'squidclamav.conf' field to pfsense gui or an external host.
c-icap Squidclamav service definition is no present.
Add 'Service squid_clamav squidclamav.so'(without quotes) to 'c-icap.conf' field in order to get it working.
Remove ldap configuration'Manager:Apassword@ldap.chtsanti.net?o=chtsanti?mermberUid?(&(objectClass=posixGroup)(cn=%s))' from 'c-icap.conf' field.

      Before I start manually changing config files, is this ok to do? Do I need to do anything else to configure properly?

      Edit: I went ahead and made the changes as specified and was able to save with antivirus enabled without error. But now when I browse I get the following error:

      1 Reply Last reply Reply Quote 0
      • M
        messerchmidt
        last edited by

        go to services->proxy filter (use squid dev) _> squidgaurd common acl and under target rules, put each to "allow" (tab and 3 x down arrow cliicks, then tab again)

        save and reboot squid 3 (or the whole pfsense box)

        1 Reply Last reply Reply Quote 0
        • M
          messerchmidt
          last edited by

          the c-icap antivirus should work too (it is for me)

          the havp Antivirus HTTP proxy Service is broken,

          1 Reply Last reply Reply Quote 0
          • J
            jeffhammett
            last edited by

            @messerchmidt:

            go to services->proxy filter (use squid dev) _> squidgaurd common acl and under target rules, put each to "allow" (tab and 3 x down arrow cliicks, then tab again)

            save and reboot squid 3 (or the whole pfsense box)

            I don't have Services->Proxy Filter. Only Proxy Server and Reverse Proxy. Is Proxy Filter Squidguard? I have only installed Squid3 so far.

            1 Reply Last reply Reply Quote 0
            • E
              exograpix
              last edited by

              Try to update clam antivirus manually through shell

              1 Reply Last reply Reply Quote 0
              • J
                jeffhammett
                last edited by

                @exograpix:

                Try to update clam antivirus manually through shell

                Can you provide instructions or a link or upgrading clamav through the shell? I'm afraid I don't know how to do that.

                1 Reply Last reply Reply Quote 0
                • J
                  jonesr
                  last edited by

                  https://forum.pfsense.org/index.php?topic=77264.0

                  You aren't alone. This thread provides some background but also specifically on how to update with freshclam.

                  pfSense AMD64 VGA - Assume latest version.
                  Suricata, pfBlockerNG, SquidGuard, squid3.

                  1 Reply Last reply Reply Quote 0
                  • D
                    deajan
                    last edited by

                    Hello,

                    Basically the icap service listens on IPv6 instead of IPv4.
                    Open the file /usr/local/pkg/squid.inc and edit the following lines from

                    
icap_service service_avi_req reqmod_precache icap://[::1]:1344/squid_clamav bypass=off
adaptation_access service_avi_req allow all
icap_service service_avi_resp respmod_precache icap://[::1]:1344/squid_clamav bypass=on
adaptation_access service_avi_resp allow all

                    to

                    
icap_service service_avi_req reqmod_precache icap://localhost:1344/squid_clamav bypass=off
adaptation_access service_avi_req allow all
icap_service service_avi_resp respmod_precache icap://localhost:1344/squid_clamav bypass=on
adaptation_access service_avi_resp allow all

                    Restart squid and and icap and it should work :)

                    NetPOWER.fr - some opensource stuff for IT people

                    1 Reply Last reply Reply Quote 0
                    • M
                      messerchmidt
                      last edited by

                      still wont go, get this when i try to enable it under proxy server -> antivirus

                      The following input errors were detected:

                      Squidclamav warns redirect points to sample config domain (http://proxy.domain.dom/squid_clwarn.php)
                      Change redirect info on 'squidclamav.conf' field to pfsense gui or an external host.
                      c-icap Squidclamav service definition is no present.
                      Add 'Service squid_clamav squidclamav.so'(without quotes) to 'c-icap.conf' field in order to get it working.
                      Remove ldap configuration'Manager:Apassword@ldap.chtsanti.net?o=chtsanti?mermberUid?(&(objectClass=posixGroup)(cn=%s))' from 'c-icap.conf' field.

                      1 Reply Last reply Reply Quote 0
                      • D
                        deajan
                        last edited by

                        Well that's the basic config to add, i guessed you should already have done this.
                        As it is said, modify your config files (in GUI this time):

                        Add this to the last line of c-icap.conf
                        Service squid_clamav squidclamav.so

                        in Squidclamav.conf change the redirection line to something like
                        redirect http://myinternalurl.when.virus.detected

                        and remove the stated ldap line in c-icap.conf (even if it's commented out, remove it !)

                        Regards,
                        Ozy.

                        NetPOWER.fr - some opensource stuff for IT people

                        1 Reply Last reply Reply Quote 0
                        • Z
                          zlejsyad
                          last edited by

                          I just wanna say thank you, steps above works perfect for me.

                          pfsense 2.2.4-RELEASE (amd64)
                          squid3 0.3.4

                          1 Reply Last reply Reply Quote 0
                          • ?
                            A Former User
                            last edited by

                            Finally getting to turning on squid3 antivirus and smacked right into this same problem.

                            Running on pfSense 2.2.5-DEVELOPMENT (amd64) built on Sun Nov 01, with squid3 0.4.1.1,

                            The filename to edit is different, it's now /usr/local/pkg/squid_antivirus.inc

                            But editing to change [::1] to 127.0.0.1 now works, and even though the C-ICAP access log still shows ::1, it still passes the EICAR test.

                            Much thanks for the workaround.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.