Clamav e c-icap - detectar virus em páginas HTTPS.

sosmicro

Pessoal.

A detecção de vírus está funcionando perfeitamente com paginas http (usando o arquivo de teste do eicar virus test)
mas os arquivos vindos de páginas https são baixados sem problemas!!!
Existe algum meio de ativar esta detecção sem ativar o filtro ssl ? (pfsense 2.2.1 + squid3 + squidguard + proxy não transparente)

abs

marcelloc

@sosmicro:

Existe algum meio de ativar esta detecção sem ativar o filtro ssl ? (pfsense 2.2.1 + squid3 + squidguard + proxy não transparente)

Não. Só da para saber o que passa no trafego encriptado via proxy se você estiver no meio dele.

frednando

boa tarde sosmicro!

estou tentando por o Clamava funcionar! teria como descrever como foi que você fez para funcionar?

obs: meu proxy é transparente
squid3
pfsense 2.2.2 i386

marcelloc

frednando, seguiu as orientações/alertas gerados quando salva as configurações da aba antivirus?

Depois de tudo configurado, o primeiro download da definição de vírus é bem demorada.

Que erro você recebe ao habilitar o antivirus no squid3?

frednando

marcelloc

desculpe a minha ignorância quanto a conhecimento das funções do pacote squid3,
para ficar bem claro, eu terei que ir em Services > proxy server > antivirus > Clamav anti-virus integration using c-icap
Enable e marcar a caixa de diálogo, ai vou em salvar apos isso em advanced options ele aparece as informações de configuração em squidclamav.conf, c-icap.conf e c-icap.magic eu terei que editar esses arquivos ou da forma que está já estaria funcionando?

pois assim que faço isso, lí que tenho que editar o squidclamav.conf na linha redirect https://192.168.0.1/squid_clwarn.php com o ip do meu pfSense mais assim que vou em salvar da o erro da imagem, falta mais alguma configuranção? como devo proceder?
mais uma vez agradeço dela força e paciência em ajudar.

marcelloc

Os alertas indicam a correção nos próprios campos que aparecem na tela. Não precisa procurar o arquivo no filesystem, só procurar as linhas a corrigir nos campos indicados e salvar.

field é diferente de file  ;)

frednando

marcelloc

Consegui editar os arquivos retirando e adicionando o que estava informado no erro da imagem anterior, fui seguindo o tutorial http://egoncalves.com.br/pfsense/pfsense-squid3-dev-clamav-i386/ porem no momento de atualizar o antivirus com o comando freshclam aparece o erro freshclam: not found, imagem em anexo, ai ignorei e segui com o tutorial, porem no momento de fazer os testes, não consigo mais acessar nenhuma pagina da internet, aparece o erro da imagem em anexo relacionado a erro de protocolo ICAP, será que tem relação a eu não ter conseguido atualizar o banco de dados do antivirus? ou os arquivos de configuração do antivirus não estão configurados corretamente? travei na parte de atualizar o antivirus no tutorial.

agradeço pela força! fico no agurado!

marcelloc

@frednando:

marcelloc

Consegui editar os arquivos retirando e adicionando o que estava informado

Você quis dizer editar os campos na aba antivirus certo?

@frednando:

porem no momento de atualizar o antivirus com o comando freshclam aparece o erro freshclam: not found,.

execute o freshclam via console/ssh, não via inteface web.

para encontrar o binario, pode usar o comando```
find / -name freshclam

frednando

marcelloc

1- sim, quis dizer na aba antivirus
2- consegui atualizar entrando no caminho cd /usr/pbi/squid-i386/local/bin/freshclam e ./freshclam e /usr/pbi/squid-i386/bin/freshclam e ./freshclam porém tive que dar permissão nos arquivos com o comando chmod 775 freshclam

3- quando em Services > proxy server > Antivirus > Clamav anti-virus integration using c-icap está marcado enable não consigo abrir site algum. o que poderia estar ocasionando isso? segue imagem em anexo.

4 - segue configuração de squidclamav.conf tem algo que precise ser mudado para as paginas abrirem?

#-----------------------------------------------------------------------------
# SquidClamav default configuration file
#
# To know to customize your configuration file, see squidclamav manpage
# or go to http://squidclamav.darold.net/
#
#-----------------------------------------------------------------------------
#
# Global configuration
#

# Maximum size of a file that may be scanned. Any file bigger that this value
# will not be scanned.
maxsize 5000000

# When a virus is found then redirect the user to this URL
redirect https://192.168.0.1/squid_clwarn.php

# Path to the squiGuard binary if you want URL filtering, note that you'd better
# use the squid configuration directive 'url_rewrite_program' instead.
#squidguard /usr/local/squidGuard/bin/squidGuard

# Path to the clamd socket, use clamd_local if you use Unix socket or if clamd
# is listening on an Inet socket, comment clamd_local and set the clamd_ip and
# clamd_port to the corresponding value.
clamd_local /var/run/clamav/clamd.sock
#clamd_ip 192.168.0.1,127.0.0.1
#clamd_port 3310

# Set the timeout for clamd connection. Default is 1 second, this is a good
# value but if you have slow service you can increase up to 3.
timeout 1

# Force SquidClamav to log all virus detection or squiguard block redirection
# to the c-icap log file.
logredir 0

# Enable / disable DNS lookup of client ip address. Default is enabled '1' to
# preserve backward compatibility but you must desactivate this feature if you
# don't use trustclient with hostname in the regexp or if you don't have a DNS
# on your network. Disabling it will also speed up squidclamav.
dnslookup 1

# Enable / Disable Clamav Safe Browsing feature. You mus have enabled the
# corresponding behavior in clamd by enabling SafeBrowsing into freshclam.conf
# Enabling it will first make a safe browsing request to clamd and then the
# virus scan request. 
safebrowsing 0

#
# Here is some defaut regex pattern to have a high speed proxy on system
# with low resources.
#

# Do not scan images
#abort ^.*\.(ico|gif|png|jpg)$
#abortcontent ^image\/.*$

# Do not scan text files
#abort ^.*\.(css|xml|xsl|js|html|jsp)$
#abortcontent ^text\/.*$
#abortcontent ^application\/x-javascript$

# Do not scan streamed videos
#abortcontent ^video\/x-flv$
#abortcontent ^video\/mp4$

# Do not scan flash files
#abort ^.*\.swf$
#abortcontent ^application\/x-shockwave-flash$

# Do not scan sequence of framed Microsoft Media Server (MMS) data packets
#abortcontent ^.*application\/x-mms-framed.*$

# White list some sites
#whitelist .*\.clamav.net

# See also 'trustuser' and 'trustclient' configuration directives

4 - segue configuração de c-icap.conf tem algo que precise ser mudado para as paginas abrirem?

#
# This file contains the default settings for c-icap
# 
# 

# TAG: PidFile
# Format: PidFile pid_file
# Description:
#	The file to store the pid of the main process of the c-icap server.
# Default:
#	PidFile /var/run/c-icap/c-icap.pid
PidFile /var/run/c-icap/c-icap.pid

# TAG: CommandsSocket
# Format: CommandsSocket socket_file
# Description:
#	The path of file to use as control socket for c-icap
# Default:
#	CommandsSocket /var/run/c-icap/c-icap.ctl
CommandsSocket /var/run/c-icap/c-icap.ctl

# TAG: Timeout
# Format: Timeout seconds
# Description:
#	The time in seconds after which a connection without activity
#	can be cancelled.
# Default:
#	Timeout 300
Timeout 300

# TAG: MaxKeepAliveRequests
# Format: MaxKeepAliveRequests number
# Description:
#	The maximum number of requests can be served by one connection
#	Set it to -1 for no limit
# Default:
#	MaxKeepAliveRequests 100
MaxKeepAliveRequests 100

# TAG: KeepAliveTimeout
# Format: KeepAliveTimeout seconds
# Description:
#	The maximum time in seconds waiting for a new requests before a 
#	connection will be closed.
#	If the value is set to -1, there is no timeout.
# Default:
#	KeepAliveTimeout 600
KeepAliveTimeout 600  

# TAG: StartServers
# Format: StartServers number
# Description:
#	The initial number of server processes. Each server process
#	generates a number of threads, which serve the requests.
# Default:
#	StartServers 3
StartServers 3

# TAG: MaxServers
# Format: MaxServers number
# Description:
#	The maximum allowed number of server processes.
# Default:
#	MaxServers 10
MaxServers 10

# TAG: MinSpareThreads
# Format: MinSpareThreads number
# Description:
#	If the number of the available threads is less than number,
#	the c-icap server starts a new child.
# Default:
#	MinSpareThreads     10
MinSpareThreads     10

# TAG: MaxSpareThreads
# Format: MaxSpareThreads number
# Description:
#	If the number of the available threads is more than number then 
#	the c-icap server kills a child.
# Default:
#	MaxSpareThreads     20
MaxSpareThreads     20

# TAG: ThreadsPerChild
# Format:  ThreadsPerChild number
# Description:
#	The number of threads per child process.
# Default:
#	ThreadsPerChild     10
ThreadsPerChild     10

# TAG: MaxRequestsPerChild
# Format: MaxRequestsPerChild number
# Description:
#	The maximum number of requests that a child process can serve.
#	After this number has been reached, process dies. The goal of this
#	parameter is to minimize the risk of memory leaks and increase the
#	stability of c-icap. It can be disabled by setting its value to 0.
# Default:
#	MaxRequestsPerChild  0
MaxRequestsPerChild  0

# TAG: Port
# Format: Port port
# Description:
#	The port number that the c-icap server uses to listen to requests.
# Default:
#	Port 1344
Port 1344 

# TAG: User
# Format: User username
# Description:
#	The user owning c-icap's processes. By default, the owner is the
#	user who runs the program.
# Default:
#	No value
# Example:
#	User wwwrun

# TAG: Group
# Format: Group groupname
# Description:
#	The group of users owning c-icap's processes, which, by default
#	is the group of the current user.
# Default:
#	No value
# Example:
#	Group nogroup

# TAG: ServerAdmin
# Format: ServerAdmin admin_mail
# Description:
#	The Administrator of this server. Used when displaying information
#	about this server (logs, info service, etc)
# Default:
#	No value
ServerAdmin you@your.address

# TAG: ServerName
# Format: ServerName aServerName
# Description:
#	A name for this server. Used when displaying information about this
#	server (logs, info service, etc)
# Default:
#	No value
ServerName YourServerName

# TAG: TmpDir
# Format: TmpDir dir
# Description:
#	dir is the location of temporary files.
# Default:
#	TmpDir /var/tmp
TmpDir /var/tmp

# TAG: MaxMemObject
# Format: MaxMemObject bytes
# Description:
#	The maximum memory size in bytes taken by an object which
#	is processed by c-icap . If the size of an object's body is
#	larger than the maximum size a temporary file is used.
# Default:
#	MaxMemObject 131072
MaxMemObject 131072

# TAG: DebugLevel
# Format: DebugLevel level
# Description:
#	The level of debugging information to be logged.
#	The acceptable range of levels is between 0 and 10.
# Default:
#	DebugLevel 1
DebugLevel 1

# TAG: Pipelining
# Format: Pipelining on|off
# Description:
#	Enable or disable ICAP requests pipelining
# Default:
#	Pipelining on
Pipelining on

# TAG: SupportBuggyClients
# FORMAT: SupportBuggyClients on|off
# Description:
#	Try to handle requests from buggy clients, for example ICAP requests
#	missing "\r\n" sequences
# Default:
# SupportBuggyClients off
SupportBuggyClients off

# TAG: ModulesDir
# Format: ModulesDir dir
# Description:
#	The location of modules
# Default:
#	ModulesDir /usr/local/lib/c_icap
ModulesDir /usr/local/lib/c_icap

# TAG: ServicesDir
# Format: ServicesDir dir
# Description:
#	The location of services
# Default:
#	ServicesDir /usr/local/lib/c_icap
ServicesDir /usr/local/lib/c_icap

# TAG: TemplateDir
# Format: TemplateDir dir
# Description:
#	The location of the text templates used by c-icap and its services,
#	categorized by language and services/modules
# Default:
#	No value
# Example:
TemplateDir /usr/local/share/c_icap/templates/

# TAG: TemplateDefaultLanguage
# Format: TemplateDefaultLanguage lang
# Description:
#	Sets the default language to use for text templates
# Default:
#	TemplateDefaultLanguage en
TemplateDefaultLanguage en

#TemplateReloadTime 360
#TemplateCacheSize 20
#TemplateMemBufSize 8192

# TAG: LoadMagicFile
# Format: LoadMagicFile path
# Description:
#	Load a c-icap magic file. A magic file contains various 
#	data type definitions. Look inside default c-icap.magic file
#	for more informations.
#	It can be used more than once to use multiple magic files.
# Default:
#	LoadMagicFile /usr/local/etc/c-icap/c-icap.magic
LoadMagicFile /usr/local/etc/c-icap/c-icap.magic

# TAG: RemoteProxyUsers
# Format: RemoteProxyUsers onoff
# Description:
#	Set it to on if you want to use username provided by the proxy server.
#	This is the recomended way to use users in c-icap.
#	If the RemoteProxyUsers is off and c-icap configured to use users or
#	groups the internal authentication mechanism will be used.
# Default:
#	RemoteProxyUsers off
RemoteProxyUsers off

# TAG: RemoteProxyUserHeader
# Format: RemoteProxyUserHeader Header
# Description:
#	Used to specify the icap header used by the proxy server to send
#	the authenticated client username to c-icap server 
# Default:
#	RemoteProxyUserHeader X-Authenticated-User
RemoteProxyUserHeader X-Authenticated-User

# TAG: RemoteProxyUserHeaderEncoded
# Format: RemoteProxyUserHeaderEncoded onoff
# Description:
#	Set it to off if the RemoteProxyUserHeader is not base64 encoded
# Default:
#	RemoteProxyUserHeaderEncoded on
RemoteProxyUserHeaderEncoded on

# TAG: AuthMethod
# Format: AuthMethod Method Authenticator
# Description:
#	Used to define the internal authentication mechanism to use. This
#	feature is not well tested and may cause problems. It is better to use
#	RemoteProxyUser configuration.
#	Method is the authentication method to use (basic, digest, etc).
#	Currently only basic authentication method is implemented as build in
#	module
#	Authenticator currently can only be "basic_simple_db"
#	It can be considered as a user/password store and can be
#	implemented as external module. The basic_simple_db is implemented as
#	build it module
# Default:
#	No set
# Example:
#	AuthMethod basic basic_simple_db

# TAG: basic.Realm
# Format: basic.Realm ARealm
# Description:
#	Specify the basic method realm
# Default:
#	basic.Realm "Basic authentication"
# Example:
#	basic.Realm "c-icap server authentication"

# TAG: basic_simple_db.UsersDB
# Format: basic_simple_db.UsersDB LookupTable
# Description:
#	Specify the lookup table where the usernames/passwords pairs 
#	are stored. The paswords must be unencrypted
#	For more information about c-icap lookup tables read c-icap server
#	manual page
# Default:
#	No value
# Example:
#	basic_simple_db.UsersDB hash:/usr/local/c-icap/etc/c-icap-users.txt

# TAG: GroupSourceByGroup
# Format: GroupSourceByGroup LookupTable
# Description:
#	Defines a lookup table where the groups of users are stored indexed
#	by group. It can be used more than once.
#	For more information about c-icap lookup tables read c-icap server
#	manual page
# Default:
#	No set
# Example:
#	GroupSourceByGroup hash:/usr/local/c-icap/etc/c-icap-groups.txt

# TAG: GroupSourceByUser
# Format: GroupSourceByUser LookupTable
# Description:
#	Defines a lookup table where the groups of users are stored indexed 
#	by user. It can be used more than once.
#	For more information about c-icap lookup tables read c-icap server
#	manual page
# Default:
#	No set
# Example:
#	GroupSourceByUser hash:/usr/local/c-icap/etc/c-icap-user-groups.txt

# TAG: acl
# Format: acl name type[{param}] value1 [value2] [...]
# Description:
#	Supported acl types are:
#		acl aclname service service1 ...
#		     The servicename
#		acl aclname type OPTIONS|RESPMOD|REQMOD ...
#		     The icap method
#		acl aclname port port1 ...
#		     The icap server port
#		acl aclname src ip1/netmask1 ...
#		     The client ip address
#		acl aclname srvip ip1/netmask1 ...
#		     The c-icap server ip address
#		acl aclname icap_header{HeaderName} value1 ...
#		     Matches the icap header HeaderName with value1 ...
#		     The values are in regex form: /avalue/
#		acl aclname icap_resp_header{HeaderName} value1 ...
#		     The icap response header
#		     The values are in regex form: /avalue/
#		acl aclname http_req_header{HeaderName} value1 ...
#		     The http request header
#		     The values are in regex form: /avalue/
#		acl aclname http_resp_header{HeaderName} value1 ...
#		     The http response header
#		     The values are in regex form: /avalue/
#		acl aclname data_type type1 ...
#		     The data type as recognized by the internal data type
#		     recognizer. The types are defined in c-icap.magic file
#		acl aclname auth username|* ...
#		     The authenticated users. Using * instead of username means
#		     all users.
#		acl aclname group group1 ...
#		     if the user of request belongs to given groups
# Default:
#	None set
# Examples:
#	acl OPTIONS type OPTIONS
#	acl RESPMOD type RESPMOD
#	acl REQMOD  type REQMOD
#	acl ALLREQUESTS type OPTIONS RESPMOD REQMOD
#	acl XHEAD icap_header{X-Test}  /value/
#	acl ECHO service echo
#	acl localnet src 192.168.1.0/255.255.255.0
#	acl localhost src 127.0.0.1/255.255.255.255
#	acl all src 0.0.0.0/0.0.0.0

# TAG: icap_access
# Format: icap_access allow|deny [!]acl1 ...
# Description:
#	Allowing or denying ICAP access based on defined access lists
# Default:
#	None set
# Example:
#	icap_access deny XHEAD
#	#Allow OPTIONS method for all:
#	icap_access allow localnet OPTIONS
#	#Require authentication for all users from local network:
#	icap_access allow AUTH localnet
#	icap_access deny all

# TAG: client_access
# Format: client_access allow|deny acl1 [acl2] [...]
# Description:
#	Allowing or denying connections on c-icap based on
#	defined access lists. Only the acl types src, srvip and port
#	can be used.
# Default:
#	None set
# Example:
#	client_access allow all

# TAG: LogFormat 
# Format: LogFormat Name Format
# Description:
#	Name is a name for this log format.
#	Format is a string with embedded % format codes. % format codes 
#	has the following form:
#	    % [-] [width] [{argument}] formatcode
#	    if - is specified then the output is left aligned
#	    if width specified then the field is exactly width size
#	    some formatcodes support arguments given as {argument}
#	
#	Format codes:
#	       %a:  Remote IP-Address
#	       %la: Local IP Address
#	       %lp: Local port
#	       %>a: Http Client IP Address. Only supported if the proxy 
#	       	    client supports the "X-Client-IP" header
#	       %<a: http="" server="" ip="" address.="" only="" supported="" if="" the="" proxy<br="">#	       	    client supports the "X-Server-IP" header
#	       %ts: Seconds since epoch
#	       %tl: Local time. Supports optional strftime format argument
#	       %tg: GMT time. Supports optional strftime format argument
#	       %>ho: Modified Http request header. Supports header name
#	       	     as argument. If no argument given the first line returned
#	       %huo: Modified Http request url
#	       %<ho: modified="" http="" reply="" header.="" supports="" header="" name<br="">#	       	     as argument. If no argument given the first line returned
#	       %iu: Icap request url
#	       %im: Icap method
#	       %is: Icap status code
#	       %>ih: Icap request header. Supports header name
#	       	     as argument. If no argument given the first line returned
#	       %<ih: icap="" response="" header.="" supports="" header="" name<br="">#	       	     as argument. If no argument given the first line returned
#	       %Ih: Http bytes received
#	       %Oh: Http bytes sent
#	       %Ib: Http body bytes received
#	       %Ob: Http body bytes sent
#	       %I: Bytes received
#	       %O: Bytes sent
#	       %bph: The first 5 bytes of the body preview data. Non 
#	       	     printable characters printed in hex form.
#	       	     Supports the number of bytes to output as argument.
#	       %un: Username
#	       %Sl: Service log string
#              %Sa: Attribute value set by service. The attribute name must 
#                   given as argument.
# Default:
#	None set
# Example:
#	LogFormat myFormat "%tl, %a %im %iu %is %I %O %Ib %Ob %{10}bph" 

# TAG: ServerLog
# Format: ServerLog LogFile
# Description:
#	the file used by the build-in logger file_logger to 
#	store debugging information, errors and other
#	information about the c-icap server.
# Default:
#	ServerLog /var/log/c-icap/server.log
ServerLog /var/log/c-icap/server.log

# TAG: AccessLog
# Format: AccessLog LogFile [LogFormat] [[!]acl1] [[!]acl2] [...]
# Description:
#	LogFile is a file where to log access information.
#	LogFormat is the log format to use. If ommited c-icap uses:
#	 	"%tl, %la %a %im %iu %is"
#	Also acls can be used to select certain requests to be logged.
#	This directive can be used more than once to specify more than
#	one access log files
# Default:
#	AccessLog /var/log/c-icap/access.log
# Example:
#	AccessLog /var/log/c-icap/access.log MyFormat all
AccessLog /var/log/c-icap/access.log

# TAG: Logger
# Format: Logger LoggerName
# Description:
#	Specify wich logger to use. By default uses the build in "file_logger" which
#	uses files for access and server logging.
# Default:
#	Logger file_logger
# Example:
#	Logger sys_logger

# TAG: Module
# Format: Module Type ModuleFile
# Description:
#	Load an external module/plugin to c-icap.
#	ModuleFile is the filename of the module. If no full path given then c-icap
#	searche in path defined by the ModulesDir configuration parameter.
#	Type is the type of the external module and can be one of the following:
#	- "logger" for modules implement a logger
#	- "common" for general purpose modules
# Default:
#	
# Example:
#	Module logger sys_logger.so

# TAG: Service
# Format: Service aName ServiceFile
# Description:
#	It loads the service ServiceFile. The argument aName used 
#	as alias name for the service
# Default:
#	
# Example:
#	Service echo_service srv_echo.so

# TAG: ServiceAlias
# Format: ServiceAlias AliasName ServiceName[?param1=value1¶m2=value2...]
# Description:
#	Used to define an alias name for a service.
# Default:
#	
# Example:
#	ServiceAlias avscan srv_clamav?allow204=on&sizelimit=off&mode=simple

#
# TAG: General configuration parameters for all services
# Description:
#	PreviewSize: The preview data size to advertise to the icap client
#	MaxConnections: The client should not use more than MaxConnections
#		for this service.
#	TransferPreview: The list of file extensions, seperated by commas,
#		for which the client should send preview data.
#	TransferIgnore: The list of file extensions that should not be sent
#		to the icap server
#	TransferComplete: The list of file extensions that should be sent
#		in their entirety, without preview, to the icap server
#	OptionsTTL: The options ttl for the service. The "sec[s]", "min" or 
#		"hour[s]" can be used to secify that the time is in seconds
#		minutes or hours respectively. If no time-units given
#		seconds are assumed.
#	Allow206 on|off: Enable/disable advertise of 206 responses.
#
# Example:
#	echo.PreviewSize 512
#	echo.TransferIgnore gif, jpeg
#	echo.OptionsTTL 3 min

######################################################
# External modules comming with core c-icap server
#
# Module: echo
# Description:
#	Simple test service
# Example:
#	Service echo srv_echo.so
Service echo srv_echo.so
Service squid_clamav squidclamav.so
# Module: sys_logger
# Description:
#	Add support for logging access and server events to syslog server
#	Use "Module" configuration parameter to load this module and "Logger"
#	to make it default logger for the c-icap.
# Example:
#	Module logger sys_logger.so
#	Logger sys_logger

# TAG: sys_logger.Prefix
# Format: sys_logger.Prefix string
# Description:
#	 string is be presented in every syslog message.
# Default:
#	sys_logger.Prefix "C-ICAP:"

# TAG: sys_logger.Facility
# Format: sys_logger.Facility daemon|user|local1|local2|local3|local4|local5|local6|local7
# Description:
#	specifies the facility type of syslog. 
# Default:
#	sys_logger.Facility daemon

# TAG: sys_logger.access_priority
# Format: sys_logger.access_priority alert|crit|debug|emerg|err|info|notice|warning
# Description:
#	determines  the  importance  of the access log message
# Default:
#	sys_logger.access_priority info

# TAG: sys_logger.server_priority
# Format: sys_logger.server_priority alert|crit|debug|emerg|err|info|notice|warning
# Description:
#	determines  the  importance  of the server log message
# Default:
#	sys_logger.server_priority crit

# TAG: sys_logger.LogFormat
# Format: sys_logger.LogFormat LOGFORMAT
# Description:
#	The log format to use. If no log format defined then 
#	the following will be used:
#	    "%la %a %im %iu %is"
# Default:
#	None set 
# Example:
#	Logformat BasicFormat "%la %a %im %iu %is"
#	sys_logger.LogFormat BasicFormat

# TAG: sys_logger.access
# Format: sys_logger.access [!]acl1 ...
# Description:
#	Allow selecting ICAP requests to be logged using acls.
#	By default all requests will be logged.
# Default:
#	None set
# Example:
#	sys_logger.access all

# End module: sys_logger

# Module: bdb_tables
# Description:
#	Add support for Berkeley DB based lookup tables. The format for 
#	bdb path of the lookup table is:
#		bdb:/path/to/bdb
#	Use the c-icap-mkbdb utility to build Berkeley DB c-icap lookup tables
# Example:
#	Module common bdb_tables.so

# End module: bdb_tables

# Module: dnsbl_tables
# Description:
#	Add support for dns lookup tables. Can be used to access
#	dns block lists. The dnsbl lookup table path definition is:
#	    dnsbl:domainname
#	For example the lookup table  for accessing the black.uribl.com
#	dns black list is: 
#	    dnsbl:black.uribl.com
# Example:
#	Module common dnsbl_tables.so

# End module: dnsbl_tables

Mais uma vez agradeço pela ajuda! e fico no aguardo!

![Erro_antivirus_ativado.png](/public/_imported_attachments_/1/Erro_antivirus_ativado.png)
![Erro_antivirus_ativado.png_thumb](/public/_imported_attachments_/1/Erro_antivirus_ativado.png_thumb)[/s][/s]</ih:></ho:></a:>

hernanersouza

frednando

Estava tendo o mesmo problema que você, consegui solucionar deixando os parâmetros conforme abaixo:

#-----------------------------------------------------------------------------
# When a virus is found then redirect the user to this URL
redirect https://192.168.0.1/squid_clwarn.php

# Path to the squiGuard binary if you want URL filtering, note that you'd better
# use the squid configuration directive 'url_rewrite_program' instead.
#squidguard /usr/local/squidGuard/bin/squidGuard

# Path to the clamd socket, use clamd_local if you use Unix socket or if clamd
# is listening on an Inet socket, comment clamd_local and set the clamd_ip and
# clamd_port to the corresponding value.
clamd_local /var/run/clamav/clamd.sock
#clamd_ip 192.168.0.1,127.0.0.1
#clamd_port 3310

clamd_local /var/run/clamav/clamd.sock
clamd_ip 192.168.0.1,127.0.0.1
clamd_port 3310

#
# Module: dnsbl_tables
# Description:
#	Add support for dns lookup tables. Can be used to access
#	dns block lists. The dnsbl lookup table path definition is:
#	    dnsbl:domainname
#	For example the lookup table  for accessing the black.uribl.com
#	dns black list is: 
#	    dnsbl:black.uribl.com
# Example:
#	Module common dnsbl_tables.so

# End module: dnsbl_tables

Acrescente no final do arquivo:

Service squid_clamav squidclamav.so

frednando

hernanersouza

obrigado pela dica! adicionei lá as linhas informadas por você, porém ainda continua dando o erro em qualquer pagina
que tento acessar quando o antivírus está ativado!, assim não tenho nem como fazer o download do arquivo de teste
na pagina de teste do antivirus.
segue imagem do erro, alguém tem mais alguma dica? ou algum vídeo tutorial sobre a configuração do mesmo?

de já agradeço a todos pela ajuda!