Clamav doesn't stop download of virus signature file
-
I got squid proxy running and enabled clamav and successfully updated the definition files. But when I download the virus signature file, the AC doesn't stop it. Anyone come across this issue? It have alternative suggestions to clamav?
-
I got squid proxy running and enabled clamav and successfully updated the definition files. But when I download the virus signature file, the AC doesn't stop it. Anyone come across this issue? It have alternative suggestions to clamav?
I'm new to pfSense (coming from Sophos UTM) and am evaluating it. I've installed the Squid package and enabled clamav and the Status / Services page shows clamd is running. However, like you, if I download the EICAR test file from http://www.eicar.org/85-0-Download.html it doesn't get blocked which is a bit scary.
I presume this works and I need to do some extra config, though it's worrying that there was no solution offered to the OP in Jan 2017 on this. Hopefully someone can point us in the right direction?
-
There are two protocols on that page, http files and https files. It will not filter out the https files unless you have squidguard setup as MITM. If its not stopping the http files then you have something wrong in your settings. Post up your settings for people to help you..
-
There are two protocols on that page, http files and https files. It will not filter out the https files unless you have squidguard setup as MITM. If its not stopping the http files then you have something wrong in your settings. Post up your settings for people to help you..
I was accessing the http link - http://www.eicar.org/download/eicar_com.zip
Not sure which settings I should be posting as I'm new here. I've pasted some screenshots of the Squid settings:
General settings - http://picpaste.com/Squid_General_Settings-XgoAlsa0.jpeg
Antivirus settings - http://picpaste.com/Squid_Antivirus_Settings-Pz21iUNg.jpeg
Squid Monitor page - http://picpaste.com/Squid_Monitor-k54jxdKZ.jpegHope that helps figure out what I've done wrong here.
-
Your browser clearly is not set up to use the proxy at all. Nothing at all in access log. (Also, wipe the browser cache before re-testing. And in general, any similar tests should be done from anonymous browser mode.)
-
Your browser clearly is not set up to use the proxy at all. Nothing at all in access log. (Also, wipe the browser cache before re-testing. And in general, any similar tests should be done from anonymous browser mode.)
That would be right. I haven't set up my browser to talk to Squid - I wasn't aware I had to do that. Is there a way of avoiding having to do that? Does transparent proxy force all traffic through squid without having to configure browsers etc?
-
Transparent proxy will filter HTTP (port 80). It can only do content filtering for HTTPS with MITM and certificate installed on all clients.