Squid ClamAV Not Reporting Virus'
-
No sure why we need FW rule it used to work before w/o it?
Tried as was suggested by @mtarbox https://www.ceos3c.com/2017/06/23/install-squid-clamav-pfsense-2-3-3/ and still no love
??!!
-
If I were to guess I'd say that Transparent Proxy Settings stopped working roughly at the time of upgrading to 2.4.1
-
I don't get the response page but it is blocked and I don't use a firewall rule.
I have squid setup with mitm and transparent.
When I check the real time tab the (clamd table) show's the eicar file is found instream
and also the C-ICAP server is showing that it generated a response page even though
none appeared.I had just assumed it was a conflict between one of the other package's I have installed.
-
I don't get the response page but it is blocked and I don't use a firewall rule.
I have squid setup with mitm .
When I check the real time tab the (clamd table) show's the eicar file is found instream
and also the C-ICAP server is showing that it generated a response page even though
none appeared.I had just assumed it was a conflict between one of the other package's I have installed.
Just updated squid to 4.42_1 and I am now getting the response page with http and https.
-
not sure if its been posted before.
found on Github. https://github.com/darold/squidclamav/issues/42
Hi Yuri,
Sorry for the response delay. I have pfsense 2.4.1 running and the virus test files are well detected.
So to clear you cache proceed as follow:
- Stop Squid service: on the "Package / Proxy Server: General Settings / General" interface uncheck "Enable Squid Proxy" checkbox and save the configuration. This will stop the service.
- Execute command: rm -rf /var/squid/cache/*, the cache is destroyed.
- Rebuild the cache space using: /usr/local/sbin/squid -z (type enter again to have the prompt). The swap space is rebuild.
- Restart the service from the Web interface by activating the "Enable Squid Proxy" checkbox and save the configuration.
Works fine, pfsense is a great product.
-
not sure if its been posted before.
found on Github. https://github.com/darold/squidclamav/issues/42
Hi Yuri,
Sorry for the response delay. I have pfsense 2.4.1 running and the virus test files are well detected.
So to clear you cache proceed as follow:
- Stop Squid service: on the "Package / Proxy Server: General Settings / General" interface uncheck "Enable Squid Proxy" checkbox and save the configuration. This will stop the service.
- Execute command: rm -rf /var/squid/cache/*, the cache is destroyed.
- Rebuild the cache space using: /usr/local/sbin/squid -z (type enter again to have the prompt). The swap space is rebuild.
- Restart the service from the Web interface by activating the "Enable Squid Proxy" checkbox and save the configuration.
Works fine, pfsense is a great product.
The only problem it did not work !!!
-
The only problem it did not work !!!
it worked for me… running 2.4.2p1
clicked on the eicar links multiple times.......
-
-
Interesting, what did you do? and it did not work before 2.4.2p1 ?
Thx
i did exact those 4 steps… all thru "command promp" webGUI page.
I originally was on 2.3.4p-something........ upgrade to 2.4.2 broke everything, so I had to fresh install, and restore the XML file.
Once the backup file was restored, I could download all the HTTP EICAR files no problem.
then followed those 4 steps, and i get the virus redirect page. (could not download the EICAR files)
http://www.eicar.org/85-0-download.html
-
Interesting, what did you do? and it did not work before 2.4.2p1 ?
Thx
i did exact those 4 steps… all thru "command promp" webGUI page.
I originally was on 2.3.4p-something........ upgrade to 2.4.2 broke everything, so I had to fresh install, and restore the XML file.
Once the backup file was restored, I could download all the HTTP EICAR files no problem.
then followed those 4 steps, and i get the virus redirect page. (could not download the EICAR files)
http://www.eicar.org/85-0-download.html
Oops you are right, works for me too now!!!
So seems like 2.4.2-RELEASE-p1 fixed it (and last time I tried on previous version).
Thanks :)
-
I'm now on pfSense:
2.4.2-RELEASE-p1
FreeBSD 11.1-RELEASE-p6Using a Mac mini and MacBook Pro both using Firefox to test the EICAR HTTP files, I completed the 4 steps, twice, and I can still download the HTTP files. I haven't configured for HTTPS yet.
Another interesting factoid…Using Debian 9 Stretch Linux with Firefox installed, I couldn't download the HTTP files but I still didn't receive the red colored virus message.