[2.4.x] Squid/ClamAV: Fix for C-ICAP 0.5.x not starting

iqjet

Thanks jvelez,

I always thought that there has been something wrong with my config. c-icap didn't start anymore.
The recommended changes I made via GUI by selecting Services -> Squid -> Antivirus selecting: Enable Manual Configuration to enabled, load advanced, show advanced and editing c-icap.conf.

jwt

Please file a bug on Redmine.pfsense.org

stephenw10

https://redmine.pfsense.org/issues/8832

brynsky

Thank you all!

Just upgraded to 2.4.4 official release. Same bug popped up. Fix to c-icap.conf mentioned above did work.

ubernupe

Hello to all and especially administrators,
Thanks for this fix first of all and I hope all is well with everyone. My personal experience: I tried to follow the fix here on this page for I-cap in pfsense 2.4.4 Final. However, the only way that I got this to work ( without the file being over-written ) was to issue this command :
chflags schg /usr/local/etc/c-icap/c-icap.conf - This is equivalent to the chattr command on Linux. see this explanation here for making file immutable on FreeBsd - https://www.cyberciti.biz/tips/howto-write-protect-file-with-immutable-bit.html The other method mentioned here chmod -w and even chmod 000 ( which I researched on my own ) DID NOT WORK for me. I can confirm chflags schg /usr/local/etc/c-icap/c-icap.conf command works to keep file intact after you modify it with changes detailed above. Then i-cap works perfectly for me at least.

Thanks Again and Peace,

ubernupe

stephenw10

Because that file is generated every time from the file /usr/local/etc/c-icap/c-icap.conf.pfsense which is where you should be making that change if you're doing it that way.

Or you can enable the advanced settings i the antivirus tab and them make the changes there in the GUI where they will be kept.

Hopefully we can patch the package to fix it this soon though.

Steve

ubernupe

@stephenw10
Dear stephenw10,
Thank you so very much for your assistance with helping me to get this straightened out. I followed your instructions and modified /usr/local/etc/c-icap/c-icap.conf.pfsense as detailed above in this post and then I issued command: chflags schg /usr/local/etc/c-icap/c-icap.conf.pfsense and everything works great. Thanks one more time and

Peace and God Bless,

ubernupe

sisko212

i can confirm @jvelez solution is working, even for 2.4.4 final release.
I set it from gui as @iqjet suggested

jimp

This is fixed now in the current version of the squid package. Update the package, or remove it and install it again, and it will work without manual changes.

sisko212

hello mr. @jimp
I updated squid package right now, disabling antivirus manual configuration but it doesn't start yet.
Re-enabling manual configuration and after a "reload", i still see two separate entries for ListeAddress and Port, and i had to do same modify as @jvelez suggested on first post.
Is maybe something left dirt on my pfsense configuration ?

occamsrazor

Thanks. The update seems to work for me but only after an uninstall/reinstall, not a straight upgrade.
One thing I noticed... when I did an uninstall/reinstall with the Proxy Server > General Settings box "Keep Settings/Data" UNCHECKED, followed by reboot just in case..... all my settings still remained.

sisko212

@occamsrazor thanks.
In my case I would not rather to leave "keep setting" unchecked, because destroys my previous configuration, that is a bit complex, and would require a bit of work to be recreated.

occamsrazor

@sisko212 said in [2.4.x] Squid/ClamAV: Fix for C-ICAP 0.5.x not starting:

@occamsrazor thanks.
In my case I would not rather to leave "keep setting" unchecked, because destroys my previous configuration, that is a bit complex, and would require a bit of work to be recreated.

Sure, I hear you. My point was that at least in my case having that box unchecked did not seem to have any effect at all - all my settings remained. Which would seem to imply to me that the function of this box is not working as it is intended.

sisko212

@occamsrazor Thanks.
I tried as your suggestion, and has worked.
But after disabling "keep setting" i had to completely de-installing squid, and then reinstalling from package list. The reinstall option only, didn't work.
Perhaps with reinstall option, some wrong configuration remains somewhere.
And yes... good to know, "keep setting" works differentely how i tought :-D... squid pfsense configuration stays there and is not deleted... maybe it delete only the squid configuration, not pfsense configuration, and then, when installing, it recreates the entire squid config.

Eden

Hello all

I am also having this issues with the ICAP service not starting. I have edited then config as requested above no joy. I then decided to reinstall the package but this did not make a difference. I have now uninstall the squid package completely and reinstalled it. Still the service will not start.

jimp

@eden said in [2.4.x] Squid/ClamAV: Fix for C-ICAP 0.5.x not starting:

Hello all

I am also having this issues with the ICAP service not starting. I have edited then config as requested above no joy. I then decided to reinstall the package but this did not make a difference. I have now uninstall the squid package completely and reinstalled it. Still the service will not start.

If that is the case then your problem is not the same problem as this thread. Start a new thread with details about your configuration, any error messages from logs, etc.