Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    C-ICAP Error on One Site

    Scheduled Pinned Locked Moved Cache/Proxy
    2 Posts 1 Posters 597 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mbrossar
      last edited by

      I recently implemented an SG-3100 and have added Squid (with ClamAV), SquidGuard and Suricata. It's all running great with one possible exception. Every time I try to hit https://ultrasabers.com/, I get an ICAP error. So far, it only happens on this site, but it happens consistently on this site. I turn off ClamAV and it loads fine (no surprise). I hit the site at work and it loads fine, no warnings about the site being untoward in any way.

      I have read many posts about the first line of defense is to put Squid in bypass mode by making the following modifications to squid.inc:
      modify these two lines:

      icap_service service_req reqmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav
      icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav

      TO THIS:

      icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
      icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav

      But I don't see those lines in squid.inc. In fact, I can't find them in any squid configuration file. Are these settings outdated? I also see recomendations from ClamAV:
      If you experience Squid "ICAP protocol error" (with bypass enabled) please consider increasing the c-icap following parameters: StartServers, MaxServers, MinSpareThreads, MaxSpareThreads, ThreadsPerChild. Increase also in clamd.conf parameter: MaxThreads may help.

      But I don't see any guidance on which parameters might be more impactful or how much to increase them by. Has anyone tuned these parameters that may have some input?

      1 Reply Last reply Reply Quote 0
      • M Offline
        mbrossar
        last edited by

        Anyone challenged with clamav and icap errors? I've increased the parameters recommended here. It seems to resolve the issue I'm currently seeing, but I now have each parameter at 3x their original default. I just hit another icap error and am getting ready to go to 4x, but I can't help but think clamav isn't worth running.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.