Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Clamav doesn't stop download of virus signature file

    Cache/Proxy
    4
    7
    1219
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tekken4 last edited by

      I got squid proxy running and enabled clamav and successfully updated the definition files.  But when I download the virus signature file, the AC doesn't stop it. Anyone come across this issue?  It have alternative suggestions to clamav?

      1 Reply Last reply Reply Quote 0
      • P
        philled last edited by

        @tekken4:

        I got squid proxy running and enabled clamav and successfully updated the definition files.  But when I download the virus signature file, the AC doesn't stop it. Anyone come across this issue?  It have alternative suggestions to clamav?

        I'm new to pfSense (coming from Sophos UTM) and am evaluating it. I've installed the Squid package and enabled clamav and the Status / Services page shows clamd is running. However, like you, if I download the EICAR test file from http://www.eicar.org/85-0-Download.html it doesn't get blocked which is a bit scary.

        I presume this works and I need to do some extra config, though it's worrying that there was no solution offered to the OP in Jan 2017 on this. Hopefully someone can point us in the right direction?

        1 Reply Last reply Reply Quote 0
        • A
          AR15USR last edited by

          There are two protocols on that page, http files and https files. It will not filter out the https files unless you have squidguard setup as MITM. If its not stopping the http files then you have something wrong in your settings. Post up your settings for people to help you..


          2.4.5-RELEASE-p1 (amd64)

          1 Reply Last reply Reply Quote 0
          • P
            philled last edited by

            @AR15USR:

            There are two protocols on that page, http files and https files. It will not filter out the https files unless you have squidguard setup as MITM. If its not stopping the http files then you have something wrong in your settings. Post up your settings for people to help you..

            I was accessing the http link - http://www.eicar.org/download/eicar_com.zip

            Not sure which settings I should be posting as I'm new here. I've pasted some screenshots of the Squid settings:
            General settings - http://picpaste.com/Squid_General_Settings-XgoAlsa0.jpeg
            Antivirus settings - http://picpaste.com/Squid_Antivirus_Settings-Pz21iUNg.jpeg
            Squid Monitor page - http://picpaste.com/Squid_Monitor-k54jxdKZ.jpeg

            Hope that helps figure out what I've done wrong here.

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned last edited by

              Your browser clearly is not set up to use the proxy at all. Nothing at all in access log. (Also, wipe the browser cache  before re-testing. And  in general, any similar tests should be done from anonymous browser mode.)

              1 Reply Last reply Reply Quote 0
              • P
                philled last edited by

                @doktornotor:

                Your browser clearly is not set up to use the proxy at all. Nothing at all in access log. (Also, wipe the browser cache  before re-testing. And  in general, any similar tests should be done from anonymous browser mode.)

                That would be right. I haven't set up my browser to talk to Squid - I wasn't aware I had to do that. Is there a way of avoiding having to do that? Does transparent proxy force all traffic through squid without having to configure browsers etc?

                1 Reply Last reply Reply Quote 0
                • D
                  doktornotor Banned last edited by

                  Transparent proxy will filter HTTP (port 80). It can only do content filtering for HTTPS with MITM and certificate installed on all clients.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post