Clamav doesn't stop download of virus signature file



  • I got squid proxy running and enabled clamav and successfully updated the definition files.  But when I download the virus signature file, the AC doesn't stop it. Anyone come across this issue?  It have alternative suggestions to clamav?



  • @tekken4:

    I got squid proxy running and enabled clamav and successfully updated the definition files.  But when I download the virus signature file, the AC doesn't stop it. Anyone come across this issue?  It have alternative suggestions to clamav?

    I'm new to pfSense (coming from Sophos UTM) and am evaluating it. I've installed the Squid package and enabled clamav and the Status / Services page shows clamd is running. However, like you, if I download the EICAR test file from http://www.eicar.org/85-0-Download.html it doesn't get blocked which is a bit scary.

    I presume this works and I need to do some extra config, though it's worrying that there was no solution offered to the OP in Jan 2017 on this. Hopefully someone can point us in the right direction?



  • There are two protocols on that page, http files and https files. It will not filter out the https files unless you have squidguard setup as MITM. If its not stopping the http files then you have something wrong in your settings. Post up your settings for people to help you..



  • @AR15USR:

    There are two protocols on that page, http files and https files. It will not filter out the https files unless you have squidguard setup as MITM. If its not stopping the http files then you have something wrong in your settings. Post up your settings for people to help you..

    I was accessing the http link - http://www.eicar.org/download/eicar_com.zip

    Not sure which settings I should be posting as I'm new here. I've pasted some screenshots of the Squid settings:
    General settings - http://picpaste.com/Squid_General_Settings-XgoAlsa0.jpeg
    Antivirus settings - http://picpaste.com/Squid_Antivirus_Settings-Pz21iUNg.jpeg
    Squid Monitor page - http://picpaste.com/Squid_Monitor-k54jxdKZ.jpeg

    Hope that helps figure out what I've done wrong here.


  • Banned

    Your browser clearly is not set up to use the proxy at all. Nothing at all in access log. (Also, wipe the browser cache  before re-testing. And  in general, any similar tests should be done from anonymous browser mode.)



  • @doktornotor:

    Your browser clearly is not set up to use the proxy at all. Nothing at all in access log. (Also, wipe the browser cache  before re-testing. And  in general, any similar tests should be done from anonymous browser mode.)

    That would be right. I haven't set up my browser to talk to Squid - I wasn't aware I had to do that. Is there a way of avoiding having to do that? Does transparent proxy force all traffic through squid without having to configure browsers etc?


  • Banned

    Transparent proxy will filter HTTP (port 80). It can only do content filtering for HTTPS with MITM and certificate installed on all clients.