HAVP



  • How to install HAVP and CLAMAV on pfsense ,please instruct step by step!

    10x



  • @techmania:

    How to install HAVP and CLAMAV on pfsense ,please instruct step by step!

    10x

    For 1.2.2/FreeBSD 7.1
    1 pkg_add -r http://mirrors.linux.edu.lv/ftp.freebsd.org/ports/i386/packages-7.1-release/www/havp-0.88_1.tbz
    2 download HAVP xml/inc from http://www.diskatel.narod.ru/pfSense/ and put to /usr/local/pkg (via winscp3)
    3 exec gui http://you_pfsense/pkg_edit.php?xml=havp.xml&id=0

    ps GUI not addable to menu - use only (3) URL OR add manually to /cf/conf/config.xml -> <installed_packages>'menu' item

    
    <menu>
    			<name>Proxy HAVP</name>
    			Services
    			<url>/pkg_edit.php?xml=HAVP.xml&id=0</url>
    		</menu>
    
    

    and Del /tmp/config.cache file.</installed_packages>



  • 10x so a lot



  • dvserg why don't you put this in pfSense packages?



  • Why not turn this into a package?



  • Ok. I wiil prepare package & check ports for FreeBSD 7/7.1



  • I had to change the url line from

    <menu>
    <name>Proxy HAVP</name>
    Services
    <url>/pkg_edit.php?xml=HAVP.xml&id=0</url>
    </menu>

    to

    <menu>
    <name>Proxy HAVP</name>
    Services
    <url>/pkg_edit.php?xml=havp.xml&id=0</url>
    </menu>

    When I wget them from your link it took them in lower case

    Mishou



  • yes - need lower case



  • dvserg did you turn HAVP and CLAMAV into a pfSense packages?



  • @ToxIcon:

    dvserg did you turn HAVP and CLAMAV into a pfSense packages?

    I work with this. I test for 1.2.2/freeBSD 7.1
    I need small time for all tests



  • HAVP - HTTP Antivirus package added to packages list.
    Pls test.



  • How do you setup HAVP in transparent proxy mode? And correct me if i'm wrong, transparent proxy mode means I dont have to set the proxy settings in each client pc..

    thanks,

    Cino



  • Does HAVP work with squid? I found http://www.server-side.de/ideas.htm but does this apply to pfsense also?



  • @Cino:

    How do you setup HAVP in transparent proxy mode? And correct me if i'm wrong, transparent proxy mode means I dont have to set the proxy settings in each client pc..

    thanks,
    Cino

    Transparent proxy option now not ready. Will be in near time.



  • @n1ko:

    Does HAVP work with squid? I found http://www.server-side.de/ideas.htm but does this apply to pfsense also?

    Havp will be work with squid. But before need test current variant havp.



  • This is absolutly great! When migrating to pfsense and removing our old proxy server that had havp+squid+squidguard i really missed the virus checking function that havp offered. Please continue working and add support for squid in transparent mode! Thank you for all the great work!



  • Update havp test - xml & inc in ZIP archive:
    http://diskatel.narod.ru/pfSense/packages/havp/havp.zip

    Changes:

    • proxy mode are : standard, parent for squid, transparent, internal
    • multiinterface
    • work with user-defined rdr(mapping) from gui
    • optimised RAM temp options

    Store you old inc and xml from havp GUI
    Download, unpack and copy to /usr/local/pkg
    Check config HAVP from gui and Save.

    –---------------------
    Also new version with file AV-scanner. Possible, for example, scan Squid cache.
    http://diskatel.narod.ru/pfSense/packages/havp/havpnew.zip

    If errors or any other issues  - pls post here.

    NOTE: This 'test only' version, not use for work systems.



  • The file scanner seems to work, but I get this error in system log: php: : havp: Havp is installed but not started. Filter rules not created.

    Squid=Transparent
    Havp proxy mode=transparent
    Havp proxy port=3129
    ram disk enabled

    Squid custom options=redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3

    I did have cache peer 127.0.0.1 3129 0…etc etc...but now that disappeared also...but either way..I got:Havp is installed but not started. Filter rules not created.



  • Havp now updated as 'HAVP antivirus'
    Please delete previous package and install new.
    Changes: transparent proxy, parent for squid (autoconfigure), filter RDR rules, local files scanner, use clamd daemon (more quickly HAVP start, memory economy mode) - previous version used libclam.



  • Thanks dvserg for put the time and giving us Havp

    unfortunility I have a question can squid and Havp work together in transparent mode because i get this

    php: : Havp: Squid is already configured as transparent proxy. Use 'Standard' proxy mode

    I also try testing Havp  by using http://www.eicar.org/anti_virus_test_file.htm

    and it did not stop the http or https files download my desktop av popup on all files

    and their is nothing in the log files



  • I tested HAVP transparent mode - and have some problem (i have bridged ifaces).
    This options declared but not worked ( rdr rule ).
    I hope in future to solve this problem.   :-\

    About squid - i success use squid(non transparent) > havp > inet on my system. Before only need check saquid cache (must use 'File scan').



  • How to configure HAVP to use it with transparent SQUID?
    Or should I disable transparent in SQUID?



  • @kongar:

    How to configure HAVP to use it with transparent SQUID?
    Or should I disable transparent in SQUID?

    Setup HAVP as 'ParentForSquid' mode
    Setup Squid as Transparent



  • I did just like this, but eicar code didn't blocked (from the link above).
    What's wrong? How can I test that HAVP works?



  • @kongar:

    I did just like this, but eicar code didn't blocked (from the link above).
    What's wrong? How can I test that HAVP works?

    • Update AV base (need wait some time)
    • Set HAVP to standard mode
    • Set Browser proxy settings > to HAVP_IP:PORT
    • Test eicar …. /* if not - it is havp problem */
    • Start scan squid cache with AV files scanner.
    • Set squid non transparent (uncheck transparent) + HAVP as Parent for squid;
    • Set Browser Proxy Settings > to squid_IP:PORT
    • Test eicar .... /* if not - havp-squid LINK problem */
    • Set squid as Transparent
    • Unset Browser proxy settings
    • Test eicar .... /* if not - squid TRANSPARENT problem */


  • Dvserg,

    Can HAVP be used in transparent mode without using squid? I dont use squid but would be nice if HAVP can scan for viruses as I use the web without changing any settings to my browser.



  • @Cino:

    Dvserg,

    Can HAVP be used in transparent mode without using squid? I dont use squid but would be nice if HAVP can scan for viruses as I use the web without changing any settings to my browser.

    HAVP create rule for transparent but i not tested how this work (i have only bridged router).
    On bridge transparent not worked. Can you test transparent on self pfsense?



  • @dvserg:

    @kongar:

    I did just like this, but eicar code didn't blocked (from the link above).
    What's wrong? How can I test that HAVP works?

    • Update AV base (need wait some time)
    • Set HAVP to standard mode
    • Set Browser proxy settings > to HAVP_IP:PORT
    • Test eicar …. /* if not - it is havp problem */
    • Start scan squid cache with AV files scanner.
    • Set squid non transparent (uncheck transparent) + HAVP as Parent for squid;
    • Set Browser Proxy Settings > to squid_IP:PORT
    • Test eicar .... /* if not - havp-squid LINK problem */
    • Set squid as Transparent
    • Unset Browser proxy settings
    • Test eicar .... /* if not - squid TRANSPARENT problem */

    #1…worked as expected
    #2...did not work..did not block
    #3...did not block as well.



  • I found one - squid CAN ignore parent proxy
    Try change in you Squid Custom option manually as:

    never_direct allow all;cache_peer 127.0.0.1 parent YOU_HAVP_PORT_HERE 0 name=havp no-query no-digest no-netdb-exchange default
    

    And Save.
    Check work with this settings.

    ps added 'never_direct allow all' and deleted 'proxy-only' string.



  • I have a question.  I have havp installed and running great in transparent mode.  My question is how do I whitelist youtube.  The caching of the videos is driving my wife crazy!!! I've tried in the whitelist section *.youtube.com *.googlevideo.com but still it caches the videos.



  • Try as this

    Example: *.pfsense.com/*, *sourceforge.net/*clamav-*, */*.xml, */*.inc 
    


  • @techrosis:

    I have a question.  I have havp installed and running great in transparent mode.  My question is how do I whitelist youtube.  The caching of the videos is driving my wife crazy!!! I've tried in the whitelist section *.youtube.com *.googlevideo.com but still it caches the videos.

    How did you get it to work successfully working in Transparent mode with Squid. It 's still not working for me. What's your settings in Havp?? I have Proxy mode set as Parent for Squid. Transparent mode gives me an error in the logs to use Standard mode.





  • Dvserg,

    Wow, now works like a charm…Great help!!!

    Thanks again,

    John



  • @dvserg:

    Try as this

    Example: *.pfsense.com/*, *sourceforge.net/*clamav-*, */*.xml, */*.inc 
    

    I tried this

    *.googlevideo.com/* and *.youtube.com/*
    

    Both are on new lines correct?  Not comma delimited.  Just wondering.  It's still caching the videos.  ???



  • I will check you issue. Maybe streaming scaning need configure



  • @dvserg:

    I will check you issue. Maybe streaming scaning need configure

    Cool. Thanks a ton!



  • @techrosis:

    @dvserg:

    I will check you issue. Maybe streaming scaning need configure

    Cool. Thanks a ton!

    Can you make this ?

    • edit file /usr/local/pkg/havp.inc, find '$conf[] = "STREAMSCANSIZE 20000";' string and replace 20000 to 0
    • goto HAVP gui and Save
    • test you stream content (video) new.


  • @dvserg:

    @techrosis:

    @dvserg:

    I will check you issue. Maybe streaming scaning need configure

    Cool. Thanks a ton!

    Can you make this ?

    • edit file /usr/local/pkg/havp.inc, find '$conf[] = "STREAMSCANSIZE 20000";' string and replace 20000 to 0
    • goto HAVP gui and Save
    • test you stream content (video) new.

    I made those changes as well.  Still caching videos.  :'(



  • I made those changes as well.  Still caching videos.   
    

    OK
    Will test more..


Locked