HAVP
-
dvserg did you turn HAVP and CLAMAV into a pfSense packages?
I work with this. I test for 1.2.2/freeBSD 7.1
I need small time for all tests -
HAVP - HTTP Antivirus package added to packages list.
Pls test. -
How do you setup HAVP in transparent proxy mode? And correct me if i'm wrong, transparent proxy mode means I dont have to set the proxy settings in each client pc..
thanks,
Cino
-
Does HAVP work with squid? I found http://www.server-side.de/ideas.htm but does this apply to pfsense also?
-
How do you setup HAVP in transparent proxy mode? And correct me if i'm wrong, transparent proxy mode means I dont have to set the proxy settings in each client pc..
thanks,
CinoTransparent proxy option now not ready. Will be in near time.
-
Does HAVP work with squid? I found http://www.server-side.de/ideas.htm but does this apply to pfsense also?
Havp will be work with squid. But before need test current variant havp.
-
This is absolutly great! When migrating to pfsense and removing our old proxy server that had havp+squid+squidguard i really missed the virus checking function that havp offered. Please continue working and add support for squid in transparent mode! Thank you for all the great work!
-
Update havp test - xml & inc in ZIP archive:
http://diskatel.narod.ru/pfSense/packages/havp/havp.zipChanges:
- proxy mode are : standard, parent for squid, transparent, internal
- multiinterface
- work with user-defined rdr(mapping) from gui
- optimised RAM temp options
Store you old inc and xml from havp GUI
Download, unpack and copy to /usr/local/pkg
Check config HAVP from gui and Save.–---------------------
Also new version with file AV-scanner. Possible, for example, scan Squid cache.
http://diskatel.narod.ru/pfSense/packages/havp/havpnew.zipIf errors or any other issues - pls post here.
NOTE: This 'test only' version, not use for work systems.
-
The file scanner seems to work, but I get this error in system log: php: : havp: Havp is installed but not started. Filter rules not created.
Squid=Transparent
Havp proxy mode=transparent
Havp proxy port=3129
ram disk enabledSquid custom options=redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3
I did have cache peer 127.0.0.1 3129 0…etc etc...but now that disappeared also...but either way..I got:Havp is installed but not started. Filter rules not created.
-
Havp now updated as 'HAVP antivirus'
Please delete previous package and install new.
Changes: transparent proxy, parent for squid (autoconfigure), filter RDR rules, local files scanner, use clamd daemon (more quickly HAVP start, memory economy mode) - previous version used libclam. -
Thanks dvserg for put the time and giving us Havp
unfortunility I have a question can squid and Havp work together in transparent mode because i get this
php: : Havp: Squid is already configured as transparent proxy. Use 'Standard' proxy mode
I also try testing Havp by using http://www.eicar.org/anti_virus_test_file.htm
and it did not stop the http or https files download my desktop av popup on all files
and their is nothing in the log files
-
I tested HAVP transparent mode - and have some problem (i have bridged ifaces).
This options declared but not worked ( rdr rule ).
I hope in future to solve this problem. :-\About squid - i success use squid(non transparent) > havp > inet on my system. Before only need check saquid cache (must use 'File scan').
-
How to configure HAVP to use it with transparent SQUID?
Or should I disable transparent in SQUID? -
How to configure HAVP to use it with transparent SQUID?
Or should I disable transparent in SQUID?Setup HAVP as 'ParentForSquid' mode
Setup Squid as Transparent -
I did just like this, but eicar code didn't blocked (from the link above).
What's wrong? How can I test that HAVP works? -
I did just like this, but eicar code didn't blocked (from the link above).
What's wrong? How can I test that HAVP works?- Update AV base (need wait some time)
- Set HAVP to standard mode
- Set Browser proxy settings > to HAVP_IP:PORT
- Test eicar …. /* if not - it is havp problem */
- Start scan squid cache with AV files scanner.
- Set squid non transparent (uncheck transparent) + HAVP as Parent for squid;
- Set Browser Proxy Settings > to squid_IP:PORT
- Test eicar .... /* if not - havp-squid LINK problem */
- Set squid as Transparent
- Unset Browser proxy settings
- Test eicar .... /* if not - squid TRANSPARENT problem */
-
Dvserg,
Can HAVP be used in transparent mode without using squid? I dont use squid but would be nice if HAVP can scan for viruses as I use the web without changing any settings to my browser.
-
Dvserg,
Can HAVP be used in transparent mode without using squid? I dont use squid but would be nice if HAVP can scan for viruses as I use the web without changing any settings to my browser.
HAVP create rule for transparent but i not tested how this work (i have only bridged router).
On bridge transparent not worked. Can you test transparent on self pfsense? -
I did just like this, but eicar code didn't blocked (from the link above).
What's wrong? How can I test that HAVP works?- Update AV base (need wait some time)
- Set HAVP to standard mode
- Set Browser proxy settings > to HAVP_IP:PORT
- Test eicar …. /* if not - it is havp problem */
- Start scan squid cache with AV files scanner.
- Set squid non transparent (uncheck transparent) + HAVP as Parent for squid;
- Set Browser Proxy Settings > to squid_IP:PORT
- Test eicar .... /* if not - havp-squid LINK problem */
- Set squid as Transparent
- Unset Browser proxy settings
- Test eicar .... /* if not - squid TRANSPARENT problem */
#1…worked as expected
#2...did not work..did not block
#3...did not block as well. -
I found one - squid CAN ignore parent proxy
Try change in you Squid Custom option manually as:never_direct allow all;cache_peer 127.0.0.1 parent YOU_HAVP_PORT_HERE 0 name=havp no-query no-digest no-netdb-exchange defaultAnd Save.
Check work with this settings.ps added 'never_direct allow all' and deleted 'proxy-only' string.
-
I have a question. I have havp installed and running great in transparent mode. My question is how do I whitelist youtube. The caching of the videos is driving my wife crazy!!! I've tried in the whitelist section *.youtube.com *.googlevideo.com but still it caches the videos.
-
Try as this
Example: *.pfsense.com/*, *sourceforge.net/*clamav-*, */*.xml, */*.inc -
I have a question. I have havp installed and running great in transparent mode. My question is how do I whitelist youtube. The caching of the videos is driving my wife crazy!!! I've tried in the whitelist section *.youtube.com *.googlevideo.com but still it caches the videos.
How did you get it to work successfully working in Transparent mode with Squid. It 's still not working for me. What's your settings in Havp?? I have Proxy mode set as Parent for Squid. Transparent mode gives me an error in the logs to use Standard mode.
-
Now i edit HowTo. Pls look this
http://doc.pfsense.org/index.php/HAVP_Package_for_HTTP_Anti-Virus_Scanning -
Dvserg,
Wow, now works like a charm…Great help!!!
Thanks again,
John
-
Try as this
Example: *.pfsense.com/*, *sourceforge.net/*clamav-*, */*.xml, */*.incI tried this
*.googlevideo.com/* and *.youtube.com/*Both are on new lines correct? Not comma delimited. Just wondering. It's still caching the videos. ???
-
I will check you issue. Maybe streaming scaning need configure
-
-
I will check you issue. Maybe streaming scaning need configure
Cool. Thanks a ton!
Can you make this ?
- edit file /usr/local/pkg/havp.inc, find '$conf[] = "STREAMSCANSIZE 20000";' string and replace 20000 to 0
- goto HAVP gui and Save
- test you stream content (video) new.
-
I will check you issue. Maybe streaming scaning need configure
Cool. Thanks a ton!
Can you make this ?
- edit file /usr/local/pkg/havp.inc, find '$conf[] = "STREAMSCANSIZE 20000";' string and replace 20000 to 0
- goto HAVP gui and Save
- test you stream content (video) new.
I made those changes as well. Still caching videos. :'(
-
I made those changes as well. Still caching videos.OK
Will test more.. -
Hi DvSerg,
We are running the havp + squid in transparent mode sucessfully. But, one strange thing happens, the first that we try to access an page that contains virus or other malware it be blocked. But, if you try a second access to this same page so we can it.
Why?
Have you any idea about?
-
In current configuration squid can load pages, bypass havp.
Wait next update with fix. -
Update:
- squid 'cache_peer' options, now squid can't bypass parent proxy;
- added stream scan option - possible disable streaming content 'audio/video';
- modified TMPRam disk, now RAM disk probably will be quckly;
- fix errors;
-
Hi Dvserg ! It's working like a charm ! :D
-
-
It's about everything ! Everything is running flawlessly, tnx ! ;D
-
Update:
- squid 'cache_peer' options, now squid can't bypass parent proxy;
- added stream scan option - possible disable streaming content 'audio/video';
- modified TMPRam disk, now RAM disk probably will be quckly;
- fix errors;
Youtube still caching even after the update and with the box unchecked…..
-
Worked for a few, but then the service stopped.
Now the service wont start, can you think of why the service won't start .. or wher ei can look to see why its not?
-
Worked for a few, but then the service stopped.
Now the service wont start, can you think of why the service won't start .. or wher ei can look to see why its not?
Enable SysLog and look any errors 'havp' or 'CLAMD' exists?