HAVP



  • @kongar:

    I did just like this, but eicar code didn't blocked (from the link above).
    What's wrong? How can I test that HAVP works?

    • Update AV base (need wait some time)
    • Set HAVP to standard mode
    • Set Browser proxy settings > to HAVP_IP:PORT
    • Test eicar …. /* if not - it is havp problem */
    • Start scan squid cache with AV files scanner.
    • Set squid non transparent (uncheck transparent) + HAVP as Parent for squid;
    • Set Browser Proxy Settings > to squid_IP:PORT
    • Test eicar .... /* if not - havp-squid LINK problem */
    • Set squid as Transparent
    • Unset Browser proxy settings
    • Test eicar .... /* if not - squid TRANSPARENT problem */


  • Dvserg,

    Can HAVP be used in transparent mode without using squid? I dont use squid but would be nice if HAVP can scan for viruses as I use the web without changing any settings to my browser.



  • @Cino:

    Dvserg,

    Can HAVP be used in transparent mode without using squid? I dont use squid but would be nice if HAVP can scan for viruses as I use the web without changing any settings to my browser.

    HAVP create rule for transparent but i not tested how this work (i have only bridged router).
    On bridge transparent not worked. Can you test transparent on self pfsense?



  • @dvserg:

    @kongar:

    I did just like this, but eicar code didn't blocked (from the link above).
    What's wrong? How can I test that HAVP works?

    • Update AV base (need wait some time)
    • Set HAVP to standard mode
    • Set Browser proxy settings > to HAVP_IP:PORT
    • Test eicar …. /* if not - it is havp problem */
    • Start scan squid cache with AV files scanner.
    • Set squid non transparent (uncheck transparent) + HAVP as Parent for squid;
    • Set Browser Proxy Settings > to squid_IP:PORT
    • Test eicar .... /* if not - havp-squid LINK problem */
    • Set squid as Transparent
    • Unset Browser proxy settings
    • Test eicar .... /* if not - squid TRANSPARENT problem */

    #1…worked as expected
    #2...did not work..did not block
    #3...did not block as well.



  • I found one - squid CAN ignore parent proxy
    Try change in you Squid Custom option manually as:

    never_direct allow all;cache_peer 127.0.0.1 parent YOU_HAVP_PORT_HERE 0 name=havp no-query no-digest no-netdb-exchange default
    

    And Save.
    Check work with this settings.

    ps added 'never_direct allow all' and deleted 'proxy-only' string.



  • I have a question.  I have havp installed and running great in transparent mode.  My question is how do I whitelist youtube.  The caching of the videos is driving my wife crazy!!! I've tried in the whitelist section *.youtube.com *.googlevideo.com but still it caches the videos.



  • Try as this

    Example: *.pfsense.com/*, *sourceforge.net/*clamav-*, */*.xml, */*.inc 
    


  • @techrosis:

    I have a question.  I have havp installed and running great in transparent mode.  My question is how do I whitelist youtube.  The caching of the videos is driving my wife crazy!!! I've tried in the whitelist section *.youtube.com *.googlevideo.com but still it caches the videos.

    How did you get it to work successfully working in Transparent mode with Squid. It 's still not working for me. What's your settings in Havp?? I have Proxy mode set as Parent for Squid. Transparent mode gives me an error in the logs to use Standard mode.





  • Dvserg,

    Wow, now works like a charm…Great help!!!

    Thanks again,

    John



  • @dvserg:

    Try as this

    Example: *.pfsense.com/*, *sourceforge.net/*clamav-*, */*.xml, */*.inc 
    

    I tried this

    *.googlevideo.com/* and *.youtube.com/*
    

    Both are on new lines correct?  Not comma delimited.  Just wondering.  It's still caching the videos.  ???



  • I will check you issue. Maybe streaming scaning need configure



  • @dvserg:

    I will check you issue. Maybe streaming scaning need configure

    Cool. Thanks a ton!



  • @techrosis:

    @dvserg:

    I will check you issue. Maybe streaming scaning need configure

    Cool. Thanks a ton!

    Can you make this ?

    • edit file /usr/local/pkg/havp.inc, find '$conf[] = "STREAMSCANSIZE 20000";' string and replace 20000 to 0
    • goto HAVP gui and Save
    • test you stream content (video) new.


  • @dvserg:

    @techrosis:

    @dvserg:

    I will check you issue. Maybe streaming scaning need configure

    Cool. Thanks a ton!

    Can you make this ?

    • edit file /usr/local/pkg/havp.inc, find '$conf[] = "STREAMSCANSIZE 20000";' string and replace 20000 to 0
    • goto HAVP gui and Save
    • test you stream content (video) new.

    I made those changes as well.  Still caching videos.  :'(



  • I made those changes as well.  Still caching videos.   
    

    OK
    Will test more..



  • Hi DvSerg,

    We are running the havp + squid in transparent mode sucessfully. But,  one strange thing happens, the first that we try to access an page that contains virus or other malware it be blocked. But, if you try a second access to this same page so we can it.

    Why?

    Have you any idea about?



  • In current configuration squid can load pages, bypass havp.
    Wait next update with fix.



  • Update:

    • squid 'cache_peer' options, now squid can't bypass parent proxy;
    • added stream scan option - possible disable streaming content 'audio/video';
    • modified TMPRam disk, now RAM disk probably will be quckly;
    • fix errors;


  • Hi Dvserg ! It's working like a charm !  :D



  • @riclnx:

    Hi Dvserg ! It's working like a charm !  :D

    It's about 'Squid bypass fixed' ?



  • It's about everything ! Everything is running flawlessly, tnx !  ;D



  • @dvserg:

    Update:

    • squid 'cache_peer' options, now squid can't bypass parent proxy;
    • added stream scan option - possible disable streaming content 'audio/video';
    • modified TMPRam disk, now RAM disk probably will be quckly;
    • fix errors;

    Youtube still caching even after the update and with the box unchecked…..



  • Worked for a few, but then the service stopped.

    Now the service wont start, can you think of why the service won't start .. or wher ei can look to see why its not?



  • @bilbus:

    Worked for a few, but then the service stopped.

    Now the service wont start, can you think of why the service won't start .. or wher ei can look to see why its not?

    Enable SysLog and look any errors 'havp' or 'CLAMD' exists?



  • Not much under system logs, (Diagnostics: System logs: System) unless there is another place to look.

    When i hit start service, nothing starts.

    I have the same problem with iperf, phpservice, and darkstat.



  • Hi,

    I have HAVP, Squid and Squidguard installed and was able to test using eicar test file and it worked however when I tried to download viruses from http://vx.netlux.org it did not block the page and the file was downloaded. This test was done using Windows 7 on VMWare that has a bridge IP and the host OS was configured to bypass the proxy, I'm not sure if it has anything to do with it because AFAIK the guest OS has its own ip address hence it's configured to use the proxy. I've tested it using another workstation running Slackware and the result was the correct one which is block the web page.

    Any idea why?

    TIA.

    Jan



  • It's odd, it's now working! virus files on http://vx.netlux.org is now being blocked.

    Please disregard my post,


Log in to reply