[2.4.x] Squid/ClamAV: Fix for C-ICAP 0.5.x not starting



  • Currently running pfSense 2.4.4-DEV snapshot, I found a problem where Squid+ClamAV would not work. Specifically, c-icap would not start.

    If you were to start c-icap manually as instructed on the rc.d unit, you'd meet this error:

    [2.4.4-DEVELOPMENT][root@pfsense]/usr/local/bin: c-icap -D -d 9
    <...>
    Fatal error while parsing config file: "/usr/local/etc/c-icap/c-icap.conf" line: 134
    The line is: ListenAddress 127.0.0.1
    <...>
    

    Googling, you'd find this: https://sourceforge.net/p/c-icap/mailman/message/36379708/

    It seems, on 0.5.x, ListenAddress has been removed in favor of the Port statement.
    To fix C-ICAP, you must:

    1. Remove ListenAddress 127.0.0.1 statement on line 134 of c-icap.conf
    2. Replace Port 1344 statement on line 142 of c-icap.conf with Port 127.0.0.1:1344
    3. To prevent pfSense from overwriting, chmod -w that file to prevent writes to it.

    Hopefully this helps someone. :)



  • Thanks jvelez,

    I always thought that there has been something wrong with my config. c-icap didn't start anymore.
    The recommended changes I made via GUI by selecting Services -> Squid -> Antivirus selecting: Enable Manual Configuration to enabled, load advanced, show advanced and editing c-icap.conf.


  • Netgate

    Please file a bug on Redmine.pfsense.org


  • Netgate Administrator



  • Thank you all!

    Just upgraded to 2.4.4 official release. Same bug popped up. Fix to c-icap.conf mentioned above did work.



  • Hello to all and especially administrators,
    Thanks for this fix first of all and I hope all is well with everyone. My personal experience: I tried to follow the fix here on this page for I-cap in pfsense 2.4.4 Final. However, the only way that I got this to work ( without the file being over-written ) was to issue this command :
    chflags schg /usr/local/etc/c-icap/c-icap.conf - This is equivalent to the chattr command on Linux. see this explanation here for making file immutable on FreeBsd - https://www.cyberciti.biz/tips/howto-write-protect-file-with-immutable-bit.html The other method mentioned here chmod -w and even chmod 000 ( which I researched on my own ) DID NOT WORK for me. I can confirm chflags schg /usr/local/etc/c-icap/c-icap.conf command works to keep file intact after you modify it with changes detailed above. Then i-cap works perfectly for me at least.

    Thanks Again and Peace,

    ubernupe


  • Netgate Administrator

    Because that file is generated every time from the file /usr/local/etc/c-icap/c-icap.conf.pfsense which is where you should be making that change if you're doing it that way.

    Or you can enable the advanced settings i the antivirus tab and them make the changes there in the GUI where they will be kept.

    Hopefully we can patch the package to fix it this soon though.

    Steve



  • @stephenw10
    Dear stephenw10,
    Thank you so very much for your assistance with helping me to get this straightened out. I followed your instructions and modified /usr/local/etc/c-icap/c-icap.conf.pfsense as detailed above in this post and then I issued command: chflags schg /usr/local/etc/c-icap/c-icap.conf.pfsense and everything works great. Thanks one more time and

    Peace and God Bless,

    ubernupe



  • i can confirm @jvelez solution is working, even for 2.4.4 final release.
    I set it from gui as @iqjet suggested


  • Rebel Alliance Developer Netgate

    This is fixed now in the current version of the squid package. Update the package, or remove it and install it again, and it will work without manual changes.



  • hello mr. @jimp
    I updated squid package right now, disabling antivirus manual configuration but it doesn't start yet.
    Re-enabling manual configuration and after a "reload", i still see two separate entries for ListeAddress and Port, and i had to do same modify as @jvelez suggested on first post.
    Is maybe something left dirt on my pfsense configuration ?



  • Thanks. The update seems to work for me but only after an uninstall/reinstall, not a straight upgrade.
    One thing I noticed... when I did an uninstall/reinstall with the Proxy Server > General Settings box "Keep Settings/Data" UNCHECKED, followed by reboot just in case..... all my settings still remained.



  • @occamsrazor thanks.
    In my case I would not rather to leave "keep setting" unchecked, because destroys my previous configuration, that is a bit complex, and would require a bit of work to be recreated.



  • @sisko212 said in [2.4.x] Squid/ClamAV: Fix for C-ICAP 0.5.x not starting:

    @occamsrazor thanks.
    In my case I would not rather to leave "keep setting" unchecked, because destroys my previous configuration, that is a bit complex, and would require a bit of work to be recreated.

    Sure, I hear you. My point was that at least in my case having that box unchecked did not seem to have any effect at all - all my settings remained. Which would seem to imply to me that the function of this box is not working as it is intended.



  • @occamsrazor Thanks.
    I tried as your suggestion, and has worked.
    But after disabling "keep setting" i had to completely de-installing squid, and then reinstalling from package list. The reinstall option only, didn't work.
    Perhaps with reinstall option, some wrong configuration remains somewhere.
    And yes... good to know, "keep setting" works differentely how i tought :-D... squid pfsense configuration stays there and is not deleted... maybe it delete only the squid configuration, not pfsense configuration, and then, when installing, it recreates the entire squid config.


  • Rebel Alliance

    Hello all

    I am also having this issues with the ICAP service not starting. I have edited then config as requested above no joy. I then decided to reinstall the package but this did not make a difference. I have now uninstall the squid package completely and reinstalled it. Still the service will not start.


  • Rebel Alliance Developer Netgate

    @eden said in [2.4.x] Squid/ClamAV: Fix for C-ICAP 0.5.x not starting:

    Hello all

    I am also having this issues with the ICAP service not starting. I have edited then config as requested above no joy. I then decided to reinstall the package but this did not make a difference. I have now uninstall the squid package completely and reinstalled it. Still the service will not start.

    If that is the case then your problem is not the same problem as this thread. Start a new thread with details about your configuration, any error messages from logs, etc.