New widget for havp



  • Hi, everyone.
    The new dashboard 0.8.4 has been released and it contains the new widget for havp similar to one for Snort.
    If you use havp and would like to use a new widget please let me know if there are any issues with it.
    Please remember that in order to use it , you need to make sure havp is configured to output logs to a file (not syslog).
    Also in my experience if both syslog and logfile options are set, logfile stays empty so make sure only logfile option is on.
    If you have any issues, comments , questions you may pm me on the forum and I will try my best to help you out.

    Thanks in advance for all your feedback.



  • Thanks for helping us out. An HAVP widget is a great idea so I installed it as soon as it was available (last night). Unfortunately, I'm not seeing any indications HAVP (or the widget) is working. I currently have it running along with Squid and Squidguard so it's hard to determine if there's a problem with the widget or if it's a configuration problem with one or more packages. I'm still new to all of this and I'm overwhelmed.



  • Roodawakening,
    Have you made sure havp logging is on?
    In order to do that go to services then antivirus.
    At the very bottom of the page there is log checkmark.
    Make sure it is checked.
    Also make sure syslog logging is NOT enabled.



  • @matrix200:

    Roodawakening,
    Have you made sure havp logging is on?
    In order to do that go to services then antivirus.
    At the very bottom of the page there is log checkmark.
    Make sure it is checked.
    Also make sure syslog logging is NOT enabled.

    I have HAVP configured as you specified. It might be working but downloading EICAR doesn't provide alerts. Also, when I do a scan of my squid cache, it takes only 9 seconds to complete. Again…I don't know if I have Squid (or Squidguard, for that matter) configured correctly. I also don't seem to notice any indication HAVP is updating the library after I click "Update." Is it supposed to give some message or other notification (in the syslog, for example) that it's been updated?



  • Ok first I would check whether or not havp service is shown as running under status->services menu.
    If it is not then you need to start it manually and see whether it starts.
    If it doesn't please check system logs right after an attempt to start it and search for any error messages related to that.
    Also have you read and worked according to this document when setting up havp?

    http://doc.pfsense.org/index.php/HAVP_Package_for_HTTP_Anti-Virus_Scanning
    You are running havp together with squid so you should follow the howto on the link above.



  • @matrix200:

    Ok first I would check whether or not havp service is shown as running under status->services menu.
    If it is not then you need to start it manually and see whether it starts.
    If it doesn't please check system logs right after an attempt to start it and search for any error messages related to that.
    Also have you read and worked according to this document when setting up havp?

    http://doc.pfsense.org/index.php/HAVP_Package_for_HTTP_Anti-Virus_Scanning
    You are running havp together with squid so you should follow the howto on the link above.

    Yes, I found that page quite awhile ago but it didn't seem to get HAVP running. I tried other proxy settings and 'Transparent' finally got it working. Why that solved the problem I don't know. But now for another question: When I get an HAVP alert, the splash page seems to indicate you can put your company's name at the bottom (See below for graphic). How is that done? Can the HAVP splash page be edited to personal choice?



  • Roodawakening,
    Check out the following thread :
    http://forum.pfsense.org/index.php/topic,16291.0.html

    So do you see anything in the widget now?



  • @matrix200:

    Roodawakening,
    Check out the following thread :
    http://forum.pfsense.org/index.php/topic,16291.0.html

    So do you see anything in the widget now?

    Yes…I attempted to download the EICAR "viruses" (*.com, *.zip, etc.) and each attempt was neatly displaced in the widget. As was previously mentioned, it would be nice to have dates associated with each error so it's clear when HAVP flagged a suspicious file but the raw functionality is there. Great job, Matrix200, and thanks for helping me get this going.



  • Matrix200,

    Here's a screenshot of my Dashboard:



  • Matrix200…

    Just another suggestion/"wishlist": Is there any way to incorporate the dates of virus definitions into the widget? How about a button to update the definitions so users don't have to do it manually through the package itself? I'm not a programmer so I don't know if these suggestions are feasible.

    Anyway...I do like the widget and appreciate the time and effort you've put into it.



  • Roodawakening,

    Ok to answer your questions :
    1. I am not sure adding datetime is such a good idea since as you can see I am very much constrained in width of the line that I can use.
    We are looking into ways to make the widget more usable though and hopefully will come up with something soon.

    2. I am not sure what you mean with your second suggestion.
    The updates are done automatically through the havp configuration so there is no need to do that manually.
    Widget's job is to display virus alerts similarly to what snort widget does so I am not sure what is that you expect.


  • Rebel Alliance Developer Netgate

    @matrix200:

    Ok to answer your questions :
    1. I am not sure adding datetime is such a good idea since as you can see I am very much constrained in width of the line that I can use.
    We are looking into ways to make the widget more usable though and hopefully will come up with something soon.

    You might be able to make Column #1 the Date and Virus name on two lines:

    | Date
    Virus | URL |

    That should give it plenty of room to wrap the URL as needed.
    Or alternately:

    | Date | Virus
    URL |

    That way you could dedicate more width to column #2.

    Edit: The tables apparently are white-on-white, not sure why, I'll look into it. Just highlight the text and you'll see what I originally put.



  • Jim-p, thanks for the suggestion.
    I actually like the second one (that is date and then virus/url on the second column).
    I also think this could be great idea for Snort widget too.



  • Ok I have prepared the new version that looks like that :

    Let me know if this is more useful.



  • @matrix200:

    Ok I have prepared the new version that looks like that :

    Let me know if this is more useful.

    Excellent. I find it more useful because now I know when a particular alert was received. I often due EICAR test files to make sure HAVP is working correctly (because, fortunately, I have no true virus files to flag) and it's nice to know on what date (and time) my test was successful.

    How do I download the new version?

    Thanks…


  • Rebel Alliance Developer Netgate

    @Roodawakening:

    How do I download the new version?

    I'll put it in the Dashboard package and update it in the next few days, then just update the Dashboard when you see a new version.



  • Ok just to let everybody know the new version with the new look has been released.
    Thanks to Jim-P as always :)
    Please use this thread to report any issues with it.



  • For whatever reason, the times and dates never change. I attempt to download EICAR test viruses, HAVP blocks them, but only those from two weeks ago show up.



  • Hmm, this probably means that logging has been turned off so nothing new gets added to the log.
    Can you make sure the havp logging is on in the UI?



  • @matrix200:

    Hmm, this probably means that logging has been turned off so nothing new gets added to the log.
    Can you make sure the havp logging is on in the UI?

    I thought that was the problem, too, but look…



  • From my experience if both syslog and logfile are checked only syslog works.
    Can you try disabling syslog and try again?



  • That fixed it but I had to disable Syslog in both the 'HTTP Proxy' and 'Settings' tabs found under Services–>Antivirus

    Anyways…thanks for your work.



  • Yeah, this is a bug in havp which dvserg should fix.



  • Ok I found a bug in the widget that would cause sorting by date to mess up.
    This happens if you have widget open for a while but there are no updates.
    There is a fix that will be released when the next dashboard version is out.
    My apologies


Log in to reply