Squid Log Clam AV Files Stopped Working and Redirect now blank
-
@jonathanlee
Ref also
https://forum.netgate.com/topic/138455/squid-clamav-antivirus-not-working-properly/11?_=1669772030240 -
@jonathanlee
You saw :
which means, to me, that the part that feeds de data to be tested can't contact the scan deamon, clamd.
Because it isn't running ?
Because the socket 'rights' are not ok ?
Because something else ?Check the 'clamd' log file.
When it start, and fails to create the socket, it should log this.
Tthe proxy can't pipe the received info through the scanner. Result : info isn't scanned any more.Btw : I'm not using also these packages on pfSense.
I do use "clamav" (clamd) on my mail server, as mails are stored in clear in the mail box folders, and after receiving a mail, they are parsed/scanned for common BS. -
This post is deleted! -
@jonathanlee
Probably.
Remember : I'm not using these pfSense packagesUnder /var/log/ - files are subsequent sub folder.
Or differently, as you've shown an example above : /var/squid/log/....Btw : you use squid clam proxy etc : you should have a console (SSH) open all times (I'm not kidding) with these logs files.
These 'pfSEnse addons' you use interacts with most incoming traffic : you better know what is going on in real time : that's why there are log files, as they tell you what's going on.
I would tail them all ..... -
@gertjan Thanks for your help here is the 29th error Can't save PID after it ran again and worked.
-
-
-
-
I wonder if the port is required in the rules that is why I added the firewall ACL for 127.0.0.1:. to the firewall, I feel this is a bit risky however and would only like the one port, I am going to change it to 1344 again I had that listed for use as it is part of the remote cache load from other content acceleration systems. What port does the clamd use for accessing the loopback? Squid already uses 1344 if you look at the config options it is used with I-CAP
-
Error
squidclamav_check_preview_handler: Wed Nov 30 15:56:36 2022, 92197/1098002432, ERROR clientip is null, you must set 'icap_send_client_ip on' into squid.conf
It goes on and on...
I have also just added
adaptation_send_client_ip {$icap_send_client_ip}
to line 234 of
ref https://forum.netgate.com/topic/129331/adaptation_send_client_ip-vs-icap_send_client_ip?_=1669853066007
It seems to already be enabled also, any ideas?
Keep in mind it all worked until a week or so ago, not it will not even see the test virus anymore
