P3Scan package test



  • If anybody interested P3Scan package - pls EMail me, i have GUI for this package for test.
    P3Scan - scan pop3/pop3s(ssl)/smtp(?) traffic for viruses.
    Require HAVP (CLAMD) package on one computer in LAN.



  • Very interested. And not only one.
    GUI donate YOU, but where we find BSD port (7.2) ?
    Ready to participate in the testing.
    Required almost all proxy server, it is unclear why everyone is silent ?
    I was silent because of my "google English" ( :()



  • Look this page with instructions.

    Package TBZ possible install via gui (Install button present). Pls tell  me any errors/issues about package. Need collect any possible problems.

    ps: I think this package will continue to be useful in NanoBSD.



  • Seems not to understand without. Where detailed P3Scan log ?



  • @idelta:

    Seems not to understand without. Where detailed P3Scan log ?

    Now no log. You can use options p3scan to define log path and debug level - modify .inc file (where generate rc scripts).



  • how do i uninstall completely P3scan, need to reinstall



  • @ToxIcon:

    how do i uninstall completely P3scan, need to reinstall

    Console:

    pkg_info
    list of packages
    find p3scan with version

    pkg_delete p3scan-v.e.r.s.i.o.n

    After in gui will showed Install button for new installation.



  • I am seeing this since install P3scan can send email but unable to receive any email receive just gives errors out

    is their a way to check a log to see what is going on with P3scan



  • @ToxIcon:

    I am seeing this since install P3scan can send email but unable to receive any email receive just gives errors out
    is their a way to check a log to see what is going on with P3scan

    Thanks. I'm look this issue.



  • 192.0.0.100 - WinXP + Outlook Express 6…
    192.0.0.222 - LAN interface on PFsense

    OE6 -> POP3 server = 192.0.0.222:8110 (P3Scan)
    WireShark : No any other traffic except SYN from .100 to .222

    Below some add info.

    pkg_info

    ...
    clamav-0.93.1_2    Command line virus scanner written entirely in C
    havp-0.88          HTTP Antivirus Proxy
    p3scan-2.3.2_4      A transparent POP3-Proxy with virus-scanning capabilities
    squid-2.7.7
    ...

    Diagnostic -> States :
    ...
    tcp  127.0.0.1:8110 <- 192.0.0.222:8110 <- 192.0.0.100:3665 CLOSED:SYN_SENT
    ...

    netstat -a -n

    ...
    tcp4      0      0 192.0.0.222.8110      .                    LISTEN
    ...

    Where LISTEN on 25 (SMTP) ?

    p3scan -d > p3debug

    09:45:04 p3scan[42616]: P3Scan Version 2.3.2
    09:45:04 p3scan[42616]: Selected scannertype: clamd (ClamAV TCP Daemon)
    09:45:04 p3scan[42616]: Listen now on 192.0.0.222:8110
    09:45:04 p3scan[42616]: /usr/sbin/chown mailnull:mailnull /var/run/p3scan.pid=54
    09:45:05 p3scan[42616]: Changing uid (we are root)
    09:45:05 p3scan[42616]: Running as user: mailnull
    09:45:05 p3scan[42616]: Clamd init. Server: 1 Port: 3110
    09:45:05 p3scan[42616]: p3scan.conf:
    09:45:05 p3scan[42616]: pidfile: /var/run/p3scan.pid
    09:45:05 p3scan[42616]: maxchilds: 100
    09:45:05 p3scan[42616]: ip: 49152
    09:45:05 p3scan[42616]: port: 8110
    09:45:05 p3scan[42616]: targetip/port disabled
    09:45:05 p3scan[42616]: user: mailnull
    09:45:05 p3scan[42616]: notifydir: /var/spool/p3scannotify
    09:45:05 p3scan[42616]: virusdir: /var/spool/p3scan
    09:45:05 p3scan[42616]: justdelete: enabled
    09:45:05 p3scan[42616]: bytesfree: 10000
    09:45:05 p3scan[42616]: demime: disabled
    09:45:05 p3scan[42616]: scanner: 127.0.0.1:3110
    09:45:05 p3scan[42616]: broken: disabled
    09:45:05 p3scan[42616]: checkspam: disabled
    09:45:05 p3scan[42616]: spamcheck: /usr/local/bin/spamc
    09:45:05 p3scan[42616]: debug: enabled
    09:45:05 p3scan[42616]: quiet: disabled
    09:45:05 p3scan[42616]: template: /etc/p3scan/p3scan-ru.mail
    09:45:05 p3scan[42616]: subject: [Virus] found in a mail to you:
    09:45:05 p3scan[42616]: notify: Per instruction, the message has been deleted.
    09:45:05 p3scan[42616]: extra: safar@astpage.ru
    09:45:05 p3scan[42616]: emailport: 25
    09:45:05 p3scan[42616]: smtprset: Virus detected! P3scan rejected message!
    09:45:05 p3scan[42616]: smtpsize: not checking.
    09:45:05 p3scan[42616]: sslport: 995
    09:45:05 p3scan[42616]: mail: /usr/bin/mail
    09:45:05 p3scan[42616]: timeout: 30
    09:45:05 p3scan[42616]: altvnmsg: disabled
    09:45:05 p3scan[42616]: useurl: disabled
    09:45:05 p3scan[42616]: emergcon: root@localhost postmaster@localhost
    09:45:05 p3scan[42616]: TOP processing disabled
    09:45:05 p3scan[42616]: PIPELINING processing disabled
    09:45:05 p3scan[42616]: STLS processing disabled
    09:45:05 p3scan[42616]: Waiting for connections…..

    ^C09:45:50 p3scan[42616]: signalled, doing cleanup

    09:45:50 p3scan[42616]: calling uninit1
    09:45:50 p3scan[42616]: uninit1 done
    09:45:50 p3scan[42616]: ERR: Unable to remove /var/run/p3scan.pid
    09:45:50 p3scan[42616]: P3Scan terminates now



  • Now i stop a package test, while not a p3scan-3.0 port version.
    Ver 2.3.2 have problem with Clamd socket connection and with smtp listenning. (I can't start this)

    Current package normally work only with pop3/pop3s.

    Eny other comments exists ?



  • I tested the package last night for a short run, but not shure if all is right.

    Was a quick-shot, didn't scan mail. Outgoing was disabled, only incoming. I will enable log to see more. But its great!
    My havp and clamav are working smoothie on 2.0. So maybe its due to this fact.
    By the way, havp and clamav are running in actual versions!

    pkg_info:
    clamav-0.95.2      Command line virus scanner written entirely in C
    havp-0.91          HTTP Antivirus Proxy



  • Need renew pfsense packages tree. I can't do this.



  • What do you mean with this?



  • igor I am also testing p3scan out bound seem to work but inbound gives error.

    igor your havp and clamav are running in actual versions, can you give instruction on how you update havp to HAVP 0.91 release and clamav to ClamAV® 0.95.3 stable thanks.

    or can you update the havp package



  • @_igor_:

    What do you mean with this?

    Need update new TBZ-ports from FreeBSD portal to pfSense portal (ports tree = port and his depences).
    This job for pfSense developers. I have't access to this.

    –-
    P3scan package gui updated.



  • I'm sorry, but don't know how to update the package. Its a bit confusing to me at the moment. Not enough skills to program.

    installed havp as usual.

    after installation (on 2.0) made the config, started havp without success. No problem.
    now viapkg_delete havpand```
    pkg_delete clamav

    via```
    pkg_add -r clamav-0.95.2
    ```and
    
    > pkg_add -r havp-0.91
    
    installed both packages manually.
    After this tried to start clamav via```
    /usr/local/sbin/clamd -c /usr/local/etc/clamd.conf
    ```.
    Looking at the system-log (can be done via Webgui) saw the missing libs. Made the links manually. Sorry, but didn't record the libnames, are 3-4 libs.
    So for example clamav is missing libz.so.x, looked for them via```
    find / -name "libz.so.*"
    ```, got ```
    /lib/libz.so.y
    ```Via```
     ln -s /lib/libz.so.y /libz.so.x
    ```made them known to clamav. So on with all missing libs.
    After getting clamav started without errors, did
    

    /usr/local/sbin/havp -c /usr/local/etc/havp/havp.config

    ok.
    At last noticed that havp only works as "parent for squid" and squid as transparent proxy.
    In pfSense 1.2.3 it is different. Havp only works as transparent. Curious, funny but doesn't matter.
    Best of this change is, that no more failing of squidguard/squid-combination as on pfSense 1.2.3.
    Finally tested with http://www.nvkz.kuzbass.net/as/ if viruses are filtered. All ok. Viruses filtered and known sites full of advertisements are filtered too.
    ready.


  • New test with p3scan. No success. Outgoing and incoming mail is not scanned. p3scan started with "-d debug" only stated "Waiting for connections" That was all. :(


Log in to reply