Squid + HAVP



  • I have installed squid and havp and for some reasons I can not get havp to start.  I will go into services and restart the havp service and it would shutdown. I have checked the system log and I am getting this.  I have followed the instructions to try to get this work and nothing if anyone can give me some advice I would appreciate it. Thx

    http://doc.pfsense.org/index.php/HAVP_Package_for_HTTP_Anti-Virus_Scanning

    havp[4383]: Clamd: Could not connect to scanner! Scanner down?
    havp[1446]: ERROR: Clamd Socket Scanner failed EICAR virus test! (Could not connect to scanner socket)



  • I'll bet you forgot to set HAVP as a parent proxy for Squid. See settings below.

    HAVP:

    Squid:



  • Thx for the pics I copied the same configs and even port numbers as you have just to test and I am still getting this error message on the pic below also I have paste a few print screens of my settings they pretty much match yours.



  • the fact that you get the message about being unable to connect to the clamd scanner is suspicious.  what do you get from the following shell command:

    ps ax | grep clam



  • here is what I get when I run the ps ax | grep clam command.  I have attached a print screen




  • Hmmm, if you try starting havp and look in the system logs (or havp logs if you have that enabled), does havp say anything?  Maybe you need to delete havp and reinstall it?



  • Yeah I have reinstalled and uninstalled hapv a few times and same issue.  I do have the log options enabled in hapv I am using winscp trying to look for the log files can you point to the directory were they would be stored?



  • /var/log/havp



  • it looks like both files were modified on 12/24/09 and are empty I have attached a print screen.

    ![12-30-2009 4-43-57 PM.png](/public/imported_attachments/1/12-30-2009 4-43-57 PM.png)
    ![12-30-2009 4-43-57 PM.png_thumb](/public/imported_attachments/1/12-30-2009 4-43-57 PM.png_thumb)



  • that is weird.  only thing i can think of: uninstall havp, then go through the filesystem on the pfsense and delete anything to do with havp and/or clam*.



  • Yeah I thought that was pretty weird also.  What directories of clamv and havp do you recommend me to delete.  Were is the root directory for these programs in /var or /etc ?



  • As I recall, there are several in /var, /maybe /usr/local.  I would just do something like:

    find / -name 'havp*' -print
    find / -name 'clam*' -print

    and see what you see…

    also once you are done, look at /conf/config.xml and make sure all vestiges are gone.  If need be, edit the file and delete them, then reboot and try again.  And make sure you back up first :)



  • Receiving same results removed files manually and reinstalled looked at the config.xml and searched for havp and keywords found a few havp did not remove them I guess I will remove them next time and try again.  I have copied and pasted the system log and pasted below  Also I have attached a print screen of the proxy server and custom options does everything look ok their?

    Dec 30 17:36:40 kernel: miibus3: <mii bus="">on xl0
    Dec 30 17:36:40 kernel: ukphy0: <generic ieee="" 802.3u="" media="" interface="">PHY 24 on miibus3
    Dec 30 17:36:40 kernel: ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
    Dec 30 17:36:40 kernel: xl0: Ethernet address:
    Dec 30 17:36:40 kernel: xl0: [ITHREAD]
    Dec 30 17:36:40 kernel: isab0: <pci-isa bridge="">at device 31.0 on pci0
    Dec 30 17:36:40 kernel: isa0: <isa bus="">on isab0
    Dec 30 17:36:40 kernel: atapci0: <intel ich2="" udma100="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xffa0-0xffaf at device 31.1 on pci0
    Dec 30 17:36:40 kernel: ata0: <ata 0="" channel="">on atapci0
    Dec 30 17:36:40 kernel: ata0: [ITHREAD]
    Dec 30 17:36:40 kernel: ata1: <ata 1="" channel="">on atapci0
    Dec 30 17:36:40 kernel: ata1: [ITHREAD]
    Dec 30 17:36:40 kernel: uhci0: <intel 82801ba="" bam="" (ich2)="" usb="" controller="" usb-a="">port 0xff80-0xff9f irq 19 at device 31.2 on pci0
    Dec 30 17:36:40 kernel: uhci0: [GIANT-LOCKED]
    Dec 30 17:36:40 kernel: uhci0: [ITHREAD]
    Dec 30 17:36:40 kernel: usb0: <intel 82801ba="" bam="" (ich2)="" usb="" controller="" usb-a="">on uhci0
    Dec 30 17:36:40 kernel: usb0: USB revision 1.0
    Dec 30 17:36:40 kernel: uhub0: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usb0
    Dec 30 17:36:40 kernel: uhub0: 2 ports with 2 removable, self powered
    Dec 30 17:36:40 kernel: pci0: <serial bus,="" smbus="">at device 31.3 (no driver attached)
    Dec 30 17:36:40 kernel: uhci1: <intel 82801ba="" bam="" (ich2)="" usb="" controller="" usb-b="">port 0xff60-0xff7f irq 23 at device 31.4 on pci0
    Dec 30 17:36:40 kernel: uhci1: [GIANT-LOCKED]
    Dec 30 17:36:40 kernel: uhci1: [ITHREAD]
    Dec 30 17:36:40 kernel: usb1: <intel 82801ba="" bam="" (ich2)="" usb="" controller="" usb-b="">on uhci1
    Dec 30 17:36:40 kernel: usb1: USB revision 1.0
    Dec 30 17:36:40 kernel: uhub1: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usb1
    Dec 30 17:36:40 kernel: uhub1: 2 ports with 2 removable, self powered
    Dec 30 17:36:40 kernel: pci0: <multimedia, audio="">at device 31.5 (no driver attached)
    Dec 30 17:36:40 kernel: speaker0: <pc speaker="">port 0x61 on acpi0
    Dec 30 17:36:40 kernel: fdc0: <floppy drive="" controller="">port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0
    Dec 30 17:36:40 kernel: fdc0: [FILTER]
    Dec 30 17:36:40 kernel: fd0: <1440-KB 3.5" drive> on fdc0 drive 0
    Dec 30 17:36:40 kernel: sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
    Dec 30 17:36:40 kernel: sio0: type 16550A
    Dec 30 17:36:40 kernel: sio0: [FILTER]
    Dec 30 17:36:40 kernel: sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0
    Dec 30 17:36:40 kernel: sio1: type 16550A
    Dec 30 17:36:40 kernel: sio1: [FILTER]
    Dec 30 17:36:40 kernel: cpu0: <acpi cpu="">on acpi0
    Dec 30 17:36:40 kernel: p4tcc0: <cpu frequency="" thermal="" control="">on cpu0
    Dec 30 17:36:40 kernel: pmtimer0 on isa0
    Dec 30 17:36:40 kernel: orm0: <isa option="" rom="">at iomem 0xc0000-0xc7fff pnpid ORM0000 on isa0
    Dec 30 17:36:40 kernel: atkbdc0: <keyboard controller="" (i8042)="">at port 0x60,0x64 on isa0
    Dec 30 17:36:40 kernel: atkbd0: <at keyboard="">irq 1 on atkbdc0
    Dec 30 17:36:40 kernel: kbd0 at atkbd0
    Dec 30 17:36:40 kernel: atkbd0: [GIANT-LOCKED]
    Dec 30 17:36:40 kernel: atkbd0: [ITHREAD]
    Dec 30 17:36:40 kernel: sc0: <system console="">at flags 0x100 on isa0
    Dec 30 17:36:40 kernel: sc0: VGA <16 virtual consoles, flags=0x300>
    Dec 30 17:36:40 kernel: vga0: <generic isa="" vga="">at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
    Dec 30 17:36:40 kernel: Timecounter "TSC" frequency 1694509096 Hz quality 800
    Dec 30 17:36:40 kernel: Timecounters tick every 1.000 msec
    Dec 30 17:36:40 kernel: IPsec: Initialized Security Association Processing.
    Dec 30 17:36:40 kernel: ad0: 152627MB <seagate st3160023a="" 8.01="">at ata0-master UDMA100
    Dec 30 17:36:40 kernel: acd0: CDRW <hl-dt-st rw="" dvd="" gcc-4480b="" 1.03="">at ata1-master UDMA33
    Dec 30 17:36:40 kernel: Trying to mount root from ufs:/dev/ad0s1a
    Dec 30 17:36:41 kernel: pflog0: promiscuous mode enabled
    Dec 30 17:36:50 php: : SQUID is installed but not started. Not installing redirect rules.
    Dec 30 17:36:50 php: : SQUID is installed but not started. Not installing redirect rules.
    Dec 30 17:36:52 pftpx[604]: listening on 127.0.0.1 port 8021
    Dec 30 17:36:52 pftpx[604]: listening on 127.0.0.1 port 8021
    Dec 30 17:36:52 pftpx[628]: listening on 127.0.0.1 port 8022
    Dec 30 17:36:52 pftpx[628]: listening on 127.0.0.1 port 8022
    Dec 30 17:36:54 dnsmasq[726]: started, version 2.45 cachesize 150
    Dec 30 17:36:54 dnsmasq[726]: compile time options: IPv6 GNU-getopt BSD-bridge ISC-leasefile no-DBus no-I18N TFTP
    Dec 30 17:36:54 dnsmasq[726]: reading /etc/resolv.conf
    Dec 30 17:36:54 dnsmasq[726]: using nameserver #53
    Dec 30 17:36:54 dnsmasq[726]: using nameserver #53
    Dec 30 17:36:54 dnsmasq[726]: read /etc/hosts - 2 addresses
    Dec 30 17:36:54 php: : DynDns: Running updatedns()
    Dec 30 17:36:54 php: : DynDns: updatedns() starting
    Dec 30 17:36:54 php: : DynDns: _detectChange() starting.
    Dec 30 17:36:54 php: : DynDns: Current WAN IP:
    Dec 30 17:36:55 php: : DynDns: Cached IP:
    Dec 30 17:36:55 php: : phpDynDNS: No Change In My IP Address and/or 25 Days Has Not Past. Not Updating Dynamic DNS Entry.
    Dec 30 17:36:57 php: : SQUID is installed but not started. Not installing redirect rules.
    Dec 30 17:36:57 php: : SQUID is installed but not started. Not installing redirect rules.
    Dec 30 17:37:01 php: : Creating rrd update script
    Dec 30 17:37:03 php: : Resyncing configuration for all packages.
    Dec 30 17:37:04 php: : Reloading Squid for configuration sync
    Dec 30 17:37:07 last message repeated 5 times
    Dec 30 17:37:08 php: : Starting Squid
    Dec 30 17:37:08 php: : The OpenVPN-Enhancements package is missing required dependencies and must be reinstalled.
    Dec 30 17:37:08 last message repeated 3 times
    Dec 30 17:37:08 squid[1311]: Squid Parent: child process 1313 started
    Dec 30 17:37:08 php: : The OpenVPN-Enhancements package is missing required dependencies and must be reinstalled.
    Dec 30 17:37:08 php: : Could not locate /usr/local/pkg/ovpnenhance.inc.
    Dec 30 17:37:09 php: : Beginning package installation for OpenVPN-Enhancements.
    Dec 30 17:37:17 check_reload_status: check_reload_status is starting
    Dec 30 17:37:17 check_reload_status: rc.newwanip starting
    Dec 30 17:37:17 clamd[1396]: Not supported data format
    Dec 30 17:37:17 havp[1413]: === Starting HAVP Version: 0.88
    Dec 30 17:37:17 havp[1413]: === Mandatory locking disabled! KEEPBACK settings not used!
    Dec 30 17:37:17 havp[1413]: Running as user: havp, group: havp
    Dec 30 17:37:17 havp[1413]: –- Initializing Clamd Socket Scanner
    Dec 30 17:37:18 php: : Informational: rc.newwanip is starting dc0.
    Dec 30 17:37:18 php: : rc.newwanip working with (IP address:) (interface: wan) (interface real: dc0).
    Dec 30 17:37:20 login: login on ttyv0 as root
    Dec 30 17:38:17 havp[1413]: Clamd: Could not connect to scanner! Scanner down?
    Dec 30 17:38:17 havp[1413]: ERROR: Clamd Socket Scanner failed EICAR virus test! (Could not connect to scanner socket)


    </hl-dt-st></seagate></generic></system></at></keyboard></isa></cpu></acpi></floppy></pc></multimedia,></intel></intel></intel></serial></intel></intel></intel></ata></ata></intel></isa></pci-isa></generic></mii>



  • Yuck, looks like there are other things messed up.  Might want to bite the bullet and reinstall?



  • anything you see in the log or print screen I sent to you looks really bad?  I am just curious what caused it I have only had pfsense running for about 7 days.



  • Just some of the messages about squid and dependencies being wrong and such.  If those are wrong, who knows what else?



  • well i reinstalled pfsense and it worked i install squid, squidguard and then havp.  The first time i installed havp and installed squid and then uninstalled and installed it a few times.  But now the service is running thx for your help.



  • good to hear!


Log in to reply