HAVP broken in 2.0?



  • I had been using fine with 1.2.3.  I upgraded to 2.0 using snapshot from yesterday.  Has been working fine, including squid/lightsquid.  So I went to add havp putting it upstream from squid like before.  Won't start and won't initialize clamav.  Looking at /var/log/system, I see things like this:

    
    Apr 22 07:04:48 gateway php: /pkg_edit.php: The command 'chgrp -R -v havp /usr/local/share/examples/havp/templates_ex' returned exit code '1', the output was 'chgrp: /usr/local/share/examples/havp/templates_ex: No such file or directory'
    Apr 22 07:04:48 gateway php: /pkg_edit.php: The command 'chown -R -v havp /usr/local/share/examples/havp/templates_ex' returned exit code '1', the output was 'chown: /usr/local/share/examples/havp/templates_ex: No such file or directory'
    
    

    Any ideas?



  • Wait while will updated. Nearest time..



  • Thanks!



  • Try new install/reinstall havp package.



  • Same problem.  And now, also seeing this:

    
    Apr 22 10:25:43 gateway clamd[22347]: Can't open file or directory
    Apr 22 10:25:45 gateway php: : The command '/sbin/pfctl -nf /tmp/rules.packages' returned exit code '1', the output was '/tmp/rules.packages:2: syntax error'
    Apr 22 10:25:45 gateway php: : There was an error while parsing the package filter rules for /usr/local/pkg/havp.inc.
    
    


  • The rules message seems to be because /tmp/rules.packages is empty (zero length).



  • @danswartz:

    The rules message seems to be because /tmp/rules.packages is empty (zero length).

    Thx for diagnostic msg. I now test this package too.



  • Now HAVP in 2.0 not worked.  :-[



  • While I am disappointed it is broken in 2.0, I am also relieved, since I now know I am not crazy :)  e.g. this all worked fine on my previous 1.2.3 install.  I will be more than happy to test any proposed fixes to the package.



  • I found problem - it's socket settiings. No i must solve this
    But 1.2.3 worked - i tested too



  • On clean 2.0 installed from Live CD worked.



  • Okay, I reinstalled havp and it didn't work, but then I disabled and re-enabled it and now it seems to be okay.



  • Well, I spoke too soon :(  Althought everything seemed up and running, an eicar test failed.  I could see squid was not actually talking to havp, so I tried removing havp and giving up.  Net result: no squid either.  Then I tried uninstalling squid and that left things totally borked.  I ended up having to reinstall from scratch and reload the config file.  I've not had good results with packages that depend on other packages, so I think I'm going to look for another solution (maybe run squid/lightsquid/havp on my main freebsd server and set up an rdr to that - dunno…)



  • After instalaltion HAVP need update AV bases (last tab GUI). This is process take 10-15 min for the new installation. Now i change this for automatic update on installation. Also need modify package for full compability with 2.0

    ps
    I have had several unsuccessful attempts to upgrade from 1.2.3 to 2.0. So now all I do on a fresh 2.0



  • Let me clarify: this might or might not have worked, if I had waited as you say (I wasn't aware of that.)  What got me to give up on this was the apparent fragility of some packages that are linked to others.  I have never had very good luck when it comes to restoring a config, where it has to reinstall the packages.  In this case, uninstalling got things totally borked, so I gave up.  It may not even have been havp, but maybe squid or lightsquid, I don't know.



  • Syslog; /var/log/clamd/clamd.log; /var/log/clamd/freshclam.log; /var/log/havp/havp.log; exists?
    Please email me.



  • Sorry, I appreciate the help, but it is off the firewall now, as is squid and lightsquid.  After having to spend an hour re-installing from scratch, I don't want to bork this again :(



  • Okay, I think I found out one of the issues.  Squid uses the ldap client, but even after deleting squid, something still had a reference to it (a php file somewhere).  I had squid/lightsquid working fine, so I am re-installing those.  I already have a full clamav install on my main freebsd mail/file/web server, and it always seemed silly to be doing this twice, so I got the havp port working there too.  My atom mini has two spare gigabit ports, and the main server has a spare gigabit port, so I am going to connect those using a dedicated subnet and have pfsense/squid talk to havp running on the main server over that link.



  • I tried installing havp on nanobsd 2 beta.  I get a bunch of warnings and errors when trying to save settings.  Basically saying the it cannot open stream for writing.  It was the first package i installed on 2.0 beta.  Any ideas?



  • Post error message text pls.



  • Warning: file_put_contents(/usr/local/etc/havp/havp_conf.xml): failed to open stream: Read-only file system in /usr/local/pkg/havp.inc on line 560

    This displays when going to the Services/Antivirus tab.  I get a lot more errors when updating the settings:

    Warning: file_put_contents(/usr/local/etc/havp/havp_conf.xml): failed to open stream: Read-only file system in /usr/local/pkg/havp.inc on line 560 Warning: file_put_contents(/usr/local/etc/havp/havp_conf.xml): failed to open stream: Read-only file system in /usr/local/pkg/havp.inc on line 560 Warning: file_put_contents(/usr/local/etc/rc.d/havp_avupdate): failed to open stream: Read-only file system in /usr/local/pkg/havp.inc on line 413 Warning: fopen(/usr/local/etc/rc.d/havp.sh): failed to open stream: Read-only file system in /etc/inc/service-utils.inc on line 60 Warning: fwrite(): supplied argument is not a valid stream resource in /etc/inc/service-utils.inc on line 61 Warning: fclose(): supplied argument is not a valid stream resource in /etc/inc/service-utils.inc on line 62 Warning: chmod(): Read-only file system in /etc/inc/service-utils.inc on line 63 Warning: fopen(/usr/local/etc/rc.d/clamd): failed to open stream: Read-only file system in /etc/inc/service-utils.inc on line 60 Warning: fwrite(): supplied argument is not a valid stream resource in /etc/inc/service-utils.inc on line 61 Warning: fclose(): supplied argument is not a valid stream resource in /etc/inc/service-utils.inc on line 62 Warning: chmod(): Read-only file system in /etc/inc/service-utils.inc on line 63 Warning: file_put_contents(/usr/local/etc/havp/whitelist): failed to open stream: Read-only file system in /usr/local/pkg/havp.inc on line 314 Warning: file_put_contents(/usr/local/etc/havp/blacklist): failed to open stream: Read-only file system in /usr/local/pkg/havp.inc on line 315 Warning: file_put_contents(/usr/local/etc/clamd.conf): failed to open stream: Read-only file system in /usr/local/pkg/havp.inc on line 443 Warning: file_put_contents(/usr/local/etc/havp/havp.config): failed to open stream: Read-only file system in /usr/local/pkg/havp.inc on line 321 Warning: file_put_contents(/usr/local/etc/freshclam.conf): failed to open stream: Read-only file system in /usr/local/pkg/havp.inc on line 450 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/havp.inc:560) in /usr/local/www/pkg_edit.php on line 50

    I am running 2.0-BETA2
    built on Fri Jun 4 18:07:10 EDT 2010
    FreeBSD 8.1-PRERELEASE



  • failed to open stream: Read-only file system 
    

    I'm not sure that is the problem of the package. The report says about the impossibility of writing.
    Check your file system on the possibility of recording /usr/local/etc/havp.



  • Sorry, i am very new to pfsense.  What do you want me to do?  I do understand that when running nanobsd, the package has to set the compact flash card in a read/write mode when writing data, then resetting it to read only when finished.



  • Hm.. this package not for nano-BSD.



  • crap!  will it eventually be made for it?



  • @killervette:

    crap!  will it eventually be made for it?

    No. CF card has a limited resource read-write.



  • So i am now running pfsense on a hard drive. I am running 2.0 beta.  I installed havp but am having trouble.  If i set standard for the proxy, set the port to 8080, and then set firefox to use proxy 192.168.1.1:8080, the connections fail.  What am i doing wrong?



  • now trying 1.2.3 and still doesnt work


Locked