Few HAVP Issues

  • Hello,
    HAVP was working fine on my system till recently.

    Was getting this error in the logs
    (clamd), uid 0: exited on signal 11
    At that point, i turned off HAVP

    When i went back to test again and started HAVP, the error disappeared.
    HAVP would start to block eicar test files again. BUT, eicarcom2.zip would now pass HAVP. Before it was always blocked.

    I rebooted the system and when it came backup, HAVP service was running, nothing was being blocked when testing all the eicar files. (i could however browse the internet)

    Had to go into HAVP config and hit save and it seem to start blocking again…but eicarcom2.zip still does not get blocked.

    I did have this problem before, but i rebuilt the box.

    Thanks in advance.

    HAVP .0.90
    PF 1.2.3

    EDIT: After another reboot nothing is blocked. Everything is on. PLS see image. thx
    looks like someone else might have had the same problem here http://forum.pfsense.org/index.php/topic,24027.0.html

  • this post comment removed. problem is still what is listed above

  • Very strange with some things that are happening

    I am getting different scan results with different browsers

    See the pick below…. Same file, using IE the file can be downloaded. With FireFox it was Blocked

    Now, i can get different results with different Virus test files. FireFox might let a file go, and IE will block it.

    Good example,
    This site now never blocks files from FireFox
    But IE will block all but eicarcom2.zip

    I am also using Squid and Squid Guard.

  • You have cached result.

  • thanks Dvserg,

    hmmm, I never noticed this before in my testing

    Files would just be blocked all the time when ever i tested….IE and FF

    So which is cached, the block result or non blocking result.
    Either way, isn't that a little dangerous if a cache will let some files go?
    How can the cache be cleared?

    Thanks again for your help.

  • I will assume that this is the cache for HAVP/Squid?
    I just tested on a different computer and things are getting by HAVP.
    (testing with same test pages)

    Now, some things will get blocked…but others are not.

    I cleared all cache from IE and FF before testing.

Log in to reply