How can i make sure that HAVP antivirus is running on my pfsense ?
-
Hi everyone,
Does pfsense support any anti-virus and anti-spam ?i have installed HAVP antivirus (proxy) on my pfsense 1.2.3-RELEASE from the packages available. The status its showing is running, does it really works ? How can i make sure that it is running and working properly. The log i got from it== "this is the system log"
havp[26527]: Process ID: 26527
havp[26526]: –- All scanners initialized
havp[26526]: Clamd Socket Scanner passed EICAR virus test (Eicar-Test-Signature)
havp[26526]: –- Initializing Clamd Socket Scanner
havp[26526]: Running as user: havp, group: havp
havp[26526]: === Mandatory locking disabled! KEEPBACK settings not used!
havp[26526]: === Starting HAVP Version: 0.91
php: /pkg_edit.php: Reloading Squid for configuration sync
php: /pkg_edit.php: Starting HAVP
syslogd: kernel boot file is /boot/kernel/kernel
syslogd: exiting on signal 15
havp[24069]: Process ID: 24069
havp[24068]: –- All scanners initialized
havp[24068]: Clamd Socket Scanner passed EICAR virus test (Eicar-Test-Signature)
havp[24068]: –- Initializing Clamd Socket Scanner Nov 16 06:20:32 havp[24068]: Running as user: havp, group: havp
havp[24068]: === Mandatory locking disabled! KEEPBACK settings not used!
havp[24068]: === Starting HAVP Version: 0.91
check_reload_status: reloading filter
php: /pkg_edit.php: Reloading Squid for configuration sync
php: /pkg_edit.php: Starting HAVP
php: : Processing -
php: : Processing start -
php: : Processing re0 - start
check_reload_status: rc.linkup starting
kernel: re0: link state changed to UP
php: : Processing -
php: : Processing start -
php: : Processing re0 - start
check_reload_status: rc.linkup starting
kernel: re0: link state changed to DOWN
kernel: re0: link state changed to UP
php: : Processing -
php: : Processing start -
php: : Processing re0 - start
check_reload_status: rc.linkup starting
kernel: re0: link state changed to DOWN
kernel: re0: link state changed to UP
php: : Processing -
php: : Processing start -
php: : Processing re0 - start
kernel: re0: link state changed to DOWN
check_reload_status: rc.linkup starting
kernel: re0: link state changed to UP
kernel: re0: link state changed to DOWN
php: : Processing -
php: : Processing start -
php: : Processing re0 - start
php: : Processing start - re0
php: : Processing re0 - start
check_reload_status: rc.linkup starting
kernel: re0: link state changed to UP
kernel: re0: link state changed to DOWN
kernel: re0: link state changed to UP
kernel: re0: link state changed to DOWN
dnsmasq[561]: reading /var/dhcpd/var/db/dhcpd.leases
kernel: re1: promiscuous mode disabled
kernel: re1: promiscuous mode enabled
php: /antivirus.php: Antivirus: Starting file '/var/db' scanner. Log file is '/var/log/clamscan.log'. Wait 5-10 minutes.
syslogd: kernel boot file is /boot/kernel/kernelresponse is appreciated.
Thanks in advance.
NM04 -
Try to download EICAR here: http://www.eicar.org/anti_virus_test_file.htm
If HAVP is working, the download will be blocked. -
thanks jonh for your response, but HAVP is not working. Is there any way through which i can make it operate..?
One more thing, HAVP is an antivirus proxy, so does it really works as an antivirus or it pretends…?
Regards,
NM04 -
Now i enabled freshclam and clamd in the rc.conf file and then executed the freshclam command at the command line, what i got is this:
main.cvd is up to date (version:53, sigs: 846214 , f-level:53, builder:sven)
WARNING: Current functionality level = 44, recommended = 53
Please check if ClamAV tools are linked up against the proper version of libclamav
any one who went through this…?
any response is appreciated.Regards,
NM04 -
one more points i am concerned about is this :
havp[8540]: Process ID: 8540
Nov 17 12:00:43 havp[8539]: –- All scanners initialized
Nov 17 12:00:43 havp[8539]: Clamd Socket Scanner passed EICAR virus test (Eicar-Test-Signature)
Nov 17 12:00:43 havp[8539]: –- Initializing Clamd Socket Scanner
Nov 17 12:00:43 havp[8539]: Use parent proxy: 10.10.10.1:3128
Nov 17 12:00:43 havp[8539]: Running as user: havp, group: havp
Nov 17 12:00:43 havp[8539]: === Mandatory locking disabled! KEEPBACK settings not used!
Nov 17 12:00:43 havp[8539]: === Starting HAVP Version: 0.91
Nov 17 11:52:57 dnsmasq[556]: reading /var/dhcpd/var/db/dhcpd.leases
Nov 17 11:45:25 freshclam[4905]: Current functionality level = 44, recommended = 53
Nov 17 11:45:25 freshclam[4905]: Current functionality level = 44, recommended = 54
Nov 17 11:45:25 freshclam[4905]: Current functionality level = 44, recommended = 53
Nov 17 11:07:01 freshclam[61197]: Current functionality level = 44, recommended = 53
Nov 17 11:07:01 freshclam[61197]: Current functionality level = 44, recommended = 54
Nov 17 11:07:01 freshclam[61197]: Your ClamAV installation is OUTDATED!
Nov 17 11:06:59 freshclam[61197]: Current functionality level = 44, recommended = 53
Nov 17 11:06:59 freshclam[61197]: Can't download daily.cvd from clamav.mirror.ayudahosting.com.au
Nov 17 11:06:58 freshclam[61197]: Incremental update failed, trying to download daily.cvd
Nov 17 11:06:58 last message repeated 2 times
Nov 17 11:06:58 freshclam[61197]: getpatch: Can't download daily-12274.cdiff from clamav.mirror.ayudahosting.com.au
Nov 17 11:06:57 freshclam[61197]: Current functionality level = 44, recommended = 53
Nov 17 11:06:52 freshclam[61197]: Can't download daily.cvd from clamav.mirror.ayudahosting.com.au
Nov 17 11:06:51 freshclam[61197]: Incremental update failed, trying to download daily.cvdin this log its showing ===Your ClamAV installation is OUTDATED!
how do i resolve this…?
thanks in advance,
NM04 -
hi all,
i updated my clamav to 0.95.3 but still it gives the same error :Your Clamav installation is OUTDATED !
and also :freshclam[26345]: Current functionality level = 44, recommended = 53
Nov 19 08:59:43 freshclam[26345]: Current functionality level = 44, recommended = 54
Nov 19 08:59:43 freshclam[26345]: Current functionality level = 44, recommended = 53can any one help…!!
thanks,
NM04