HAVP is failing the eicar test.



  • hi all,
            my pfsense is failing the eicar test, any suggestions what should i do.
    my pfsense version is 1.2.3, HAVP 0.91 and clamav-0.95.3

    i did executed the freshclam command on the shell, but it always gets the warnings, one more thing it shows :

    =======Please check if ClamAV tools are linked against the proper version of libclamav======= what does this mean….??
    Any help is appreciated.

    Thanks & Regards,
    NM04



  • Deinstall HAVP and check from cmd pkg_info. If HAVP or any CLAM is present - ten remove its manually with cmd pkg_delete.
    Then install HVAP from GUI new.



  • thanks for the reply dvserg but i did the same earlier…. but still its failing the test.
    i don't get the meaning of Please check if ClamAV tools are linked against the proper version of libclamav.



  • this is the log when i start the havp:

    havp[4534]: Process ID: 4534
    Nov 23 10:39:14 havp[4533]: –- All scanners initialized
    Nov 23 10:39:14 havp[4533]: Clamd Socket Scanner passed EICAR virus test (Eicar-Test-Signature)
    Nov 23 10:39:14 havp[4533]: –- Initializing Clamd Socket Scanner
    Nov 23 10:39:14 havp[4533]: Use parent proxy: 192.168.1.1:3128
    Nov 23 10:39:14 havp[4533]: Running as user: havp, group: havp
    Nov 23 10:39:14 havp[4533]: === Mandatory locking disabled! KEEPBACK settings not used!
    Nov 23 10:39:14 havp[4533]: === Starting HAVP Version: 0.91



  • ???
    And what you are confused here?
    Clamd Socket Scanner passed EICAR virus test (Eicar-Test-Signature)



  • the havp should block the site http://www.eiacr.org and any of downloads from this site. But it is not blocking the access and downloads to/from this site. That is why i am confused.



  • @NM04:

    the havp should block the site http://www.eiacr.org

    No, dont should.
    The HAVP should block downloades from this page only http://www.eicar.org/anti_virus_test_file.htm - this is a test signature.
    The HAVP not blocking clean pages - only viruses content.



  • Sir,
        thanks for your immediate response, but it is not blocking those downloads. What should i do now ?



  • @NM04:

    Sir,
         thanks for your immediate response, but it is not blocking those downloads. What should i do now ?

    Ок.
    Do you have squid in system? How configured squid & havp.



  • Sir,
            yes i do have squid in the system. But i have disabled it. Iwill show u the settings.

    Antivirus: HTTP proxy (havp + clamav)

    Proxy mode: Parent for squid
    Enable Forwarded IP: yes (checked)
    Enable X-Forwarded-For: no (unchecked)
    Block file if error scanning:yes (checked)
    Scan images:yes
    Scan media stream:yes

    SQUID:
    Proxy server: General settings

    Transparent proxy:no(unchecked)
    Allow users on interface:yes(checked)
    Suppress Squid Version:yes (checked)
    REST ARE UNCHECKED.



  • Oh, you must enable squid. As you can see, havp is parent for squid. So it cannot work as expected. Good luck!



  • @NM04:

    Proxy mode: Parent for squid

    !
    You take pages from the squid.
    For test:
    1. Set HAVP normal mode
    2. Squid don't must have transparent mode
    3. Setup you browser to the HAVP proxy use (IP/Port)
    4. Test EICAR site to download.



  • hi all,
            thanks dvserg and igor for your response, i applied the suggestions of your, but unfortunately its still not working…
    now i am trying to reinstall it. I did the uninstall first from WebGUI and from the command both. Now can any one tell me from where to reinstall it WebGUI or shell..??

    Regards,
    NM04



  • hi all,
            i reinstalled the havp from shell (uninstalled from WEBGUI and shell), and now can any one tell me how start havp through shell ?

    Thanks & Regards,
    NM04



  • hi all,
            The installation for HAVP from shell was a success, it didn't gave any errors. But when i executed freshclam it gave the following error:

    /libexec/ld-elf.so.1:Shared object "libbz2.so.4" not found, required by "freshclam"

    what should i do now ?
    Thanks in advance.
    NM04



  • take a look at a libbz2.so.*, maybe you have a libbz2.so.3 or similar. Symlink that found version to the missing one and test again. Should help. Afterwards you will likely get new errors stating missing libs. Do the same with that corresponding errors. Test again. Good luck!



  • hi all,
          thanks igor for suggestion, but i am new to this pfsense, and i don't know where that file (libbz2.so) exists. Please help me to make havp work on my pfsense.
    If i install it from the webgui it installs the older version of havp which runs but fails the eicar test, and if installed from the shell it installs the latest version but don't runs and gives that error mentioned in previous post. If possible for any one please give me a step by step procedure for havp. Though i have tried everything in my scope of knowledge, but nothing worked for me.

    Regards,
    NM04



  • igor u were right i have libbz2.so which is linked to libbz2.so.3, and both are present, but i can't find the libbz2.so.4( the missing one), there is no such file by the name libbz2.so.4 . What should i do now ?


Log in to reply