Dansguardian issues on 2.1 (service status and others)



  • Dansguardian installs, but it keeps complaining about a missing AV database, and that it's going to run freshclam due to that. Of course, that doesn't seem to succeed, otherwise, I wouldn't get that message over and over, and instead would get it once, then the database would get downloaded, and that would be that.

    Not sure if this is a 2.1 issue, or a general problem with the Dansguardian package.

    Also, even though enabled, it never shows as active in the Dashboard's Services Status section, but obviously it must be doing something, otherwise it wouldn't complain about the lack of the AV database…

    So something is certainly still funky with that package.


  • Rebel Alliance Developer Netgate

    OK, I think there is already a thread for Dansguardian on 2.1 out there, if not, start a fresh one for that, that'll need the maintainer to fix it.



  • ~~I entered a fake user/system on the configuration page, and selected the interface to listen on.

    There's no other "enable/disable" checkmark, so I assume that should activate things.
    On the dashboard, it shows up as inactive.
    Manually starting the service from the Dashboard doesn't change anything.~~

    Not sure how this got into this thread, this section is about widentd, not Dansguardian.


  • Rebel Alliance Developer Netgate

    I split this off into its own thread, hopefully the maintainer will spot it and find a fix for you.



  • @rcfa:

    I entered a fake user/system on the configuration page, and selected the interface to listen on.

    There's no other "enable/disable" checkmark, so I assume that should activate things.
    On the dashboard, it shows up as inactive.
    Manually starting the service from the Dashboard doesn't change anything.

    what do you mean by user/system? I dont have AV enabled, but Dansguardian is enabled and running. My dashboard and services show that they are running.. What happens if you disable AV?



  • Note: that one paragraph wasn't about Dansguardian, no idea how it got into this thread, it's about widentd.

    Still, the rest applies. Also with AV disabled, Dansguardian won't start. The syslog shows these:

    Jun 25 17:26:38 dansguardian[12003]: Error parsing the dansguardian.conf file or other DansGuardian configuration files
    Jun 25 17:26:23 dansguardian[29500]: Error parsing the dansguardian.conf file or other DansGuardian configuration files
    Jun 25 17:26:22 php: /pkg_edit.php: Starting Dansguardian

    Does this ring a bell?



  • Try to start it on console or run dansguardian in foreground.



  • @marcelloc:

    Try to start it on console or run dansguardian in foreground.

    This is all I get:

    root(2): dansguardian
    std::bad_alloc
    Error parsing the dansguardian.conf file or other DansGuardian configuration files
    root(3):



  • Someone might have hit the reason of this problem:

    http://forum.pfsense.org/index.php/topic,50688.msg271304.html#msg271304

    Incompatible pcre versions required by snort vs. dansguardian.



  • @rcfa:

    Someone might have hit the reason of this problem:

    http://forum.pfsense.org/index.php/topic,50688.msg271304.html#msg271304

    Incompatible pcre versions required by snort vs. dansguardian.

    I have them both running on my 2.1 box.. Snort was re-installed last

    found the issue with clamav…
    directories and permissions are not setup when the package is install

    when manually running freshclam

    
    ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
    ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
    ERROR: Can't change dir to /var/db/clamav
    
    

    I manually added the folders and started dansguardian.. its in the process of running freshclam right now.. For now I gave the folders 777 permission root/wheel.. Think it needs to be user/group clamav but figured you can't go wrong with 777.

    another issue is the linking of files between /usr/local/etc/dansguardian and /usr/pbi/dansguardian-i386/etc/dansguardian

    Also have to create folder /var/run/clamav but the package isn't starting clamd. I am able to manually start it via command line tho


  • Rebel Alliance Developer Netgate

    for the service status, what does this show:

    ps uxawww | grep -i dansguardian



  • @jimp:

    for the service status, what does this show:

    ps uxawww | grep -i dansguardian

    At this point, here, nothing, because it's not running…
    ...I guess something must try to launch it once or multiple times after a reboot or settings change => the messages
    ...but then I guess it dies and/or gives up, because there's no running process later on.



  • @rcfa:

    @jimp:

    for the service status, what does this show:

    ps uxawww | grep -i dansguardian

    At this point, here, nothing, because it's not running…
    ...I guess something must try to launch it once or multiple times after a reboot or settings change => the messages
    ...but then I guess it dies and/or gives up, because there's no running process later on.

    anything in your log? A while back on 2.0.1, it would die because squid wasn't running or was slow to start.. But that was corrected



  • @Cino:

    anything in your log? A while back on 2.0.1, it would die because squid wasn't running or was slow to start.. But that was corrected

    Nothing beyond what I had posted before below:
    @rcfa:

    The syslog shows these:

    Jun 25 17:26:38 dansguardian[12003]: Error parsing the dansguardian.conf file or other DansGuardian configuration files
    Jun 25 17:26:23 dansguardian[29500]: Error parsing the dansguardian.conf file or other DansGuardian configuration files
    Jun 25 17:26:22 php: /pkg_edit.php: Starting Dansguardian

    Does this ring a bell?



  • Dansguardian does not start because a problem with the log file path (dansguardian missing in that path name). See console output :

    Error opening/creating log file. (check ownership and access rights).
    I am running as nobody and I am trying to open /var/log//access.log

    Any ideas ?



  • @Macom2007:

    I am running as nobody and I am trying to open /var/log//access.log

    check and save all package gui tabs, this error shows a missing dansguardian dir on log file

    /var/log//access.log should be /var/log/dansguardian/access.log



  • Thx for your reply.

    I saved every gui tab. No luck so var. Why is DG trying to write to /var/log//access.log. I my dansguardian.conf the log path is /var/log/dansguardian/ ?



  • @Macom2007:

    Why is DG trying to write to /var/log//access.log?

    Not sure. I have dansguardian working on 2.1 but I'll check it this week (If I have time  :))



  • @Macom2007:

    Dansguardian does not start because a problem with the log file path (dansguardian missing in that path name). See console output :

    Error opening/creating log file. (check ownership and access rights).
    I am running as nobody and I am trying to open /var/log//access.log

    Any ideas ?

    Any news on this ?



  • Current package version has 2.1 folder check but pbi package was built with pcre8.3.

    This pcre version breaks dansguardian.

    You can try on your install, but I'm not sure if it  will work.

    /usr/local/etc/rc.d/dansguardian.sh start

    kern.ipc.somaxconn: 16384 -> 16384
    kern.maxfiles: 131072 -> 131072
    kern.maxfilesperproc: 104856 -> 104856
    kern.threads.max_threads_per_proc: 4096 -> 4096
    Starting dansguardian.
    std::bad_alloc <= Pcre issue
    Error parsing the dansguardian.conf file or other DansGuardian configuration files



  • Thx for your response. Your suggestion does not work. See output :

    /usr/local/etc/rc.d/dansguardian.sh start

    kern.ipc.somaxconn: 16384 -> 16384
    kern.maxfiles: 131072 -> 131072
    kern.maxfilesperproc: 104856 -> 104856
    kern.threads.max_threads_per_proc: 4096 -> 4096
    Starting dansguardian.
    Error opening/creating log file. (check ownership and access rights).
    I am running as nobody and I am trying to open /var/log/dansguardian/access.log



  • did you saved dansguardian config on gui after package reinstall?



  • @marcelloc:

    did you saved dansguardian config on gui after package reinstall?

    Yes, I did. The error stays :-(



  • Uninstall and reinstall too? my setup went fine(except for pcre) with 2.1 package install.



  • @marcelloc:

    Uninstall and reinstall too? my setup went fine(except for pcre) with 2.1 package install.

    I uninstalled, installed dansguardian and than i did this :

    chown nobody:nobody /var/log

    Now it is running, but i am not sure if this affects other packages ?



  • I have a similar issue. I just installed Dansguardian today to try and get it up and running. The service won't start. E.g.:

    @marcelloc:

    check and save all package gui tabs, this error shows a missing dansguardian dir on log file

    /var/log//access.log should be /var/log/dansguardian/access.log

    I checked and saved all package gui tabs and get this:

    and similar directory path errors when pfSense is booting up.

    On the Dansguardian General tab, the SSL section looks like this:

    I set up certs for when I opened OpenVPN access to my box, so I can remotely admin it using a tablet. But nothing is set on Dansguardian. I'm pretty much trying default settings. E.g., here is my Groups setting:

    Nothing about SSL filtering. Or am I looking in the wrong spot?

    Also, as I save each Dansguardian tab starting from the left, the system log looks like this:

    Until I get to the Access Control List and get the error in the second image that made me investigate further and prompted me to post this thread reply.

    BTW, I have Dansguardian's built-in antivirus setting disabled since I already had Havp installed and running.

    Any advice on how to get this working? It's not a showstopper for me - I can go back to SquidGuard/Squid/Havp but I wanted to try Squid/Dansguardian to see how it compared.



  • try to force file permissions alerted in logs and see if cert dir exists.


Log in to reply