Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Squid 3.3.4 package for pfsense with ssl filtering

    Cache/Proxy
    72
    305
    194099
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pubmsu last edited by

      Anyone figured out how to do load-balancing of squid traffic for 2.1.x or 2.2 alpha?

      1 Reply Last reply Reply Quote 0
      • E
        eyditharen last edited by

        I already running squid3 ver 3.3.4, working normal can cache http/https with 1 interface ( use as proxy box ), how to  use squid3 working with mikrotik ..

        1 Reply Last reply Reply Quote 0
        • G
          gar2k last edited by

          new rds protocol 8.0 not work more, any ideas?

          1 Reply Last reply Reply Quote 0
          • X
            xtrgeo last edited by

            Hi,

            can anyone help me on why do I get "proxy refuses connection"??

            Squid3-dev package
            Squidguard3
            System Patch ->squidguard fix

            Configs:

            # This file is automatically generated by pfSense
            # Do not edit manually !
            
            http_port 10.66.106.65:8081
            icp_port 7
            dns_v4_first on
            pid_filename /var/run/squid.pid
            cache_effective_user proxy
            cache_effective_group proxy
            error_default_language el
            icon_directory /usr/pbi/squid-amd64/etc/squid/icons
            visible_hostname Proxy-
            cache_mgr it@skata.gr
            access_log /var/squid/logs/access.log
            cache_log /var/squid/logs/cache.log
            cache_store_log none
            netdb_filename /var/squid/logs/netdb.state
            pinger_enable on
            pinger_program /usr/pbi/squid-amd64/libexec/squid/pinger
            
            logfile_rotate 0
            debug_options rotate=0
            shutdown_lifetime 3 seconds
            # Allow local network(s) on interface(s)
            acl localnet src  10.66.106.64/26
            uri_whitespace strip
            
            acl dynamic urlpath_regex cgi-bin ?
            cache deny dynamic
            
            cache_mem 200 MB
            maximum_object_size_in_memory 1024 KB
            memory_replacement_policy heap GDSF
            cache_replacement_policy heap LFUDA
            cache_dir ufs /var/squid/cache 4096 16 256
            minimum_object_size 10 KB
            maximum_object_size 2048 KB
            offline_mode off
            cache_swap_low 85
            cache_swap_high 95
            cache allow all
            
            # No redirector configured
            
            #Remote proxies
            
            # Setup some default acls
            # From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.
            # acl localhost src 127.0.0.1/32
            acl allsrc src all
            acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 3127 1025-65535 
            acl sslports port 443 563  
            
            # From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.
            #acl manager proto cache_object
            
            acl purge method PURGE
            acl connect method CONNECT
            
            # Define protocols used for redirects
            acl HTTP proto HTTP
            acl HTTPS proto HTTPS
            acl allowed_subnets src 10.66.106.64/26
            http_access allow manager localhost
            
            # Allow external cache managers
            acl ext_manager src 10.66.106.65
            http_access allow manager ext_manager
            
            http_access deny manager
            http_access allow purge localhost
            http_access deny purge
            http_access deny !safeports
            http_access deny CONNECT !sslports
            
            # Always allow localhost connections
            # From 3.2 further configuration cleanups have been done to make things easier and safer. 
            # The manager, localhost, and to_localhost ACL definitions are now built-in.
            # http_access allow localhost
            
            request_body_max_size 0 KB
            delay_pools 1
            delay_class 1 2
            delay_parameters 1 -1/-1 -1/-1
            delay_initial_bucket_level 100
            delay_access 1 allow allsrc
            
            # Reverse Proxy settings
            
            # Package Integration
            url_rewrite_program /usr/pbi/squidguard-squid3-amd64/bin/squidGuard -c /usr/pbi/squidguard-squid3-amd64/etc/squidGuard/squidGuard.conf
            url_rewrite_bypass off
            url_rewrite_children 16 startup=8 idle=4 concurrency=0
            
            # Custom options before auth
            
            acl sglog url_regex -i sgr=ACCESSDENIED
            http_access deny sglog
            # Setup allowed acls
            # Allow local network(s) on interface(s)
            http_access allow allowed_subnets
            http_access allow localnet
            # Default block all to be sure
            http_access deny allsrc
            
            icap_enable on
            icap_send_client_ip on
            icap_send_client_username on 
            icap_client_username_encode off
            icap_client_username_header X-Authenticated-User
            icap_preview_enable on
            icap_preview_size 1024
            
            icap_service service_req reqmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav
            icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav
            
            adaptation_access service_req allow all
            adaptation_access service_resp allow all
            
            
            # ============================================================
            # SquidGuard configuration file
            # This file generated automaticly with SquidGuard configurator
            # (C)2006 Serg Dvoriancev
            # email: dv_serg@mail.ru
            # ============================================================
            
            logdir /var/squidGuard/log
            dbhome /var/db/squidGuard
            
            # 
            dest blk_BL_adv {
            	domainlist blk_BL_adv/domains
            	urllist blk_BL_adv/urls
            	log block.log
            }
            
            # 
            dest blk_BL_aggressive {
            	domainlist blk_BL_aggressive/domains
            	urllist blk_BL_aggressive/urls
            	log block.log
            }
            
            # 
            dest blk_BL_alcohol {
            	domainlist blk_BL_alcohol/domains
            	urllist blk_BL_alcohol/urls
            	log block.log
            }
            
            # 
            dest blk_BL_anonvpn {
            	domainlist blk_BL_anonvpn/domains
            	urllist blk_BL_anonvpn/urls
            	log block.log
            }
            
            # 
            dest blk_BL_automobile_bikes {
            	domainlist blk_BL_automobile_bikes/domains
            	urllist blk_BL_automobile_bikes/urls
            	log block.log
            }
            
            # 
            dest blk_BL_automobile_boats {
            	domainlist blk_BL_automobile_boats/domains
            	urllist blk_BL_automobile_boats/urls
            	log block.log
            }
            
            # 
            dest blk_BL_automobile_cars {
            	domainlist blk_BL_automobile_cars/domains
            	urllist blk_BL_automobile_cars/urls
            	log block.log
            }
            
            # 
            dest blk_BL_automobile_planes {
            	domainlist blk_BL_automobile_planes/domains
            	urllist blk_BL_automobile_planes/urls
            	log block.log
            }
            
            # 
            dest blk_BL_chat {
            	domainlist blk_BL_chat/domains
            	urllist blk_BL_chat/urls
            	log block.log
            }
            
            # 
            dest blk_BL_costtraps {
            	domainlist blk_BL_costtraps/domains
            	urllist blk_BL_costtraps/urls
            	log block.log
            }
            
            # 
            dest blk_BL_dating {
            	domainlist blk_BL_dating/domains
            	urllist blk_BL_dating/urls
            	log block.log
            }
            
            # 
            dest blk_BL_downloads {
            	domainlist blk_BL_downloads/domains
            	urllist blk_BL_downloads/urls
            	log block.log
            }
            
            # 
            dest blk_BL_drugs {
            	domainlist blk_BL_drugs/domains
            	urllist blk_BL_drugs/urls
            	log block.log
            }
            
            # 
            dest blk_BL_dynamic {
            	domainlist blk_BL_dynamic/domains
            	urllist blk_BL_dynamic/urls
            	log block.log
            }
            
            # 
            dest blk_BL_education_schools {
            	domainlist blk_BL_education_schools/domains
            	urllist blk_BL_education_schools/urls
            	log block.log
            }
            
            # 
            dest blk_BL_finance_banking {
            	domainlist blk_BL_finance_banking/domains
            	urllist blk_BL_finance_banking/urls
            	log block.log
            }
            
            # 
            dest blk_BL_finance_insurance {
            	domainlist blk_BL_finance_insurance/domains
            	urllist blk_BL_finance_insurance/urls
            	log block.log
            }
            
            # 
            dest blk_BL_finance_moneylending {
            	domainlist blk_BL_finance_moneylending/domains
            	urllist blk_BL_finance_moneylending/urls
            	log block.log
            }
            
            # 
            dest blk_BL_finance_other {
            	domainlist blk_BL_finance_other/domains
            	urllist blk_BL_finance_other/urls
            	log block.log
            }
            
            # 
            dest blk_BL_finance_realestate {
            	domainlist blk_BL_finance_realestate/domains
            	urllist blk_BL_finance_realestate/urls
            	log block.log
            }
            
            # 
            dest blk_BL_finance_trading {
            	domainlist blk_BL_finance_trading/domains
            	urllist blk_BL_finance_trading/urls
            	log block.log
            }
            
            # 
            dest blk_BL_fortunetelling {
            	domainlist blk_BL_fortunetelling/domains
            	urllist blk_BL_fortunetelling/urls
            	log block.log
            }
            
            # 
            dest blk_BL_forum {
            	domainlist blk_BL_forum/domains
            	urllist blk_BL_forum/urls
            	log block.log
            }
            
            # 
            dest blk_BL_gamble {
            	domainlist blk_BL_gamble/domains
            	urllist blk_BL_gamble/urls
            	log block.log
            }
            
            # 
            dest blk_BL_government {
            	domainlist blk_BL_government/domains
            	urllist blk_BL_government/urls
            	log block.log
            }
            
            # 
            dest blk_BL_hacking {
            	domainlist blk_BL_hacking/domains
            	urllist blk_BL_hacking/urls
            	log block.log
            }
            
            # 
            dest blk_BL_hobby_cooking {
            	domainlist blk_BL_hobby_cooking/domains
            	urllist blk_BL_hobby_cooking/urls
            	log block.log
            }
            
            # 
            dest blk_BL_hobby_games-misc {
            	domainlist blk_BL_hobby_games-misc/domains
            	urllist blk_BL_hobby_games-misc/urls
            	log block.log
            }
            
            # 
            dest blk_BL_hobby_games-online {
            	domainlist blk_BL_hobby_games-online/domains
            	urllist blk_BL_hobby_games-online/urls
            	log block.log
            }
            
            # 
            dest blk_BL_hobby_gardening {
            	domainlist blk_BL_hobby_gardening/domains
            	urllist blk_BL_hobby_gardening/urls
            	log block.log
            }
            
            # 
            dest blk_BL_hobby_pets {
            	domainlist blk_BL_hobby_pets/domains
            	urllist blk_BL_hobby_pets/urls
            	log block.log
            }
            
            # 
            dest blk_BL_homestyle {
            	domainlist blk_BL_homestyle/domains
            	urllist blk_BL_homestyle/urls
            	log block.log
            }
            
            # 
            dest blk_BL_hospitals {
            	domainlist blk_BL_hospitals/domains
            	urllist blk_BL_hospitals/urls
            	log block.log
            }
            
            # 
            dest blk_BL_imagehosting {
            	domainlist blk_BL_imagehosting/domains
            	urllist blk_BL_imagehosting/urls
            	log block.log
            }
            
            # 
            dest blk_BL_isp {
            	domainlist blk_BL_isp/domains
            	urllist blk_BL_isp/urls
            	log block.log
            }
            
            # 
            dest blk_BL_jobsearch {
            	domainlist blk_BL_jobsearch/domains
            	urllist blk_BL_jobsearch/urls
            	log block.log
            }
            
            # 
            dest blk_BL_library {
            	domainlist blk_BL_library/domains
            	urllist blk_BL_library/urls
            	log block.log
            }
            
            # 
            dest blk_BL_military {
            	domainlist blk_BL_military/domains
            	urllist blk_BL_military/urls
            	log block.log
            }
            
            # 
            dest blk_BL_models {
            	domainlist blk_BL_models/domains
            	urllist blk_BL_models/urls
            	log block.log
            }
            
            # 
            dest blk_BL_movies {
            	domainlist blk_BL_movies/domains
            	urllist blk_BL_movies/urls
            	log block.log
            }
            
            # 
            dest blk_BL_music {
            	domainlist blk_BL_music/domains
            	urllist blk_BL_music/urls
            	log block.log
            }
            
            # 
            dest blk_BL_news {
            	domainlist blk_BL_news/domains
            	urllist blk_BL_news/urls
            	log block.log
            }
            
            # 
            dest blk_BL_podcasts {
            	domainlist blk_BL_podcasts/domains
            	urllist blk_BL_podcasts/urls
            	log block.log
            }
            
            # 
            dest blk_BL_politics {
            	domainlist blk_BL_politics/domains
            	urllist blk_BL_politics/urls
            	log block.log
            }
            
            # 
            dest blk_BL_porn {
            	domainlist blk_BL_porn/domains
            	urllist blk_BL_porn/urls
            	log block.log
            }
            
            # 
            dest blk_BL_radiotv {
            	domainlist blk_BL_radiotv/domains
            	urllist blk_BL_radiotv/urls
            	log block.log
            }
            
            # 
            dest blk_BL_recreation_humor {
            	domainlist blk_BL_recreation_humor/domains
            	urllist blk_BL_recreation_humor/urls
            	log block.log
            }
            
            # 
            dest blk_BL_recreation_martialarts {
            	domainlist blk_BL_recreation_martialarts/domains
            	urllist blk_BL_recreation_martialarts/urls
            	log block.log
            }
            
            # 
            dest blk_BL_recreation_restaurants {
            	domainlist blk_BL_recreation_restaurants/domains
            	urllist blk_BL_recreation_restaurants/urls
            	log block.log
            }
            
            # 
            dest blk_BL_recreation_sports {
            	domainlist blk_BL_recreation_sports/domains
            	urllist blk_BL_recreation_sports/urls
            	log block.log
            }
            
            # 
            dest blk_BL_recreation_travel {
            	domainlist blk_BL_recreation_travel/domains
            	urllist blk_BL_recreation_travel/urls
            	log block.log
            }
            
            # 
            dest blk_BL_recreation_wellness {
            	domainlist blk_BL_recreation_wellness/domains
            	urllist blk_BL_recreation_wellness/urls
            	log block.log
            }
            
            # 
            dest blk_BL_redirector {
            	domainlist blk_BL_redirector/domains
            	urllist blk_BL_redirector/urls
            	log block.log
            }
            
            # 
            dest blk_BL_religion {
            	domainlist blk_BL_religion/domains
            	urllist blk_BL_religion/urls
            	log block.log
            }
            
            # 
            dest blk_BL_remotecontrol {
            	domainlist blk_BL_remotecontrol/domains
            	urllist blk_BL_remotecontrol/urls
            	log block.log
            }
            
            # 
            dest blk_BL_ringtones {
            	domainlist blk_BL_ringtones/domains
            	urllist blk_BL_ringtones/urls
            	log block.log
            }
            
            # 
            dest blk_BL_science_astronomy {
            	domainlist blk_BL_science_astronomy/domains
            	urllist blk_BL_science_astronomy/urls
            	log block.log
            }
            
            # 
            dest blk_BL_science_chemistry {
            	domainlist blk_BL_science_chemistry/domains
            	urllist blk_BL_science_chemistry/urls
            	log block.log
            }
            
            # 
            dest blk_BL_searchengines {
            	domainlist blk_BL_searchengines/domains
            	urllist blk_BL_searchengines/urls
            	log block.log
            }
            
            # 
            dest blk_BL_sex_education {
            	domainlist blk_BL_sex_education/domains
            	urllist blk_BL_sex_education/urls
            	log block.log
            }
            
            # 
            dest blk_BL_sex_lingerie {
            	domainlist blk_BL_sex_lingerie/domains
            	urllist blk_BL_sex_lingerie/urls
            	log block.log
            }
            
            # 
            dest blk_BL_shopping {
            	domainlist blk_BL_shopping/domains
            	urllist blk_BL_shopping/urls
            	log block.log
            }
            
            # 
            dest blk_BL_socialnet {
            	domainlist blk_BL_socialnet/domains
            	urllist blk_BL_socialnet/urls
            	log block.log
            }
            
            # 
            dest blk_BL_spyware {
            	domainlist blk_BL_spyware/domains
            	urllist blk_BL_spyware/urls
            	log block.log
            }
            
            # 
            dest blk_BL_tracker {
            	domainlist blk_BL_tracker/domains
            	urllist blk_BL_tracker/urls
            	log block.log
            }
            
            # 
            dest blk_BL_updatesites {
            	domainlist blk_BL_updatesites/domains
            	urllist blk_BL_updatesites/urls
            	log block.log
            }
            
            # 
            dest blk_BL_urlshortener {
            	domainlist blk_BL_urlshortener/domains
            	urllist blk_BL_urlshortener/urls
            	log block.log
            }
            
            # 
            dest blk_BL_violence {
            	domainlist blk_BL_violence/domains
            	urllist blk_BL_violence/urls
            	log block.log
            }
            
            # 
            dest blk_BL_warez {
            	domainlist blk_BL_warez/domains
            	urllist blk_BL_warez/urls
            	log block.log
            }
            
            # 
            dest blk_BL_weapons {
            	domainlist blk_BL_weapons/domains
            	urllist blk_BL_weapons/urls
            	log block.log
            }
            
            # 
            dest blk_BL_webmail {
            	domainlist blk_BL_webmail/domains
            	urllist blk_BL_webmail/urls
            	log block.log
            }
            
            # 
            dest blk_BL_webphone {
            	domainlist blk_BL_webphone/domains
            	urllist blk_BL_webphone/urls
            	log block.log
            }
            
            # 
            dest blk_BL_webradio {
            	domainlist blk_BL_webradio/domains
            	urllist blk_BL_webradio/urls
            	log block.log
            }
            
            # 
            dest blk_BL_webtv {
            	domainlist blk_BL_webtv/domains
            	urllist blk_BL_webtv/urls
            	log block.log
            }
            
            # 
            dest Cat-Custom {
            	domainlist Cat-Custom/domains
            	redirect http://10.64.132.104/error.php?a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
            	log block.log
            }
            
            # 
            dest Cat-Facebook {
            	domainlist Cat-Facebook/domains
            	redirect http://10.64.132.104/error.php?a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
            	log block.log
            }
            
            # 
            rew safesearch {
            	s@(google..*/search?.*q=.*)@&safe=active@i
            	s@(google..*/images.*q=.*)@&safe=active@i
            	s@(google..*/groups.*q=.*)@&safe=active@i
            	s@(google..*/news.*q=.*)@&safe=active@i
            	s@(yandex..*/yandsearch?.*text=.*)@&fyandex=1@i
            	s@(search.yahoo..*/search.*p=.*)@&vm=r&v=1@i
            	s@(search.live..*/.*q=.*)@&adlt=strict@i
            	s@(search.msn..*/.*q=.*)@&adlt=strict@i
            	s@(.bing..*/.*q=.*)@&adlt=strict@i
            	log block.log
            }
            
            # 
            acl  {
            	# 
            	default  {
            		pass !Cat-Custom !Cat-Facebook !blk_BL_drugs !blk_BL_gamble !blk_BL_hobby_games-misc !blk_BL_hobby_games-online !blk_BL_porn !blk_BL_sex_education !blk_BL_sex_lingerie !blk_BL_warez all
            		redirect http://10.64.132.104/error.php?a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
            		log block.log
            	}
            }
            
            1 Reply Last reply Reply Quote 0
            • A
              aGeekhere last edited by

              Hi all read through the whole post.

              I have transparent ssl filtering working however I am having issues with update servers like windows update, adobe creative cloud, google update, and others
              I tried to create an alias with some of the white listed links for windows updare however they are not working. Is there a better way to white list these update servers? because even if I get aliases working I have to manually find each server, find there link and add it to the aliases. Is there a better way for this? as there could be 100s of update servers in which would need to do this for.

              Thanks

              Never Fear, A Geek is Here!

              1 Reply Last reply Reply Quote 0
              • W
                webstor last edited by

                Hi xtrego,

                set the icap_service service_req reqmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav to
                icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav

                and do the same steps to the second row.

                1 Reply Last reply Reply Quote 0
                • D
                  dig1234 last edited by

                  Bumping this issue, perhaps it should be broken off to a new thread but I'm not sure how.
                  I just updated to the latest squid package 2.2.8 and the issue remains.
                  The word "round-robin" appears in the cache_peer lines inside squid.conf this creates a situation where requests are alternately sent to the wrong peer when multiple web servers are added that are not serving the same site… ie they are not load balancing.

                  I believe the word "round-robin" should either be removed or exposed as a checkbox in the gui under web servers tab.

                  @dig1234:

                  I think there is a mistake in the reverse proxy config, I was having trouble so I read the squid.conf in pbi/…/etc and I found the directive
                  round-robin
                  even though I don't want that since my servers are independent of each other. I suggest either add a checkbox for that or remove that directive. Thanks!

                  1 Reply Last reply Reply Quote 0
                  • W
                    wcrowder last edited by

                    Squid is a 3.4.9, 3.5 is around the corner…

                    1 Reply Last reply Reply Quote 0
                    • H
                      hyundrax last edited by

                      everything work fine.. but not good caching at all :(


                      1 Reply Last reply Reply Quote 0
                      • Z
                        zang3tsu last edited by

                        Please add an option in the GUI to disable SSLv2 and SSLv3 (POODLE vulnerability). Thanks!

                        1 Reply Last reply Reply Quote 0
                        • J
                          joppybt last edited by

                          @zang3tsu:

                          Please add an option in the GUI to disable SSLv2 and SSLv3 (POODLE vulnerability). Thanks!

                          Are you talking about the reverse HTTPS proxy?
                          You can already disable SSLv2 and SSLv3 with a trick. Anything you put on the line for 'Reverse HTTPS default site' will be copied to the relevant spot it the squid.conf file. So in stead of just

                          www.example.com
                          ```you can put:
                          

                          www.example.com options=NO_SSLv2,NO_SSLv3 cipher=ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:!RC4+RSA:+HIGH:+MEDIUM:!SSLv2

                          
                          This way you get a grade B at https://www.ssllabs.com/ssltest/
                          I found no way yet to enable TLS 1.2 in squid.
                          1 Reply Last reply Reply Quote 0
                          • J
                            joppybt last edited by

                            @joppybt:

                            I found no way yet to enable TLS 1.2 in squid.

                            For the record: with the latest pfSense 2.2 I do get TLSv1.2 as well. Probably because OpenSSL 1.0.1k is now included?

                            1 Reply Last reply Reply Quote 0
                            • KOM
                              KOM last edited by

                              everything work fine.. but not good caching at all

                              IN my testing, I found that only managed a hit rate of about 5-7% with my company.  The dynamic nature of today's web makes it very challenging for caches.  Plus, with high-speed links and tons of bandwidth, Squid seems to get more use here as the base for SquidGuard filtering than it does for caching content.

                              1 Reply Last reply Reply Quote 0
                              • A
                                asterix last edited by

                                Yup, I use Squid for the very same reason. Keep it setting to "null" for no local caching now since I have 110/20 Mbps speeds, don't need local cache. Now with ICAP and Clamd I am getting a bit more functionality out of it.

                                If there was a way to separate the dependency of Clamd and dans/e2guardian on squid, I would had installed the separate packages and not looked at Squid ever.

                                1 Reply Last reply Reply Quote 0
                                • D
                                  darrenkdean last edited by

                                  Good Evening,

                                  Can anyone provide instruction on how to configure squidclamav to update definitions twice per day, noon & midnight?

                                  I have installed the Cron package & can SSH in, but have been unable to determine the next steps & appropriate script to make it auto update.

                                  Best-

                                  Darren

                                  1 Reply Last reply Reply Quote 0
                                  • N
                                    Nachtfalke last edited by

                                    @darrenkdean:

                                    Good Evening,

                                    Can anyone provide instruction on how to configure squidclamav to update definitions twice per day, noon & midnight?

                                    I have installed the Cron package & can SSH in, but have been unable to determine the next steps & appropriate script to make it auto update.

                                    Best-

                                    Darren

                                    I just added a cronjob which starts freshclam one time a day a 2:22 am:

                                    
                                    22  	2  	*  	*  	*  	root  	/usr/local/bin/freshclam  
                                    
                                    

                                    Having a look at /var/log/clamav/freshclam.log you can see that it updates the virus databases.

                                    1 Reply Last reply Reply Quote 0
                                    • A
                                      aityahiaidir last edited by

                                      hello allo

                                      i have a trouble to get Squid working on pfsense, before updating Squid package it's worked fine, but now i guet an error page

                                      Erreur de protocole ICAP.
                                      
                                      Le système a retourné : [No Error]
                                      

                                      pfsense : 2.2-RELEASE (i386)

                                      Installed Squid package : 3.4.10_2 pkg 0.2.6

                                      where is the problem ?

                                      1 Reply Last reply Reply Quote 0
                                      • B
                                        BitPoint last edited by

                                        Hello everyone,
                                        during the update process of clamav, in /var/log/clamav/freshclam.log i read:
                                        WARNING: Your ClamAV installation is OUTDATED!
                                        WARNING: Local version: 0.98.5 Recommended version: 0.98.6

                                        Should I be worried?
                                        Thanks to all

                                        1 Reply Last reply Reply Quote 0
                                        • L
                                          lannet2k last edited by

                                          Hi ,
                                          Any one have issue with the new version of PFSense 2.2.1 ??

                                          After installing it Squid keep restarting , log is full of :
                                          Mar 19 17:23:22 squid[72924]: Squid Parent: (squid-1) process 958 exited with status 1
                                          Mar 19 17:23:25 squid[72924]: Squid Parent: (squid-1) process 34043 started
                                          Mar 19 17:23:26 (squid-1): The redirector helpers are crashing too rapidly, need help!

                                          I try to stop it but it restart for some reason.

                                          Thanks
                                          :(

                                          1 Reply Last reply Reply Quote 0
                                          • I
                                            ignacio.verdejo last edited by

                                            Dear , I'm new to this, but fix this problem by simply checking the "Do not verify the remote certificate " located in Man SSL option menu in the filtering.

                                            SSL Man Int the Middle Filtering>Remote cert checks> check "Do not verify remote certificate".

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post