Dansguardian freshclam issue



  • Running latest 2.1 snapshot. Getting this error when trying to get freshclam

    $ freshclam
    ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
    ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).



  • anyone ???



  • So no one has this issue? No one has installed Dansguardian on 2.1RC and not using clamd?



  • Almost 2 weeks and 270 views and no one has seen this or knows how to resolve this?



  • Are you familiar with using CLIs? Do you have a ssh setup into your pfSense box, or a monitor/keyboard on your pfSense box?

    If you answered yes to those questions, log in to pfSense and:

    cd /var/log
    ls

    You possibly won't have a clamav directory. So if not:

    mkdir clamav

    If you did have a clamav directory or if you just created it as above, do:

    ls -l clamav

    and it'll show something like r-xr–r-- clamav root wheel, so:

    chown -R clamav clamav
    cd clamav
    ls

    and my guess is there is no freshclam.log, but now that you've given ownership to clamav it can create the log file when it needs to or you can explicitly create it:

    touch freshclam.log
    chown clamav freshclam.log
    chmod 644 freshclam.log

    Or something like that.

    I did have similar issues at various stages due to installing various versions of DG. I'm currently not using the latest and I'm not using clamav, but I'm not sure if other people have experienced this issue or if marcelloc has changed things to fix this.

    If you're not familiar with CLIs, probably best not to go messing around in there.



  • After a lot of research I tried CLI after my last post. It kind a moved forward in fetching the files. But Dans would fail to work with Squid 3 and the whole install will get corrupted. I have multiple subnets and Squid 2 in transparent mode works beautifully but with Squid 3 in the squid.conf I see the "http_port 127.0.0.1:3128 transparent" is replaced with "http_port 127.0.0.1:3128 trancrete(or discrete)" and that is creating an issue as Dans starts to give errors of not able to connect to Sqiud proxy port.

    I haven't tried Squid 2 on pfSesne 2.1. Will try that instead.



  • I don't think Squid should be in transparent mode if your configuration looks like mine:

    pfSense -> DG -> Squid -> internet

    In DG you have Squid as parent proxy, normally on 127.0.0.1, port 3128 (or is it 3125?). DG listens on whatever interface you want to configure (for me: LAN, wifi, VLANs).

    In Squid you have transparent off, and listening on localhost.

    You also need to have your traffic going to DG. Mine's enforced through a combination of wpad, NAT rules and firewall rules and devices are either auto-detecting or manually configured to hit DG (or NAT enforces it).



  • Squid fails to work on just localhost selected. I am forced to select my 5 subnets in Squid and then select transparent option to ensure I don't have to do manual proxy configuration on every client.

    This config works just perfect in v2.0.3



  • That will bypass DG.

    I use the NAT rules to force traffic through DG.

    I have a redirection rule where all traffic on all interfaces heading to port 80 is redirected to pfSense's IP : port 8080 instead (the default DG port, which is where I have DG). So even if my manual proxy config on some devices fails, my auto-detect/wpad proxy config on other devices fails, the NAT redirection ensures all traffic goes to DG whether it likes it or not.

    The rule has an exception for traffic heading to pfSense:80, so that if a device wants to use wpad it can still do that.

    This is obviously only for http traffic. I haven't tackled https traffic through DG/Squid yet.



  • Yes, I keep the same NAT settings as well.



  • So, I finally managed to get freshclam started. It did complain in between about missing /var/db/clamav so I created that as well and gave permissions. But it fails when I start dansguardian with this log

    Jul 7 13:55:13 dansguardian[13871]: Unknown return code from content scanner: -1
    Jul 7 13:55:13 dansguardian[13871]: Error connecting to ClamD socket
    Jul 7 13:55:13 dansguardian[13871]: Unknown return code from content scanner: -1
    Jul 7 13:55:13 dansguardian[13871]: Error connecting to ClamD socket
    Jul 7 13:55:13 lighttpd[44102]: (connections.c.137) (warning) close: 23 Connection reset by peer
    Jul 7 13:54:44 php: /pkg_edit.php: Starting Dansguardian
    Jul 7 13:54:44 php: /pkg_edit.php: Starting clamav-clamd



  • When I was having problems with my dansguardian / clam / squid install, the packages wouldn't work after changing my config not long ago.

    So, I backed up my settings.
    reinstalled pfsense.
    restored my settings.
    rebooted.
    Reinstalled my missing packages (the setting were all still there)
    Purged my squid cache.

    rebooted and all was fine.



  • Yeah well I tried that.. doesn't work on 2.1. I presume the dansguardian package is not yet fully compatible with 2.1 and needs work..

    Here is what I get with clamd enabled… ofcourse the scanner is not working.


    Access to the page:

    http://www.msn.com

    ... has been denied for the following reason:

    WARNING: Could not perform content scan!

    Categories:

    Content scanning



  • haha - yeah.  That seems a little suspect.

    1 last thing I have done.  Go to pfsense console menu, go to command shell and do a freshclam.

    freshclam

    clamd



  • Yeah I did that already :)

    It complained at first about freshclam.log being in use by some other process. After a 10 min wait I reboot the box and ran freshclam again. Worked this time and I see the files being download. Though it complains about old signatures.



  • Well, you are running a beta package on a beta/RC.  What could possibly go wrong?
    When I get this far down the rabbit hole, I usually start looking towards a fresh install.



  • Well I do fresh installs all the time. One small error makes me get rid of the install and start fresh.. :)



  • Yep - For sure for me.

    Because fresh install takes 4 minutes, restore config - 1 minute, reload missing packages, 2 minutes.

    Then usually all is well.



  • marcelloc,
    Can u please fix this freshclam issue on 2.1 . :)



  • Got it working with many manipulations that should be corrected in the package (tested on 2.1 RC1):

    1. Create missing directories : mkdir /var/log/clamav /var/db/clamav /var/run/clamav
    2. Change ownership of these directories : chown clamav /var/log/clamav /var/db/clamav /var/run/clamav
    3. Refresh clam db : freshclam
    4. Start clam daemon : clamd &

    Those settings won't survive a reboot : pfSense reset permissions in /var/log and removes directories created in /var/run. This should be coded in the startup script of Dansguardian but I haven't found it yet.



  • @clauded1:

    Got it working with many manipulations that should be corrected in the package (tested on 2.1 RC1):

    1. Create missing directories : mkdir /var/log/clamav /var/db/clamav /var/run/clamav
    2. Change ownership of these directories : chown clamav /var/log/clamav /var/db/clamav /var/run/clamav
    3. Refresh clam db : freshclam
    4. Start clam daemon : clamd &

    Those settings won't survive a reboot : pfSense reset permissions in /var/log and removes directories created in /var/run. This should be coded in the startup script of Dansguardian but I haven't found it yet.

    The dansguardian re-create of the directories and permissions is in the dansguardian.inc file. If you put a valid freshclam and clamav-clamd script in the /usr/local/etc/rc.d directory, then the dansguardian.inc code will correctly re-create the directories and rights.



  • This security package is the only one having issues on 2.1 .. Snort.. Squid.. works great.



  • @rjcrowder:

    @clauded1:

    Got it working with many manipulations that should be corrected in the package (tested on 2.1 RC1):

    1. Create missing directories : mkdir /var/log/clamav /var/db/clamav /var/run/clamav
    2. Change ownership of these directories : chown clamav /var/log/clamav /var/db/clamav /var/run/clamav
    3. Refresh clam db : freshclam
    4. Start clam daemon : clamd &

    Those settings won't survive a reboot : pfSense reset permissions in /var/log and removes directories created in /var/run. This should be coded in the startup script of Dansguardian but I haven't found it yet.

    The dansguardian re-create of the directories and permissions is in the dansguardian.inc file. If you put a valid freshclam and clamav-clamd script in the /usr/local/etc/rc.d directory, then the dansguardian.inc code will correctly re-create the directories and rights.

    1. Where do I find those scripts?
    2. The file /usr/local/etc/rc.d/clamav-clamd exists on my system and looks like a binary file



  • 1. Where do I find those scripts?
    2. The file /usr/local/etc/rc.d/clamav-clamd exists on my system and looks like a binary file

    dansguardian.inc is in /usr/local/pkg

    The clamav-clamd script should be a text file (it's a shell script). If it isn't text then something is wrong. I've attached the contents of mine…

    #!/bin/sh
    #
    # $FreeBSD: ports/security/clamav/files/clamav-clamd.in,v 1.10 
    2012/11/17 06:01:01 svnexp Exp $
    #
    
    # PROVIDE: clamd
    # REQUIRE: LOGIN
    # BEFORE: mail
    # KEYWORD: shutdown
    
    #
    # Add the following lines to /etc/rc.conf to enable clamd:
    #
    # clamav_clamd_enable="YES"
    # clamav_clamd_flags="<set as="" needed="">"
    #
    # See clamd(8) for flags
    #
    
    . /etc/rc.subr
    
    name=clamav_clamd
    rcvar=clamav_clamd_enable
    
    if [ ! -d /var/run/clamav ];then /bin/mkdir /var/run/clamav;fi
    if [ ! -d /var/db/clamav ];then /bin/mkdir /var/db/clamav;fi
    if [ ! -d /var/log/clamav ];then /bin/mkdir -p /var/log/clamav;fi
    chown -R clamav /var/run/clamav
    chown -R clamav /var/db/clamav
    chown -R clamav /var/log/clamav
    command=/usr/local/sbin/clamd
    required_dirs=/var/db/clamav
    required_files=/usr/local/etc/clamd.conf
    
    # read settings, set default values
    load_rc_config "$name"
    : ${clamav_clamd_enable="YES"}
    : ${clamav_clamd_socket="/var/run/clamav/clamd.sock"}
    
    start_precmd=clamav_clamd_precmd
    
    #clamav .93 won't start without a valid main.c[vl]d file
    clamav_clamd_precmd() {
         if [ ! -f /var/db/clamav/main.cvd -a ! -f /var/db/clamav/main.cld 
    ];then
             echo "Missing /var/db/clamav/clamav/*.cvd or *.cld files. You 
    must run freshclam first"
             exit 1
         fi
    }
    
    extra_commands="reload"
    reload_cmd=clamd_reload
    
    clamd_reload()
    {
       /usr/local/bin/clamdscan --reload
    }
    
    run_rc_command "$1"</set>
    


  • @rjcrowder:

    1. Where do I find those scripts?
    2. The file /usr/local/etc/rc.d/clamav-clamd exists on my system and looks like a binary file

    dansguardian.inc is in /usr/local/pkg

    The clamav-clamd script should be a text file (it's a shell script). If it isn't text then something is wrong. I've attached the contents of mine…

    Thanks but the script fails at startup with this:

    [2.1-RC1][admin@pfsense.local]/root(17): ./clamav-clamd start
    ./clamav-clamd: WARNING: /usr/local/etc/clamd.conf is not readable.
    ./clamav-clamd: WARNING: failed precmd routine for clamav_clamd
    

    What about the freshclam script?



  • @clauded1:

    @rjcrowder:

    1. Where do I find those scripts?
    2. The file /usr/local/etc/rc.d/clamav-clamd exists on my system and looks like a binary file

    dansguardian.inc is in /usr/local/pkg

    The clamav-clamd script should be a text file (it's a shell script). If it isn't text then something is wrong. I've attached the contents of mine…

    Thanks but the script fails at startup with this:

    [2.1-RC1][admin@pfsense.local]/root(17): ./clamav-clamd start
    ./clamav-clamd: WARNING: /usr/local/etc/clamd.conf is not readable.
    ./clamav-clamd: WARNING: failed precmd routine for clamav_clamd
    

    What about the freshclam script?

    OK… I didn't run into that particular issue. Is Dans installed? It should have installed clam as part of the dg install. Does the file /usr/local/etc/clamd.conf exist? If so, what do the rights look like on it (do ls -al)? Can you see if the clam executable exists (just do find / -name "clam") and see if it exists anywhere...

    I can send you the freshclam script tonight (at work right now) but it won't do you any good if clam isn't installed.



  • @rjcrowder:

    OK… I didn't run into that particular issue. Is Dans installed? It should have installed clam as part of the dg install. Does the file /usr/local/etc/clamd.conf exist? If so, what do the rights look like on it (do ls -al)? Can you see if the clam executable exists (just do find / -name "clam") and see if it exists anywhere...

    I can send you the freshclam script tonight (at work right now) but it won't do you any good if clam isn't installed.

    Clam is installed as part of DansGuardian but on a fresh reboot, freshclam don't work and clamd won't load:

    [2.1-RC1][admin@pfsense.cell.local]/root(4): find / -name "clam*"
    /root/clamav-clamd
    /usr/local/sbin/clamd
    /usr/local/bin/clamav-config
    /usr/local/bin/clambc
    /usr/local/bin/clamconf
    /usr/local/bin/clamdscan
    /usr/local/bin/clamdtop
    /usr/local/bin/clamscan
    /usr/local/etc/rc.d/clamav-clamd
    /usr/local/etc/dansguardian/contentscanners/clamdscan.conf
    /usr/pbi/freeradius-i386/lib/python2.7/test/decimaltestdata/clamp.decTest
    /usr/pbi/dansguardian-i386/bin/clamscan
    /usr/pbi/dansguardian-i386/bin/clamdscan
    /usr/pbi/dansguardian-i386/bin/clamconf
    /usr/pbi/dansguardian-i386/bin/clamdtop
    /usr/pbi/dansguardian-i386/bin/clambc
    /usr/pbi/dansguardian-i386/bin/clamav-config
    /usr/pbi/dansguardian-i386/etc/rc.d/clamav-clamd
    /usr/pbi/dansguardian-i386/etc/rc.d/clamav-freshclam
    /usr/pbi/dansguardian-i386/etc/clamd.conf.default
    /usr/pbi/dansguardian-i386/etc/clamd.conf
    /usr/pbi/dansguardian-i386/etc/dansguardian/contentscanners/clamdscan.conf
    /usr/pbi/dansguardian-i386/include/clamav.h
    /usr/pbi/dansguardian-i386/include/clamav-config.h
    /usr/pbi/dansguardian-i386/sbin/clamd
    /usr/pbi/dansguardian-i386/share/licenses/clamav-0.97.6
    /var/run/clamav
    /var/run/clamav/clamd.sock
    /var/run/clamav/clamd.pid
    /var/mail/clamav
    /var/log/dansguardian/clamd.log
    /var/log/clamav
    /var/log/clamav/clamd.log
    /var/db/clamav
    
    


  • Here is the contents of the clamav-freshclam script:

    #!/bin/sh
    #
    # $FreeBSD: ports/security/clamav/files/clamav-freshclam.in,v 1.5 2012/11/17 06:01:01 svnexp Exp $
    #
    
    # PROVIDE: freshclam
    # REQUIRE: LOGIN clamd
    # BEFORE: mail
    # KEYWORD: shutdown
    
    #
    # Add the following lines to /etc/rc.conf to enable the freshclam daemon:
    #
    # clamav_freshclam_enable="YES"
    # clamav_freshclam_flags="<set as="" needed="">"
    #
    # See freshclam(1) for flags
    #
    
    . /etc/rc.subr
    
    name=clamav_freshclam
    rcvar=clamav_freshclam_enable
    
    command=/usr/local/bin/freshclam
    pidfile=/var/run/clamav/freshclam.pid
    command_args="--daemon -p ${pidfile}"
    required_dirs=/var/db/clamav
    required_files=/usr/local/etc/freshclam.conf
    
    # read settings, set default values
    load_rc_config "$name"
    : ${clamav_freshclam_enable="NO"}
    
    run_rc_command "$1"</set> 
    

    clamd.conf should be in /usr/local/etc and its contents are:

    ##
    ## Example config file for the Clam AV daemon
    ## Please read the clamd.conf(5) manual before editing this file.
    ##
    
    # Comment or remove the line below.
    #Example
    
    # Uncomment this option to enable logging.
    # LogFile must be writable for the user running daemon.
    # A full path is required.
    # Default: disabled
    LogFile /var/log/clamav/clamd.log
    
    # By default the log file is locked for writing - the lock protects against
    # running clamd multiple times (if want to run another clamd, please
    # copy the configuration file, change the LogFile variable, and run
    # the daemon with --config-file option).
    # This option disables log file locking.
    # Default: no
    #LogFileUnlock yes
    
    # Maximum size of the log file.
    # Value of 0 disables the limit.
    # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
    # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
    # in bytes just don't use modifiers.
    # Default: 1M
    #LogFileMaxSize 2M
    
    # Log time with each message.
    # Default: no
    #LogTime yes
    
    # Also log clean files. Useful in debugging but drastically increases the
    # log size.
    # Default: no
    #LogClean yes
    
    # Use system logger (can work together with LogFile).
    # Default: no
    #LogSyslog yes
    
    # Specify the type of syslog messages - please refer to 'man syslog'
    # for facility names.
    # Default: LOG_LOCAL6
    #LogFacility LOG_MAIL
    
    # Enable verbose logging.
    # Default: no
    #LogVerbose yes
    
    # Log additional information about the infected file, such as its
    # size and hash, together with the virus name.
    #ExtendedDetectionInfo yes
    
    # This option allows you to save a process identifier of the listening
    # daemon (main thread).
    # Default: disabled
    PidFile /var/run/clamav/clamd.pid
    
    # Optional path to the global temporary directory.
    # Default: system specific (usually /tmp or /var/tmp).
    #TemporaryDirectory /var/tmp
    
    # Path to the database directory.
    # Default: hardcoded (depends on installation options)
    DatabaseDirectory /var/db/clamav
    
    # Only load the official signatures published by the ClamAV project.
    # Default: no
    #OfficialDatabaseOnly no
    
    # The daemon can work in local mode, network mode or both. 
    # Due to security reasons we recommend the local mode.
    
    # Path to a local socket file the daemon will listen on.
    # Default: disabled (must be specified by a user)
    LocalSocket /var/run/clamav/clamd.sock
    
    # Sets the group ownership on the unix socket.
    # Default: disabled (the primary group of the user running clamd)
    #LocalSocketGroup virusgroup
    
    # Sets the permissions on the unix socket to the specified mode.
    # Default: disabled (socket is world accessible)
    #LocalSocketMode 660
    
    # Remove stale socket after unclean shutdown.
    # Default: yes
    FixStaleSocket yes
    
    # TCP port address.
    # Default: no
    #TCPSocket 3310
    
    # TCP address.
    # By default we bind to INADDR_ANY, probably not wise.
    # Enable the following to provide some degree of protection
    # from the outside world.
    # Default: no
    #TCPAddr 127.0.0.1
    
    # Maximum length the queue of pending connections may grow to.
    # Default: 200
    #MaxConnectionQueueLength 30
    
    # Clamd uses FTP-like protocol to receive data from remote clients.
    # If you are using clamav-milter to balance load between remote clamd daemons
    # on firewall servers you may need to tune the options below.
    
    # Close the connection when the data size limit is exceeded.
    # The value should match your MTA's limit for a maximum attachment size.
    # Default: 25M
    #StreamMaxLength 10M
    
    # Limit port range.
    # Default: 1024
    #StreamMinPort 30000
    # Default: 2048
    #StreamMaxPort 32000
    
    # Maximum number of threads running at the same time.
    # Default: 10
    #MaxThreads 20
    
    # Waiting for data from a client socket will timeout after this time (seconds).
    # Default: 120
    #ReadTimeout 300
    
    # This option specifies the time (in seconds) after which clamd should
    # timeout if a client doesn't provide any initial command after connecting.
    # Default: 5
    #CommandReadTimeout 5
    
    # This option specifies how long to wait (in miliseconds) if the send buffer is full.
    # Keep this value low to prevent clamd hanging
    #
    # Default: 500
    #SendBufTimeout 200
    
    # Maximum number of queued items (including those being processed by MaxThreads threads)
    # It is recommended to have this value at least twice MaxThreads if possible.
    # WARNING: you shouldn't increase this too much to avoid running out  of file descriptors,
    # the following condition should hold:
    # MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024)
    #
    # Default: 100
    #MaxQueue 200
    
    # Waiting for a new job will timeout after this time (seconds).
    # Default: 30
    #IdleTimeout 60
    
    # Don't scan files and directories matching regex
    # This directive can be used multiple times
    # Default: scan all
    #ExcludePath ^/proc/
    #ExcludePath ^/sys/
    
    # Maximum depth directories are scanned at.
    # Default: 15
    #MaxDirectoryRecursion 20
    
    # Follow directory symlinks.
    # Default: no
    #FollowDirectorySymlinks yes
    
    # Follow regular file symlinks.
    # Default: no
    #FollowFileSymlinks yes
    
    # Scan files and directories on other filesystems.
    # Default: yes
    #CrossFilesystems yes
    
    # Perform a database check.
    # Default: 600 (10 min)
    #SelfCheck 600
    
    # Execute a command when virus is found. In the command string %v will
    # be replaced with the virus name.
    # Default: no
    #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
    
    # Run as another user (clamd must be started by root for this option to work)
    # Default: don't drop privileges
    User clamav
    
    # Initialize supplementary group access (clamd must be started by root).
    # Default: no
    AllowSupplementaryGroups yes
    
    # Stop daemon when libclamav reports out of memory condition.
    #ExitOnOOM yes
    
    # Don't fork into background.
    # Default: no
    #Foreground yes
    
    # Enable debug messages in libclamav.
    # Default: no
    #Debug yes
    
    # Do not remove temporary files (for debug purposes).
    # Default: no
    #LeaveTemporaryFiles yes
    
    # Detect Possibly Unwanted Applications.
    # Default: no
    #DetectPUA yes
    
    # Exclude a specific PUA category. This directive can be used multiple times.
    # See http://www.clamav.net/support/pua for the complete list of PUA
    # categories.
    # Default: Load all categories (if DetectPUA is activated)
    #ExcludePUA NetTool
    #ExcludePUA PWTool
    
    # Only include a specific PUA category. This directive can be used multiple
    # times.
    # Default: Load all categories (if DetectPUA is activated)
    #IncludePUA Spy
    #IncludePUA Scanner
    #IncludePUA RAT
    
    # In some cases (eg. complex malware, exploits in graphic files, and others),
    # ClamAV uses special algorithms to provide accurate detection. This option
    # controls the algorithmic detection.
    # Default: yes
    #AlgorithmicDetection yes
    
    ##
    ## Executable files
    ##
    
    # PE stands for Portable Executable - it's an executable file format used
    # in all 32 and 64-bit versions of Windows operating systems. This option allows
    # ClamAV to perform a deeper analysis of executable files and it's also
    # required for decompression of popular executable packers such as UPX, FSG,
    # and Petite. If you turn off this option, the original files will still be
    # scanned, but without additional processing.
    # Default: yes
    #ScanPE yes
    
    # Executable and Linking Format is a standard format for UN*X executables.
    # This option allows you to control the scanning of ELF files.
    # If you turn off this option, the original files will still be scanned, but
    # without additional processing.
    # Default: yes
    #ScanELF yes
    
    # With this option clamav will try to detect broken executables (both PE and
    # ELF) and mark them as Broken.Executable.
    # Default: no
    #DetectBrokenExecutables yes
    
    ##
    ## Documents
    ##
    
    # This option enables scanning of OLE2 files, such as Microsoft Office
    # documents and .msi files.
    # If you turn off this option, the original files will still be scanned, but
    # without additional processing.
    # Default: yes
    #ScanOLE2 yes
    
    # With this option enabled OLE2 files with VBA macros, which were not
    # detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
    # Default: no
    #OLE2BlockMacros no
    
    # This option enables scanning within PDF files.
    # If you turn off this option, the original files will still be scanned, but
    # without decoding and additional processing.
    # Default: yes
    #ScanPDF yes
    
    ##
    ## Mail files
    ##
    
    # Enable internal e-mail scanner.
    # If you turn off this option, the original files will still be scanned, but
    # without parsing individual messages/attachments.
    # Default: yes
    ScanMail yes
    
    # Scan RFC1341 messages split over many emails.
    # You will need to periodically clean up $TemporaryDirectory/clamav-partial directory.
    # WARNING: This option may open your system to a DoS attack.
    #	   Never use it on loaded servers.
    # Default: no
    #ScanPartialMessages yes
    
    # With this option enabled ClamAV will try to detect phishing attempts by using
    # signatures.
    # Default: yes
    #PhishingSignatures yes
    
    # Scan URLs found in mails for phishing attempts using heuristics.
    # Default: yes
    #PhishingScanURLs yes
    
    # Always block SSL mismatches in URLs, even if the URL isn't in the database.
    # This can lead to false positives.
    #
    # Default: no
    #PhishingAlwaysBlockSSLMismatch no
    
    # Always block cloaked URLs, even if URL isn't in database.
    # This can lead to false positives.
    #
    # Default: no
    #PhishingAlwaysBlockCloak no
    
    # Allow heuristic match to take precedence.
    # When enabled, if a heuristic scan (such as phishingScan) detects
    # a possible virus/phish it will stop scan immediately. Recommended, saves CPU
    # scan-time.
    # When disabled, virus/phish detected by heuristic scans will be reported only at
    # the end of a scan. If an archive contains both a heuristically detected
    # virus/phish, and a real malware, the real malware will be reported
    #
    # Keep this disabled if you intend to handle "*.Heuristics.*" viruses 
    # differently from "real" malware.
    # If a non-heuristically-detected virus (signature-based) is found first, 
    # the scan is interrupted immediately, regardless of this config option.
    #
    # Default: no
    #HeuristicScanPrecedence yes
    
    ##
    ## Data Loss Prevention (DLP)
    ##
    
    # Enable the DLP module
    # Default: No
    #StructuredDataDetection yes
    
    # This option sets the lowest number of Credit Card numbers found in a file
    # to generate a detect.
    # Default: 3
    #StructuredMinCreditCardCount 5
    
    # This option sets the lowest number of Social Security Numbers found
    # in a file to generate a detect.
    # Default: 3
    #StructuredMinSSNCount 5
    
    # With this option enabled the DLP module will search for valid
    # SSNs formatted as xxx-yy-zzzz
    # Default: yes
    #StructuredSSNFormatNormal yes
    
    # With this option enabled the DLP module will search for valid
    # SSNs formatted as xxxyyzzzz
    # Default: no
    #StructuredSSNFormatStripped yes
    
    ##
    ## HTML
    ##
    
    # Perform HTML normalisation and decryption of MS Script Encoder code.
    # Default: yes
    # If you turn off this option, the original files will still be scanned, but
    # without additional processing.
    #ScanHTML yes
    
    ##
    ## Archives
    ##
    
    # ClamAV can scan within archives and compressed files.
    # If you turn off this option, the original files will still be scanned, but
    # without unpacking and additional processing.
    # Default: yes
    #ScanArchive yes
    
    # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
    # Default: no
    #ArchiveBlockEncrypted no
    
    ##
    ## Limits
    ##
    
    # The options below protect your system against Denial of Service attacks
    # using archive bombs.
    
    # This option sets the maximum amount of data to be scanned for each input file.
    # Archives and other containers are recursively extracted and scanned up to this
    # value.
    # Value of 0 disables the limit
    # Note: disabling this limit or setting it too high may result in severe damage
    # to the system.
    # Default: 100M
    #MaxScanSize 150M
    
    # Files larger than this limit won't be scanned. Affects the input file itself
    # as well as files contained inside it (when the input file is an archive, a
    # document or some other kind of container).
    # Value of 0 disables the limit.
    # Note: disabling this limit or setting it too high may result in severe damage
    # to the system.
    # Default: 25M
    #MaxFileSize 30M
    
    # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
    # file, all files within it will also be scanned. This options specifies how
    # deeply the process should be continued.
    # Note: setting this limit too high may result in severe damage to the system.
    # Default: 16
    #MaxRecursion 10
    
    # Number of files to be scanned within an archive, a document, or any other
    # container file.
    # Value of 0 disables the limit.
    # Note: disabling this limit or setting it too high may result in severe damage
    # to the system.
    # Default: 10000
    #MaxFiles 15000
    
    ##
    ## Clamuko settings
    ##
    
    # Enable Clamuko. Dazuko must be configured and running. Clamuko supports
    # both Dazuko (/dev/dazuko) and DazukoFS (/dev/dazukofs.ctrl). DazukoFS
    # is the preferred option. For more information please visit www.dazuko.org
    # Default: no
    #ClamukoScanOnAccess yes
    
    # The number of scanner threads that will be started (DazukoFS only).
    # Having multiple scanner threads allows Clamuko to serve multiple
    # processes simultaneously. This is particularly beneficial on SMP machines.
    # Default: 3
    #ClamukoScannerCount 3
    
    # Don't scan files larger than ClamukoMaxFileSize
    # Value of 0 disables the limit.
    # Default: 5M
    #ClamukoMaxFileSize 10M
    
    # Set access mask for Clamuko (Dazuko only).
    # Default: no
    #ClamukoScanOnOpen yes
    #ClamukoScanOnClose yes
    #ClamukoScanOnExec yes
    
    # Set the include paths (all files inside them will be scanned). You can have
    # multiple ClamukoIncludePath directives but each directory must be added
    # in a seperate line. (Dazuko only)
    # Default: disabled
    #ClamukoIncludePath /home
    #ClamukoIncludePath /students
    
    # Set the exclude paths. All subdirectories are also excluded. (Dazuko only)
    # Default: disabled
    #ClamukoExcludePath /home/bofh
    
    # With this option you can whitelist specific UIDs. Processes with these UIDs
    # will be able to access all files.
    # This option can be used multiple times (one per line).
    # Default: disabled
    #ClamukoExcludeUID 0
    
    # With this option enabled ClamAV will load bytecode from the database. 
    # It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.
    # Default: yes
    #Bytecode yes
    
    # Set bytecode security level.
    # Possible values:
    #       None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS
    #         This value is only available if clamav was built with --enable-debug!
    #       TrustSigned - trust bytecode loaded from signed .c[lv]d files,
    #                insert runtime safety checks for bytecode loaded from other sources
    #       Paranoid - don't trust any bytecode, insert runtime checks for all
    # Recommended: TrustSigned, because bytecode in .cvd files already has these checks
    # Note that by default only signed bytecode is loaded, currently you can only
    # load unsigned bytecode in --enable-debug mode.
    #
    # Default: TrustSigned
    #BytecodeSecurity TrustSigned
    
    # Set bytecode timeout in miliseconds.
    # 
    # Default: 5000
    # BytecodeTimeout 1000
    


  • The clamav-clamd file was empty and the clamd.conf was missing. Now it seems to work but I'll need to test a reboot to see if it comes back well.

    One small note : the clamav-clamd file you provided needs to be edited to remove a couple of unneeded carriage return.

    Thanks for the help.



  • A bit confused on how you got it to work. I would highly appreciate if you could please put up a quick step by step procedure.



  • Anyone else got this to work? Missing out on v2.1 just coz of this clamd issue… sigh  >:(



  • I just did a fresh install of the 2.1 amd64 build from 8/29 and had no issues at all…

    I installed the following packages in order...
          cron
          vhosts
          dansguardian
          squid3
          OpenVPN Client Export Utility



  • hmmm.. ok.. did you activate clamd ???

    Also, if I am not mistaken.. you must have configured dans "after" installing squid3.. as dans works on squid



  • @rjcrowder:

    I just did a fresh install of the 2.1 amd64 build from 8/29 and had no issues at all…

    I installed the following packages in order...
          cron
          vhosts
          dansguardian
          squid3
          OpenVPN Client Export Utility

    same old issue..

    $ freshclam
    ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
    ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).



  • @asterix:

    hmmm.. ok.. did you activate clamd ???

    Also, if I am not mistaken.. you must have configured dans "after" installing squid3.. as dans works on squid

    To be honest… what I did is install all of the packages listed above in the order that I listed. Then I did the following
    1.) rebooted
    2.) copied over a config.xml that already had all of the DG and squid settings I wanted (turns on clam for example).
    3.) rebooted
    5.) ran the DG blacklist download (since my config.xml uses a different blacklist site)
    6.) started DG manually
    7.) validated that everything was running (ps -ax | grep clam, ps -ax | grep dans, ps -ax | grep squid)
    8.) rebooted
    9.) validate that everything was running



  • Just as a quick follow-up. I did another install of 2.1 RC2 i386 version today. With the following steps, I'm not having any issue…

    1.  Install pfsense 2.1 RC2 using normal USB install
    2.  Reboot and assign WAN and LAN interfaces
    3.  Select "Set interface(s) IP address" from the menu (2)
          choose the LAN interface
          change IP address to 192.168.4.1
          change bitcount to 24
          enable DHCP server Y
          starting 192.168.4.100
          ending  192.168.4.150
          revert to HTTP Y
          NO Gateway or IPV6
    4.  Select "Enable Secure Shell (sshd)" (14) from the menu
    5.  Login to the web interface as admin/pfsense at http://192.168.4.1
    6.  Skip the setup wizard by going to 192.168.4.1 again after the wizard starts
    7.  Install the following packages in order (System/Packages):
          cron
          vhosts
          dansguardian
          squid3
          OpenVPN Client Export Utility
    8.  Go into the proxy settings and click "save"
    9.  Go into DG settings and enable DG and save
    10. Go into DG settings and add the URL for blacklist download, set to happen every other day
    11. Go into DG settings and turn on Clam

    I logged into the secure shell and validated that everything was running. I then rebooted the box and  validated that everything was running.



  • Ahh you are on i386.. I am on amd64 .. That could be the issue. I have 8GB RAM.. so i386 is not for me.

    The amd64 dans package still needs to be updated for compatibility with 2.1



  • @asterix:

    Ahh you are on i386.. I am on amd64 .. That could be the issue. I have 8GB RAM.. so i386 is not for me.

    The amd64 dans package still needs to be updated for compatibility with 2.1

    The install I referenced earlier in this thread was amd64 - it worked as well. However, as soon as the new 2.1 release bits come out I will try it again and let you know the steps/results.



  • Great. Thanks!

    I am thinking of creating a new test 2.0.3 install and restore my current stable 2.0.3 config.xml to it.. and do a 2.1 upgrade on it. If that works then I will make a copy of the new 2.1 config.xml and use it for future installs. Something tells me it won't work.. but who cares I will still test it out :)



  • @asterix:

    Great. Thanks!

    I am thinking of creating a new test 2.0.3 install and restore my current stable 2.0.3 config.xml to it.. and do a 2.1 upgrade on it. If that works then I will make a copy of the new 2.1 config.xml and use it for future installs. Something tells me it won't work.. but who cares I will still test it out :)

    Yea I can't imagine that will make much difference.

    Apologize - doesn't seem like I'm being much help, but I haven't been able to replicate the problem you're having. What you describe happened to me on some builds about a month ago, but I haven't had an issue in quite a while…


Log in to reply