Dansguardian freshclam issue
-
After a lot of research I tried CLI after my last post. It kind a moved forward in fetching the files. But Dans would fail to work with Squid 3 and the whole install will get corrupted. I have multiple subnets and Squid 2 in transparent mode works beautifully but with Squid 3 in the squid.conf I see the "http_port 127.0.0.1:3128 transparent" is replaced with "http_port 127.0.0.1:3128 trancrete(or discrete)" and that is creating an issue as Dans starts to give errors of not able to connect to Sqiud proxy port.
I haven't tried Squid 2 on pfSesne 2.1. Will try that instead.
-
I don't think Squid should be in transparent mode if your configuration looks like mine:
pfSense -> DG -> Squid -> internet
In DG you have Squid as parent proxy, normally on 127.0.0.1, port 3128 (or is it 3125?). DG listens on whatever interface you want to configure (for me: LAN, wifi, VLANs).
In Squid you have transparent off, and listening on localhost.
You also need to have your traffic going to DG. Mine's enforced through a combination of wpad, NAT rules and firewall rules and devices are either auto-detecting or manually configured to hit DG (or NAT enforces it).
-
Squid fails to work on just localhost selected. I am forced to select my 5 subnets in Squid and then select transparent option to ensure I don't have to do manual proxy configuration on every client.
This config works just perfect in v2.0.3
-
That will bypass DG.
I use the NAT rules to force traffic through DG.
I have a redirection rule where all traffic on all interfaces heading to port 80 is redirected to pfSense's IP : port 8080 instead (the default DG port, which is where I have DG). So even if my manual proxy config on some devices fails, my auto-detect/wpad proxy config on other devices fails, the NAT redirection ensures all traffic goes to DG whether it likes it or not.
The rule has an exception for traffic heading to pfSense:80, so that if a device wants to use wpad it can still do that.
This is obviously only for http traffic. I haven't tackled https traffic through DG/Squid yet.
-
Yes, I keep the same NAT settings as well.
-
So, I finally managed to get freshclam started. It did complain in between about missing /var/db/clamav so I created that as well and gave permissions. But it fails when I start dansguardian with this log
Jul 7 13:55:13 dansguardian[13871]: Unknown return code from content scanner: -1
Jul 7 13:55:13 dansguardian[13871]: Error connecting to ClamD socket
Jul 7 13:55:13 dansguardian[13871]: Unknown return code from content scanner: -1
Jul 7 13:55:13 dansguardian[13871]: Error connecting to ClamD socket
Jul 7 13:55:13 lighttpd[44102]: (connections.c.137) (warning) close: 23 Connection reset by peer
Jul 7 13:54:44 php: /pkg_edit.php: Starting Dansguardian
Jul 7 13:54:44 php: /pkg_edit.php: Starting clamav-clamd -
When I was having problems with my dansguardian / clam / squid install, the packages wouldn't work after changing my config not long ago.
So, I backed up my settings.
reinstalled pfsense.
restored my settings.
rebooted.
Reinstalled my missing packages (the setting were all still there)
Purged my squid cache.rebooted and all was fine.
-
Yeah well I tried that.. doesn't work on 2.1. I presume the dansguardian package is not yet fully compatible with 2.1 and needs work..
Here is what I get with clamd enabled… ofcourse the scanner is not working.
Access to the page:
http://www.msn.com
... has been denied for the following reason:
WARNING: Could not perform content scan!
Categories:
Content scanning
-
haha - yeah. That seems a little suspect.
1 last thing I have done. Go to pfsense console menu, go to command shell and do a freshclam.
freshclam
clamd
-
Yeah I did that already :)
It complained at first about freshclam.log being in use by some other process. After a 10 min wait I reboot the box and ran freshclam again. Worked this time and I see the files being download. Though it complains about old signatures.
-
Well, you are running a beta package on a beta/RC. What could possibly go wrong?
When I get this far down the rabbit hole, I usually start looking towards a fresh install. -
Well I do fresh installs all the time. One small error makes me get rid of the install and start fresh.. :)
-
Yep - For sure for me.
Because fresh install takes 4 minutes, restore config - 1 minute, reload missing packages, 2 minutes.
Then usually all is well.
-
marcelloc,
Can u please fix this freshclam issue on 2.1 . :) -
Got it working with many manipulations that should be corrected in the package (tested on 2.1 RC1):
1. Create missing directories : mkdir /var/log/clamav /var/db/clamav /var/run/clamav
2. Change ownership of these directories : chown clamav /var/log/clamav /var/db/clamav /var/run/clamav
3. Refresh clam db : freshclam
4. Start clam daemon : clamd &Those settings won't survive a reboot : pfSense reset permissions in /var/log and removes directories created in /var/run. This should be coded in the startup script of Dansguardian but I haven't found it yet.
-
Got it working with many manipulations that should be corrected in the package (tested on 2.1 RC1):
1. Create missing directories : mkdir /var/log/clamav /var/db/clamav /var/run/clamav
2. Change ownership of these directories : chown clamav /var/log/clamav /var/db/clamav /var/run/clamav
3. Refresh clam db : freshclam
4. Start clam daemon : clamd &Those settings won't survive a reboot : pfSense reset permissions in /var/log and removes directories created in /var/run. This should be coded in the startup script of Dansguardian but I haven't found it yet.
The dansguardian re-create of the directories and permissions is in the dansguardian.inc file. If you put a valid freshclam and clamav-clamd script in the /usr/local/etc/rc.d directory, then the dansguardian.inc code will correctly re-create the directories and rights.
-
This security package is the only one having issues on 2.1 .. Snort.. Squid.. works great.
-
Got it working with many manipulations that should be corrected in the package (tested on 2.1 RC1):
1. Create missing directories : mkdir /var/log/clamav /var/db/clamav /var/run/clamav
2. Change ownership of these directories : chown clamav /var/log/clamav /var/db/clamav /var/run/clamav
3. Refresh clam db : freshclam
4. Start clam daemon : clamd &Those settings won't survive a reboot : pfSense reset permissions in /var/log and removes directories created in /var/run. This should be coded in the startup script of Dansguardian but I haven't found it yet.
The dansguardian re-create of the directories and permissions is in the dansguardian.inc file. If you put a valid freshclam and clamav-clamd script in the /usr/local/etc/rc.d directory, then the dansguardian.inc code will correctly re-create the directories and rights.
1. Where do I find those scripts?
2. The file /usr/local/etc/rc.d/clamav-clamd exists on my system and looks like a binary file -
1. Where do I find those scripts?
2. The file /usr/local/etc/rc.d/clamav-clamd exists on my system and looks like a binary filedansguardian.inc is in /usr/local/pkg
The clamav-clamd script should be a text file (it's a shell script). If it isn't text then something is wrong. I've attached the contents of mine…
#!/bin/sh # # $FreeBSD: ports/security/clamav/files/clamav-clamd.in,v 1.10 2012/11/17 06:01:01 svnexp Exp $ # # PROVIDE: clamd # REQUIRE: LOGIN # BEFORE: mail # KEYWORD: shutdown # # Add the following lines to /etc/rc.conf to enable clamd: # # clamav_clamd_enable="YES" # clamav_clamd_flags="<set as="" needed="">" # # See clamd(8) for flags # . /etc/rc.subr name=clamav_clamd rcvar=clamav_clamd_enable if [ ! -d /var/run/clamav ];then /bin/mkdir /var/run/clamav;fi if [ ! -d /var/db/clamav ];then /bin/mkdir /var/db/clamav;fi if [ ! -d /var/log/clamav ];then /bin/mkdir -p /var/log/clamav;fi chown -R clamav /var/run/clamav chown -R clamav /var/db/clamav chown -R clamav /var/log/clamav command=/usr/local/sbin/clamd required_dirs=/var/db/clamav required_files=/usr/local/etc/clamd.conf # read settings, set default values load_rc_config "$name" : ${clamav_clamd_enable="YES"} : ${clamav_clamd_socket="/var/run/clamav/clamd.sock"} start_precmd=clamav_clamd_precmd #clamav .93 won't start without a valid main.c[vl]d file clamav_clamd_precmd() { if [ ! -f /var/db/clamav/main.cvd -a ! -f /var/db/clamav/main.cld ];then echo "Missing /var/db/clamav/clamav/*.cvd or *.cld files. You must run freshclam first" exit 1 fi } extra_commands="reload" reload_cmd=clamd_reload clamd_reload() { /usr/local/bin/clamdscan --reload } run_rc_command "$1"</set>
-
1. Where do I find those scripts?
2. The file /usr/local/etc/rc.d/clamav-clamd exists on my system and looks like a binary filedansguardian.inc is in /usr/local/pkg
The clamav-clamd script should be a text file (it's a shell script). If it isn't text then something is wrong. I've attached the contents of mine…
Thanks but the script fails at startup with this:
[2.1-RC1][admin@pfsense.local]/root(17): ./clamav-clamd start ./clamav-clamd: WARNING: /usr/local/etc/clamd.conf is not readable. ./clamav-clamd: WARNING: failed precmd routine for clamav_clamd
What about the freshclam script?