Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Dansguardian freshclam issue

    pfSense Packages
    8
    60
    20828
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      asterix last edited by

      hmmm.. ok.. did you activate clamd ???

      Also, if I am not mistaken.. you must have configured dans "after" installing squid3.. as dans works on squid

      1 Reply Last reply Reply Quote 0
      • A
        asterix last edited by

        @rjcrowder:

        I just did a fresh install of the 2.1 amd64 build from 8/29 and had no issues at all…

        I installed the following packages in order...
              cron
              vhosts
              dansguardian
              squid3
              OpenVPN Client Export Utility

        same old issue..

        $ freshclam
        ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
        ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).

        1 Reply Last reply Reply Quote 0
        • R
          rjcrowder last edited by

          @asterix:

          hmmm.. ok.. did you activate clamd ???

          Also, if I am not mistaken.. you must have configured dans "after" installing squid3.. as dans works on squid

          To be honest… what I did is install all of the packages listed above in the order that I listed. Then I did the following
          1.) rebooted
          2.) copied over a config.xml that already had all of the DG and squid settings I wanted (turns on clam for example).
          3.) rebooted
          5.) ran the DG blacklist download (since my config.xml uses a different blacklist site)
          6.) started DG manually
          7.) validated that everything was running (ps -ax | grep clam, ps -ax | grep dans, ps -ax | grep squid)
          8.) rebooted
          9.) validate that everything was running

          1 Reply Last reply Reply Quote 0
          • R
            rjcrowder last edited by

            Just as a quick follow-up. I did another install of 2.1 RC2 i386 version today. With the following steps, I'm not having any issue…

            1.  Install pfsense 2.1 RC2 using normal USB install
            2.  Reboot and assign WAN and LAN interfaces
            3.  Select "Set interface(s) IP address" from the menu (2)
                  choose the LAN interface
                  change IP address to 192.168.4.1
                  change bitcount to 24
                  enable DHCP server Y
                  starting 192.168.4.100
                  ending  192.168.4.150
                  revert to HTTP Y
                  NO Gateway or IPV6
            4.  Select "Enable Secure Shell (sshd)" (14) from the menu
            5.  Login to the web interface as admin/pfsense at http://192.168.4.1
            6.  Skip the setup wizard by going to 192.168.4.1 again after the wizard starts
            7.  Install the following packages in order (System/Packages):
                  cron
                  vhosts
                  dansguardian
                  squid3
                  OpenVPN Client Export Utility
            8.  Go into the proxy settings and click "save"
            9.  Go into DG settings and enable DG and save
            10. Go into DG settings and add the URL for blacklist download, set to happen every other day
            11. Go into DG settings and turn on Clam

            I logged into the secure shell and validated that everything was running. I then rebooted the box and  validated that everything was running.

            1 Reply Last reply Reply Quote 0
            • A
              asterix last edited by

              Ahh you are on i386.. I am on amd64 .. That could be the issue. I have 8GB RAM.. so i386 is not for me.

              The amd64 dans package still needs to be updated for compatibility with 2.1

              1 Reply Last reply Reply Quote 0
              • R
                rjcrowder last edited by

                @asterix:

                Ahh you are on i386.. I am on amd64 .. That could be the issue. I have 8GB RAM.. so i386 is not for me.

                The amd64 dans package still needs to be updated for compatibility with 2.1

                The install I referenced earlier in this thread was amd64 - it worked as well. However, as soon as the new 2.1 release bits come out I will try it again and let you know the steps/results.

                1 Reply Last reply Reply Quote 0
                • A
                  asterix last edited by

                  Great. Thanks!

                  I am thinking of creating a new test 2.0.3 install and restore my current stable 2.0.3 config.xml to it.. and do a 2.1 upgrade on it. If that works then I will make a copy of the new 2.1 config.xml and use it for future installs. Something tells me it won't work.. but who cares I will still test it out :)

                  1 Reply Last reply Reply Quote 0
                  • R
                    rjcrowder last edited by

                    @asterix:

                    Great. Thanks!

                    I am thinking of creating a new test 2.0.3 install and restore my current stable 2.0.3 config.xml to it.. and do a 2.1 upgrade on it. If that works then I will make a copy of the new 2.1 config.xml and use it for future installs. Something tells me it won't work.. but who cares I will still test it out :)

                    Yea I can't imagine that will make much difference.

                    Apologize - doesn't seem like I'm being much help, but I haven't been able to replicate the problem you're having. What you describe happened to me on some builds about a month ago, but I haven't had an issue in quite a while…

                    1 Reply Last reply Reply Quote 0
                    • A
                      asterix last edited by

                      Made some progress.. while at least a step forward..

                      Still on 2.0.3 I wanted to try Squid3 for sometime but could never get it to work with Dans. This time I installed Dans first on a clean install and then Squid3 after that. One thing I forgot to mention is that I used to install Snort as the first package after every clean install but this time I installed it in the end. Maybe this must have resolved the issue. Logic said to install Squid first as Dans is dependent on Squid but when I saw other folks on this forum installing Dans before Squid, I tried it for the sake of doing it and it worked. Ran freshclam manually after a reboot as the automated freshclam instance hangs (have seen it behave the same way earlier)

                      One issue I have noticed is that "transparent proxy" feature in Squid3 does not work. If I select that option all clients on the network fail to reach the internet. I could get them to work by specifying a web proxy with port 3128 and that worked fine. This wasn't the case in Squid2. But this annoyance is not much of an issue for me right now as use Dans NAT forced rules to forward all traffic to port 8080. So its kinda transparent for all network devices. But I would still like to see the transparent proxy issue resolved in Squid3.

                      Has anyone tested the new dev-Squid3 install yet with Dans?

                      My next step is to wait for the final release of v2.1 and then do the same steps as above to install Dans. I suspect Snort package install corrupting the Dans installation … but I may be wrong.

                      1 Reply Last reply Reply Quote 0
                      • R
                        rjcrowder last edited by

                        @asterix:

                        Made some progress.. while at least a step forward..

                        Still on 2.0.3 I wanted to try Squid3 for sometime but could never get it to work with Dans. This time I installed Dans first on a clean install and then Squid3 after that. One thing I forgot to mention is that I used to install Snort as the first package after every clean install but this time I installed it in the end. Maybe this must have resolved the issue. Logic said to install Squid first as Dans is dependent on Squid but when I saw other folks on this forum installing Dans before Squid, I tried it for the sake of doing it and it worked. Ran freshclam manually after a reboot as the automated freshclam instance hangs (have seen it behave the same way earlier)

                        You definitely need to install squid3 after dans. I believe it's because Dans installs squid2 and installing after essentially replaces the squid2 install

                        @asterix:

                        One issue I have noticed is that "transparent proxy" feature in Squid3 does not work. If I select that option all clients on the network fail to reach the internet. I could get them to work by specifying a web proxy with port 3128 and that worked fine. This wasn't the case in Squid2. But this annoyance is not much of an issue for me right now as use Dans NAT forced rules to forward all traffic to port 8080. So its kinda transparent for all network devices. But I would still like to see the transparent proxy issue resolved in Squid3.

                        I'm not really sure what you mean by this… If you are installing Dans, you would typically send all clients to dans either through a NAT rule or by the client proxy configuration (manuall or using proxy PAC file). Then you would block anyone from directly accessing squid by using a firewall rule or in the squid config itself - i.e. no one should be able to use squid proxy directly on 3128. If that's how you set things up, it makes no difference whether you select "transparent" or not on the squid configuration.

                        @asterix:

                        Has anyone tested the new dev-Squid3 install yet with Dans?

                        My next step is to wait for the final release of v2.1 and then do the same steps as above to install Dans. I suspect Snort package install corrupting the Dans installation … but I may be wrong.

                        Havent' tried dev-Squid3 or Snort. 2.1 works fine though…

                        1 Reply Last reply Reply Quote 0
                        • A
                          asterix last edited by

                          I don't think Dans installs Squid2. Its dependent on it but it won't install it. You would have to install it manually.

                          I bypass Dans for just myself for testing stuff ;) and add my laptop IP in the exclusion list so that it's filtered.

                          1 Reply Last reply Reply Quote 0
                          • A
                            asterix last edited by

                            Still can't make Dans work on 2.1 .. moving back to 2.0.3 :(

                            php: rc.start_packages: The command '/usr/local/etc/rc.d/dansguardian.sh start' returned exit code '127', the output was '/usr/local/etc/rc.d/dansguardian.sh: not found'
                            Sep 21 15:22:22 php: rc.start_packages: [Dansguardian] - Save settings package call pr: bp:1 rpc:no
                            Sep 21 15:22:22 php: rc.start_packages: Starting Dansguardian

                            1 Reply Last reply Reply Quote 0
                            • K
                              kejianshi last edited by

                              Why do you need squid3?  Just wondering?

                              1 Reply Last reply Reply Quote 0
                              • R
                                rjcrowder last edited by

                                @asterix:

                                Still can't make Dans work on 2.1 .. moving back to 2.0.3 :(

                                php: rc.start_packages: The command '/usr/local/etc/rc.d/dansguardian.sh start' returned exit code '127', the output was '/usr/local/etc/rc.d/dansguardian.sh: not found'
                                Sep 21 15:22:22 php: rc.start_packages: [Dansguardian] - Save settings package call pr: bp:1 rpc:no
                                Sep 21 15:22:22 php: rc.start_packages: Starting Dansguardian

                                I've installed DG and Squid3 on 2.1 at least a half dozen times and never had this problem. I will try to replicate your issue if it would be helpful, but I would need to know exactly what you are doing and in what order…

                                1 Reply Last reply Reply Quote 0
                                • A
                                  asterix last edited by

                                  @rjcrowder:

                                  @asterix:

                                  Still can't make Dans work on 2.1 .. moving back to 2.0.3 :(

                                  php: rc.start_packages: The command '/usr/local/etc/rc.d/dansguardian.sh start' returned exit code '127', the output was '/usr/local/etc/rc.d/dansguardian.sh: not found'
                                  Sep 21 15:22:22 php: rc.start_packages: [Dansguardian] - Save settings package call pr: bp:1 rpc:no
                                  Sep 21 15:22:22 php: rc.start_packages: Starting Dansguardian

                                  I've installed DG and Squid3 on 2.1 at least a half dozen times and never had this problem. I will try to replicate your issue if it would be helpful, but I would need to know exactly what you are doing and in what order…

                                  Now I have the exact same problem on 2.0.3 as well  >:(

                                  Clean install on basic VM. After first boot I installed dans first and then squid (tried both v2 ad v3) Thats it. Squid works everytime but dans does not start and gives the exat same error of exit cde 27 .. REALLY PISSED RIGHT NOW .. >:(

                                  Have done over 10 clean installs since morning… with the exact same issue. I don't even start clamd.. its the base das config and it wont start. I get the blacklist to download as well.. but the service fails to start.

                                  Here is the log from 2.0.3

                                  Sep 21 16:04:09 php: : Starting Dansguardian
                                  Sep 21 16:04:09 check_reload_status: Syncing firewall
                                  Sep 21 16:04:08 php: : [Dansguardian] - Save settings package call pr: bp:1 rpc:no
                                  Sep 21 16:04:08 php: : The command '/usr/local/etc/rc.d/dansguardian.sh start' returned exit code '127', the output was '/usr/local/etc/rc.d/dansguardian.sh: not found'
                                  Sep 21 16:04:08 php: : Starting Dansguardian
                                  Sep 21 16:04:08 php: : [Dansguardian] - Save settings package call pr: bp:1 rpc:no

                                  1 Reply Last reply Reply Quote 0
                                  • A
                                    asterix last edited by

                                    @kejianshi:

                                    Why do you need squid3?  Just wondering?

                                    Just testing Squid3. Have found Squid2 to work fine but looking at Squid3 to see if there is any improvements in caching and response times.

                                    1 Reply Last reply Reply Quote 0
                                    • K
                                      kejianshi last edited by

                                      Does Dansguardian + squid (not cutting edge new and improved squid) work for you with 2.1?

                                      1 Reply Last reply Reply Quote 0
                                      • A
                                        asterix last edited by

                                        There is a definite issue with Dans package. No one is accepting this fact. A simple VM shouldnt have this issue. Its on the very basic config

                                        Dans at the moment is not working for me on 2.0.3 and 2.1 .. well it never worked with 2.1 .. ever.

                                        Squid2 and Squid3 works fine on both versions.

                                        1 Reply Last reply Reply Quote 0
                                        • K
                                          kejianshi last edited by

                                          Running pfsense on very compatible hardware is much better than in a VM.  If you have a box you can spare…

                                          1 Reply Last reply Reply Quote 0
                                          • A
                                            asterix last edited by

                                            So finally I got dans working on 2.1

                                            This time I just installed Dans with no other package.. not even Squid. Got it to start after reboot. Then I installed Squid.

                                            There is still one issue … clamd... :(

                                            I created the missing directories and got freshclam download the signatures..

                                            freshclam
                                            ClamAV update process started at Sat Sep 21 23:11:58 2013
                                            WARNING: Your ClamAV installation is OUTDATED!
                                            WARNING: Local version: 0.97.6 Recommended version: 0.98
                                            DON'T PANIC! Read http://www.clamav.net/support/faq
                                            main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
                                            daily.cvd is up to date (version: 17882, sigs: 358207, f-level: 63, builder: neo)
                                            bytecode.cvd is up to date (version: 226, sigs: 43, f-level: 63, builder: neo)

                                            But clamd wont start...

                                            clamd
                                            ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: No such file or directory

                                            So I created clamav directory in /var/run and then did a
                                            chown -R clamav clamav

                                            Now I ran clamd again and this time it worked !!!

                                            But the clamav directory in /var/run vanishes after a reboot. Not sure how to make it stick..

                                            The package really needs to be fixed.

                                            1 Reply Last reply Reply Quote 0
                                            • R
                                              rjcrowder last edited by

                                              I had this problem one time and never figured out why it happened… interesting thing is that it hasn't happened again.

                                              The directory is created by the code in /usr/local/pkg/dansguardian.inc.  I believe the directory create logic starts at line 1146.  Look and see if you have a "clamav-clamd" file in /usr/local/etc/rc.d. If not, create one using the code attached.

                                              #!/bin/sh
                                              #
                                              # $FreeBSD: ports/security/clamav/files/clamav-clamd.in,v 1.10 2012/11/17 06:01:01 svnexp Exp $
                                              #
                                              
                                              # PROVIDE: clamd
                                              # REQUIRE: LOGIN
                                              # BEFORE: mail
                                              # KEYWORD: shutdown
                                              
                                              #
                                              # Add the following lines to /etc/rc.conf to enable clamd:
                                              #
                                              # clamav_clamd_enable="YES"
                                              # clamav_clamd_flags="<set as="" needed="">"
                                              #
                                              # See clamd(8) for flags
                                              #
                                              
                                              . /etc/rc.subr
                                              
                                              name=clamav_clamd
                                              rcvar=clamav_clamd_enable
                                              
                                              if [ ! -d /var/run/clamav ];then /bin/mkdir /var/run/clamav;fi
                                              if [ ! -d /var/db/clamav ];then /bin/mkdir /var/db/clamav;fi
                                              if [ ! -d /var/log/clamav ];then /bin/mkdir -p /var/log/clamav;fi
                                              chown -R clamav /var/run/clamav
                                              chown -R clamav /var/db/clamav
                                              chown -R clamav /var/log/clamav
                                              command=/usr/local/sbin/clamd
                                              required_dirs=/var/db/clamav
                                              required_files=/usr/pbi/dansguardian-amd64/etc/clamd.conf
                                              
                                              # read settings, set default values
                                              load_rc_config "$name"
                                              : ${clamav_clamd_enable="YES"}
                                              : ${clamav_clamd_socket="/var/run/clamav/clamd.sock"}
                                              
                                              start_precmd=clamav_clamd_precmd
                                              
                                              #clamav .93 won't start without a valid main.c[vl]d file
                                              clamav_clamd_precmd() {
                                              	if [ ! -f /var/db/clamav/main.cvd -a ! -f /var/db/clamav/main.cld ];then
                                              		echo "Missing /var/db/clamav/clamav/*.cvd or *.cld files.  You must run freshclam first"
                                              		exit 1
                                              	fi
                                              }
                                              
                                              extra_commands="reload"
                                              reload_cmd=clamd_reload
                                              
                                              clamd_reload()
                                              {
                                                /usr/pbi/dansguardian-amd64/bin/clamdscan --reload
                                              }
                                              
                                              run_rc_command "$1"</set> 
                                              
                                              1 Reply Last reply Reply Quote 0
                                              • A
                                                asterix last edited by

                                                Will have a look at it again. Right now I have switched back to 2.0.3. Next week I will shut down the 2.0.3 instance and test the 2.1 again. Such a good product but I wouldn't use it till the dans clamd issue is resolved. I just can't let someone in the family download a virus infected file and screw my entire network. Have experienced it a few times and believe me.. its frustrating.

                                                1 Reply Last reply Reply Quote 0
                                                • T
                                                  ToxIcon last edited by

                                                  Could not get Dansguardian Clamd or squid to work so I decided to try something and this works for me
                                                  havp clamav + Dansguardian + Squid-dev

                                                  HAVP antivirus 0.91_1 + clamav-0.97.8

                                                  Cron 0.1.7

                                                  Dansguardian 2.12.0.3

                                                  squid3-dev 3.3.8

                                                  1: Installed Havp update it,set to LAN, Enable Transparent test it to make sure it was working and blocking
                                                    make sure Havp service is running.

                                                  2 Install cron

                                                  3 reboot

                                                  3 create clamav directory in /var/run and run chown -R clamav clamav
                                                    Install Dansguardian update Blacklist, set ACLs, set to LAN, Enable dansguardian
                                                    make sure dansguardian service is running.

                                                  4 Install squid3-dev and missing lib, set to LAN Enable Transparent (did not enable Antivirus or c-icap)
                                                    make sure squid service is running.

                                                  5 Now go to Dansguardian set Parent proxy Settings to squid save.

                                                  look in system logs you will see an error about have and squid set to Transparent
                                                  just go to have and change to parent of squid and save.

                                                  Create a NAT: Port Forward rule for Dansguardian

                                                  Dansguardian squid-dev havp all working and blocking.

                                                  ERRORS: Dansguardian 2.12.0.3 pkg v.0.1.8

                                                  The only errors that I am having are the

                                                  Web upload is banned.

                                                  Using Shalla's Blacklists - shallalist.tar.gz

                                                  Category not showing up on Access has been Denied! Page I have to modify my lists, putting
                                                  #listcategory: "category" at the top of each list in /usr/pbi/dansguardian-amd64/etc/dansguardian/lists/blacklists/

                                                  for example
                                                  /usr/pbi/dansguardian-amd64/etc/dansguardian/lists/blacklists/adv/domains
                                                  /usr/pbi/dansguardian-amd64/etc/dansguardian/lists/blacklists/adv/urls
                                                  and then it work the category is listed on the Access has been Denied!

                                                  Do anyone have a script to automatically update the blacklists lists domains/urls with the #listcategory: "category" ?? at the top of each list.

                                                  1 Reply Last reply Reply Quote 0
                                                  • S
                                                    samham last edited by

                                                    I would say package inconsistency is the worst thing about Pfsense, Dansguardian is a great product; however, the package here is a true garbage and the maintainer probably knows it just refuses to admit it. Sure you can get to work but it need a lot of tweaking and most users aren't apt for it.

                                                    1 Reply Last reply Reply Quote 0
                                                    • A
                                                      asterix last edited by

                                                      @samham:

                                                      I would say package inconsistency is the worst thing about Pfsense, Dansguardian is a great product; however, the package here is a true garbage and the maintainer probably knows it just refuses to admit it. Sure you can get to work but it need a lot of tweaking and most users aren't apt for it.

                                                      I am have been saying this all along. After trying to make it work countless times I have switched back to 2.0.3 which works just perfectly. Missing 2.1 as I have been meaning to use it for a long time but I don't wanna use it without Dans-clamd. HAVP is crap and I will never use it. clamd works perfectly with Dans (if you are able to configure it .. ever)

                                                      1 Reply Last reply Reply Quote 0
                                                      • A
                                                        asterix last edited by

                                                        @ToxIcon:

                                                        Could not get Dansguardian Clamd or squid to work so I decided to try something and this works for me
                                                        havp clamav + Dansguardian + Squid-dev

                                                        HAVP antivirus 0.91_1 + clamav-0.97.8

                                                        Cron 0.1.7

                                                        Dansguardian 2.12.0.3

                                                        squid3-dev 3.3.8

                                                        squid3-dev is buggy.. use squid3.

                                                        On fresh clean pfSense.. install Dans first and then squid3 "after" configuring dans. I got it work by creating some directories but the directories would be deleted on every reboot. I hate to use band aid fixes so I don't want to use a script to re-create the missing directories on every reboot.

                                                        1 Reply Last reply Reply Quote 0
                                                        • A
                                                          asterix last edited by

                                                          Finally found a workaround on this clamd issue.

                                                          I did a clean 2.1 install and just installed dans and noticed many of the freshclam clamd files missing after install. Tried to add those files but it just didn't work.

                                                          Files in /usr/local/etc and /usr/local/etc/rc.d were missing.

                                                          So I did a clean install of 2.0.3 and installed just dans and configured clamd on it. Service started and worked as before. Now I upgraded to 2.1 and let it reinstall the dans package after the upgrade. Since the upgrade does not delete previous version's package files, this time the service started up and worked without any hiccups.

                                                          After this I installed Squid3, Snort, RRD Summary. Have a good stable UTM now.

                                                          Not a clean way of configuring Dans on 2.1 but it's the only way for now till someone updates it to be compatible with v2.1

                                                          1 Reply Last reply Reply Quote 0
                                                          • W
                                                            wheelz last edited by

                                                            I had this same issue and found a solution.

                                                            I first got freshclam to run by creating /var/log/clamav and /var/db/clamav directories and using chown -R clamav clamav to change the ownership.

                                                            I noticed that /usr/local/etc/rc.d/clamav-clamd was empty.  I copied the contents from /usr/pbi/dansguardian-amd64/etc/rc.d/clamav-clamd into it.  I then created a new file /usr/local/etc/rc.d/clamav-freshclam and copied the contents of /usr/pbi/dansguardian-amd64/etc/rc.d/clamav-freshclam into it.

                                                            After a reboot the clamav service started and I was able to use DG to filter web traffic with clamav enabled.

                                                            1 Reply Last reply Reply Quote 0
                                                            • First post
                                                              Last post

                                                            Products

                                                            • Platform Overview
                                                            • TNSR
                                                            • pfSense
                                                            • Appliances

                                                            Services

                                                            • Training
                                                            • Professional Services

                                                            Support

                                                            • Subscription Plans
                                                            • Contact Support
                                                            • Product Lifecycle
                                                            • Documentation

                                                            News

                                                            • Media Coverage
                                                            • Press
                                                            • Events

                                                            Resources

                                                            • Blog
                                                            • FAQ
                                                            • Find a Partner
                                                            • Resource Library
                                                            • Security Information

                                                            Company

                                                            • About Us
                                                            • Careers
                                                            • Partners
                                                            • Contact Us
                                                            • Legal
                                                            Our Mission

                                                            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                                            Subscribe to our Newsletter

                                                            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                                            © 2021 Rubicon Communications, LLC | Privacy Policy