Dansguardian freshclam issue
-
hmmm.. ok.. did you activate clamd ???
Also, if I am not mistaken.. you must have configured dans "after" installing squid3.. as dans works on squid
-
I just did a fresh install of the 2.1 amd64 build from 8/29 and had no issues at all…
I installed the following packages in order...
cron
vhosts
dansguardian
squid3
OpenVPN Client Export Utilitysame old issue..
$ freshclam
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!). -
hmmm.. ok.. did you activate clamd ???
Also, if I am not mistaken.. you must have configured dans "after" installing squid3.. as dans works on squid
To be honest… what I did is install all of the packages listed above in the order that I listed. Then I did the following
1.) rebooted
2.) copied over a config.xml that already had all of the DG and squid settings I wanted (turns on clam for example).
3.) rebooted
5.) ran the DG blacklist download (since my config.xml uses a different blacklist site)
6.) started DG manually
7.) validated that everything was running (ps -ax | grep clam, ps -ax | grep dans, ps -ax | grep squid)
8.) rebooted
9.) validate that everything was running -
Just as a quick follow-up. I did another install of 2.1 RC2 i386 version today. With the following steps, I'm not having any issue…
1. Install pfsense 2.1 RC2 using normal USB install
2. Reboot and assign WAN and LAN interfaces
3. Select "Set interface(s) IP address" from the menu (2)
choose the LAN interface
change IP address to 192.168.4.1
change bitcount to 24
enable DHCP server Y
starting 192.168.4.100
ending 192.168.4.150
revert to HTTP Y
NO Gateway or IPV6
4. Select "Enable Secure Shell (sshd)" (14) from the menu
5. Login to the web interface as admin/pfsense at http://192.168.4.1
6. Skip the setup wizard by going to 192.168.4.1 again after the wizard starts
7. Install the following packages in order (System/Packages):
cron
vhosts
dansguardian
squid3
OpenVPN Client Export Utility
8. Go into the proxy settings and click "save"
9. Go into DG settings and enable DG and save
10. Go into DG settings and add the URL for blacklist download, set to happen every other day
11. Go into DG settings and turn on ClamI logged into the secure shell and validated that everything was running. I then rebooted the box and validated that everything was running.
-
Ahh you are on i386.. I am on amd64 .. That could be the issue. I have 8GB RAM.. so i386 is not for me.
The amd64 dans package still needs to be updated for compatibility with 2.1
-
Ahh you are on i386.. I am on amd64 .. That could be the issue. I have 8GB RAM.. so i386 is not for me.
The amd64 dans package still needs to be updated for compatibility with 2.1
The install I referenced earlier in this thread was amd64 - it worked as well. However, as soon as the new 2.1 release bits come out I will try it again and let you know the steps/results.
-
Great. Thanks!
I am thinking of creating a new test 2.0.3 install and restore my current stable 2.0.3 config.xml to it.. and do a 2.1 upgrade on it. If that works then I will make a copy of the new 2.1 config.xml and use it for future installs. Something tells me it won't work.. but who cares I will still test it out :)
-
Great. Thanks!
I am thinking of creating a new test 2.0.3 install and restore my current stable 2.0.3 config.xml to it.. and do a 2.1 upgrade on it. If that works then I will make a copy of the new 2.1 config.xml and use it for future installs. Something tells me it won't work.. but who cares I will still test it out :)
Yea I can't imagine that will make much difference.
Apologize - doesn't seem like I'm being much help, but I haven't been able to replicate the problem you're having. What you describe happened to me on some builds about a month ago, but I haven't had an issue in quite a while…
-
Made some progress.. while at least a step forward..
Still on 2.0.3 I wanted to try Squid3 for sometime but could never get it to work with Dans. This time I installed Dans first on a clean install and then Squid3 after that. One thing I forgot to mention is that I used to install Snort as the first package after every clean install but this time I installed it in the end. Maybe this must have resolved the issue. Logic said to install Squid first as Dans is dependent on Squid but when I saw other folks on this forum installing Dans before Squid, I tried it for the sake of doing it and it worked. Ran freshclam manually after a reboot as the automated freshclam instance hangs (have seen it behave the same way earlier)
One issue I have noticed is that "transparent proxy" feature in Squid3 does not work. If I select that option all clients on the network fail to reach the internet. I could get them to work by specifying a web proxy with port 3128 and that worked fine. This wasn't the case in Squid2. But this annoyance is not much of an issue for me right now as use Dans NAT forced rules to forward all traffic to port 8080. So its kinda transparent for all network devices. But I would still like to see the transparent proxy issue resolved in Squid3.
Has anyone tested the new dev-Squid3 install yet with Dans?
My next step is to wait for the final release of v2.1 and then do the same steps as above to install Dans. I suspect Snort package install corrupting the Dans installation … but I may be wrong.
-
Made some progress.. while at least a step forward..
Still on 2.0.3 I wanted to try Squid3 for sometime but could never get it to work with Dans. This time I installed Dans first on a clean install and then Squid3 after that. One thing I forgot to mention is that I used to install Snort as the first package after every clean install but this time I installed it in the end. Maybe this must have resolved the issue. Logic said to install Squid first as Dans is dependent on Squid but when I saw other folks on this forum installing Dans before Squid, I tried it for the sake of doing it and it worked. Ran freshclam manually after a reboot as the automated freshclam instance hangs (have seen it behave the same way earlier)
You definitely need to install squid3 after dans. I believe it's because Dans installs squid2 and installing after essentially replaces the squid2 install
One issue I have noticed is that "transparent proxy" feature in Squid3 does not work. If I select that option all clients on the network fail to reach the internet. I could get them to work by specifying a web proxy with port 3128 and that worked fine. This wasn't the case in Squid2. But this annoyance is not much of an issue for me right now as use Dans NAT forced rules to forward all traffic to port 8080. So its kinda transparent for all network devices. But I would still like to see the transparent proxy issue resolved in Squid3.
I'm not really sure what you mean by this… If you are installing Dans, you would typically send all clients to dans either through a NAT rule or by the client proxy configuration (manuall or using proxy PAC file). Then you would block anyone from directly accessing squid by using a firewall rule or in the squid config itself - i.e. no one should be able to use squid proxy directly on 3128. If that's how you set things up, it makes no difference whether you select "transparent" or not on the squid configuration.
Has anyone tested the new dev-Squid3 install yet with Dans?
My next step is to wait for the final release of v2.1 and then do the same steps as above to install Dans. I suspect Snort package install corrupting the Dans installation … but I may be wrong.
Havent' tried dev-Squid3 or Snort. 2.1 works fine though…
-
I don't think Dans installs Squid2. Its dependent on it but it won't install it. You would have to install it manually.
I bypass Dans for just myself for testing stuff ;) and add my laptop IP in the exclusion list so that it's filtered.
-
Still can't make Dans work on 2.1 .. moving back to 2.0.3 :(
php: rc.start_packages: The command '/usr/local/etc/rc.d/dansguardian.sh start' returned exit code '127', the output was '/usr/local/etc/rc.d/dansguardian.sh: not found'
Sep 21 15:22:22 php: rc.start_packages: [Dansguardian] - Save settings package call pr: bp:1 rpc:no
Sep 21 15:22:22 php: rc.start_packages: Starting Dansguardian -
Why do you need squid3? Just wondering?
-
Still can't make Dans work on 2.1 .. moving back to 2.0.3 :(
php: rc.start_packages: The command '/usr/local/etc/rc.d/dansguardian.sh start' returned exit code '127', the output was '/usr/local/etc/rc.d/dansguardian.sh: not found'
Sep 21 15:22:22 php: rc.start_packages: [Dansguardian] - Save settings package call pr: bp:1 rpc:no
Sep 21 15:22:22 php: rc.start_packages: Starting DansguardianI've installed DG and Squid3 on 2.1 at least a half dozen times and never had this problem. I will try to replicate your issue if it would be helpful, but I would need to know exactly what you are doing and in what order…
-
Still can't make Dans work on 2.1 .. moving back to 2.0.3 :(
php: rc.start_packages: The command '/usr/local/etc/rc.d/dansguardian.sh start' returned exit code '127', the output was '/usr/local/etc/rc.d/dansguardian.sh: not found'
Sep 21 15:22:22 php: rc.start_packages: [Dansguardian] - Save settings package call pr: bp:1 rpc:no
Sep 21 15:22:22 php: rc.start_packages: Starting DansguardianI've installed DG and Squid3 on 2.1 at least a half dozen times and never had this problem. I will try to replicate your issue if it would be helpful, but I would need to know exactly what you are doing and in what order…
Now I have the exact same problem on 2.0.3 as well >:(
Clean install on basic VM. After first boot I installed dans first and then squid (tried both v2 ad v3) Thats it. Squid works everytime but dans does not start and gives the exat same error of exit cde
27.. REALLY PISSED RIGHT NOW .. >:(Have done over 10 clean installs since morning… with the exact same issue. I don't even start clamd.. its the base das config and it wont start. I get the blacklist to download as well.. but the service fails to start.
Here is the log from 2.0.3
Sep 21 16:04:09 php: : Starting Dansguardian
Sep 21 16:04:09 check_reload_status: Syncing firewall
Sep 21 16:04:08 php: : [Dansguardian] - Save settings package call pr: bp:1 rpc:no
Sep 21 16:04:08 php: : The command '/usr/local/etc/rc.d/dansguardian.sh start' returned exit code '127', the output was '/usr/local/etc/rc.d/dansguardian.sh: not found'
Sep 21 16:04:08 php: : Starting Dansguardian
Sep 21 16:04:08 php: : [Dansguardian] - Save settings package call pr: bp:1 rpc:no -
Why do you need squid3? Just wondering?
Just testing Squid3. Have found Squid2 to work fine but looking at Squid3 to see if there is any improvements in caching and response times.
-
Does Dansguardian + squid (not cutting edge new and improved squid) work for you with 2.1?
-
There is a definite issue with Dans package. No one is accepting this fact. A simple VM shouldnt have this issue. Its on the very basic config
Dans at the moment is not working for me on 2.0.3 and 2.1 .. well it never worked with 2.1 .. ever.
Squid2 and Squid3 works fine on both versions.
-
Running pfsense on very compatible hardware is much better than in a VM. If you have a box you can spare…
-
So finally I got dans working on 2.1
This time I just installed Dans with no other package.. not even Squid. Got it to start after reboot. Then I installed Squid.
There is still one issue … clamd... :(
I created the missing directories and got freshclam download the signatures..
freshclam
ClamAV update process started at Sat Sep 21 23:11:58 2013
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.97.6 Recommended version: 0.98
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cvd is up to date (version: 17882, sigs: 358207, f-level: 63, builder: neo)
bytecode.cvd is up to date (version: 226, sigs: 43, f-level: 63, builder: neo)But clamd wont start...
clamd
ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock could not be bound: No such file or directorySo I created clamav directory in /var/run and then did a
chown -R clamav clamavNow I ran clamd again and this time it worked !!!
But the clamav directory in /var/run vanishes after a reboot. Not sure how to make it stick..
The package really needs to be fixed.
-
I had this problem one time and never figured out why it happened… interesting thing is that it hasn't happened again.
The directory is created by the code in /usr/local/pkg/dansguardian.inc. I believe the directory create logic starts at line 1146. Look and see if you have a "clamav-clamd" file in /usr/local/etc/rc.d. If not, create one using the code attached.
#!/bin/sh # # $FreeBSD: ports/security/clamav/files/clamav-clamd.in,v 1.10 2012/11/17 06:01:01 svnexp Exp $ # # PROVIDE: clamd # REQUIRE: LOGIN # BEFORE: mail # KEYWORD: shutdown # # Add the following lines to /etc/rc.conf to enable clamd: # # clamav_clamd_enable="YES" # clamav_clamd_flags="<set as="" needed="">" # # See clamd(8) for flags # . /etc/rc.subr name=clamav_clamd rcvar=clamav_clamd_enable if [ ! -d /var/run/clamav ];then /bin/mkdir /var/run/clamav;fi if [ ! -d /var/db/clamav ];then /bin/mkdir /var/db/clamav;fi if [ ! -d /var/log/clamav ];then /bin/mkdir -p /var/log/clamav;fi chown -R clamav /var/run/clamav chown -R clamav /var/db/clamav chown -R clamav /var/log/clamav command=/usr/local/sbin/clamd required_dirs=/var/db/clamav required_files=/usr/pbi/dansguardian-amd64/etc/clamd.conf # read settings, set default values load_rc_config "$name" : ${clamav_clamd_enable="YES"} : ${clamav_clamd_socket="/var/run/clamav/clamd.sock"} start_precmd=clamav_clamd_precmd #clamav .93 won't start without a valid main.c[vl]d file clamav_clamd_precmd() { if [ ! -f /var/db/clamav/main.cvd -a ! -f /var/db/clamav/main.cld ];then echo "Missing /var/db/clamav/clamav/*.cvd or *.cld files. You must run freshclam first" exit 1 fi } extra_commands="reload" reload_cmd=clamd_reload clamd_reload() { /usr/pbi/dansguardian-amd64/bin/clamdscan --reload } run_rc_command "$1"</set> -
Will have a look at it again. Right now I have switched back to 2.0.3. Next week I will shut down the 2.0.3 instance and test the 2.1 again. Such a good product but I wouldn't use it till the dans clamd issue is resolved. I just can't let someone in the family download a virus infected file and screw my entire network. Have experienced it a few times and believe me.. its frustrating.
-
Could not get Dansguardian Clamd or squid to work so I decided to try something and this works for me
havp clamav + Dansguardian + Squid-devHAVP antivirus 0.91_1 + clamav-0.97.8
Cron 0.1.7
Dansguardian 2.12.0.3
squid3-dev 3.3.8
1: Installed Havp update it,set to LAN, Enable Transparent test it to make sure it was working and blocking
make sure Havp service is running.2 Install cron
3 reboot
3 create clamav directory in /var/run and run chown -R clamav clamav
Install Dansguardian update Blacklist, set ACLs, set to LAN, Enable dansguardian
make sure dansguardian service is running.4 Install squid3-dev and missing lib, set to LAN Enable Transparent (did not enable Antivirus or c-icap)
make sure squid service is running.5 Now go to Dansguardian set Parent proxy Settings to squid save.
look in system logs you will see an error about have and squid set to Transparent
just go to have and change to parent of squid and save.Create a NAT: Port Forward rule for Dansguardian
Dansguardian squid-dev havp all working and blocking.
ERRORS: Dansguardian 2.12.0.3 pkg v.0.1.8
The only errors that I am having are the
Web upload is banned.
Using Shalla's Blacklists - shallalist.tar.gz
Category not showing up on Access has been Denied! Page I have to modify my lists, putting
#listcategory: "category" at the top of each list in /usr/pbi/dansguardian-amd64/etc/dansguardian/lists/blacklists/for example
/usr/pbi/dansguardian-amd64/etc/dansguardian/lists/blacklists/adv/domains
/usr/pbi/dansguardian-amd64/etc/dansguardian/lists/blacklists/adv/urls
and then it work the category is listed on the Access has been Denied!Do anyone have a script to automatically update the blacklists lists domains/urls with the #listcategory: "category" ?? at the top of each list.
-
I would say package inconsistency is the worst thing about Pfsense, Dansguardian is a great product; however, the package here is a true garbage and the maintainer probably knows it just refuses to admit it. Sure you can get to work but it need a lot of tweaking and most users aren't apt for it.
-
I would say package inconsistency is the worst thing about Pfsense, Dansguardian is a great product; however, the package here is a true garbage and the maintainer probably knows it just refuses to admit it. Sure you can get to work but it need a lot of tweaking and most users aren't apt for it.
I am have been saying this all along. After trying to make it work countless times I have switched back to 2.0.3 which works just perfectly. Missing 2.1 as I have been meaning to use it for a long time but I don't wanna use it without Dans-clamd. HAVP is crap and I will never use it. clamd works perfectly with Dans (if you are able to configure it .. ever)
-
Could not get Dansguardian Clamd or squid to work so I decided to try something and this works for me
havp clamav + Dansguardian + Squid-devHAVP antivirus 0.91_1 + clamav-0.97.8
Cron 0.1.7
Dansguardian 2.12.0.3
squid3-dev 3.3.8
squid3-dev is buggy.. use squid3.
On fresh clean pfSense.. install Dans first and then squid3 "after" configuring dans. I got it work by creating some directories but the directories would be deleted on every reboot. I hate to use band aid fixes so I don't want to use a script to re-create the missing directories on every reboot.
-
Finally found a workaround on this clamd issue.
I did a clean 2.1 install and just installed dans and noticed many of the freshclam clamd files missing after install. Tried to add those files but it just didn't work.
Files in /usr/local/etc and /usr/local/etc/rc.d were missing.
So I did a clean install of 2.0.3 and installed just dans and configured clamd on it. Service started and worked as before. Now I upgraded to 2.1 and let it reinstall the dans package after the upgrade. Since the upgrade does not delete previous version's package files, this time the service started up and worked without any hiccups.
After this I installed Squid3, Snort, RRD Summary. Have a good stable UTM now.
Not a clean way of configuring Dans on 2.1 but it's the only way for now till someone updates it to be compatible with v2.1
-
I had this same issue and found a solution.
I first got freshclam to run by creating /var/log/clamav and /var/db/clamav directories and using chown -R clamav clamav to change the ownership.
I noticed that /usr/local/etc/rc.d/clamav-clamd was empty. I copied the contents from /usr/pbi/dansguardian-amd64/etc/rc.d/clamav-clamd into it. I then created a new file /usr/local/etc/rc.d/clamav-freshclam and copied the contents of /usr/pbi/dansguardian-amd64/etc/rc.d/clamav-freshclam into it.
After a reboot the clamav service started and I was able to use DG to filter web traffic with clamav enabled.