I need help - HAVP is running, but not checking



  • Hi guys,

    HAVP is driving me crazy. I am not able get it working. Does anybody of you see a chance to help me?

    First I installed only HAVP and I thought this would be enough. Since HAVP stands for "Antivirus Proxy", I thought I do not need squid. But it simply did not work. Then I installed squid3 and somehow it started working.

    But now I made a reboot and something haeppened. I am not able to get HAVP running properly. Websites are browsable, but if I download the eicar-testfile nothing happens. The antivirus proxy is simply not checking the files.

    I tried all the settings, but nothing worked. I tried the "transparent" and the "parent for squid" modes, but the did not the trick. Then I uninstalled and reinstalled the packages -> with no success.

    I am getting nuts. Please help me.

    keinstein

    Oct 20 14:44:30 	havp[16304]: Use transparent proxy mode
    Oct 20 14:44:30 	havp[16304]: --- Initializing Clamd Socket Scanner
    Oct 20 14:44:30 	havp[16304]: Clamd Socket Scanner passed EICAR virus test (Eicar-Test-Signature)
    Oct 20 14:44:30 	havp[16304]: --- All scanners initialized
    Oct 20 14:44:30 	havp[16437]: Process ID: 16437
    Oct 20 14:44:45 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708
    Oct 20 14:44:50 	php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2013/10/20 14:44:45| aclParseIpData: unknown netmask '0.047109690603708' in '0.57.32.80/0.047109690603708' FATAL: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708 Squid Cache (Version 3.1.22): Terminated abnormally. CPU Usage: 0.019 seconds = 0.013 user + 0.006 sys Maximum Resident Size: 6040 KB Page faults with physical i/o: 0'
    Oct 20 14:44:57 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708
    Oct 20 14:45:02 	php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2013/10/20 14:44:57| aclParseIpData: unknown netmask '0.047109690603708' in '0.57.32.80/0.047109690603708' FATAL: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708 Squid Cache (Version 3.1.22): Terminated abnormally. CPU Usage: 0.020 seconds = 0.013 user + 0.007 sys Maximum Resident Size: 6272 KB Page faults with physical i/o: 0'
    Oct 20 14:45:04 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708
    Oct 20 14:45:15 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708
    Oct 20 14:45:20 	php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2013/10/20 14:45:15| aclParseIpData: unknown netmask '0.047109690603708' in '0.57.32.80/0.047109690603708' FATAL: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708 Squid Cache (Version 3.1.22): Terminated abnormally. CPU Usage: 0.019 seconds = 0.013 user + 0.006 sys Maximum Resident Size: 6124 KB Page faults with physical i/o: 0'
    Oct 20 14:45:22 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708
    Oct 20 14:49:22 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708
    Oct 20 14:49:27 	php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2013/10/20 14:49:22| aclParseIpData: unknown netmask '0.047109690603708' in '0.57.32.80/0.047109690603708' FATAL: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708 Squid Cache (Version 3.1.22): Terminated abnormally. CPU Usage: 0.019 seconds = 0.019 user + 0.000 sys Maximum Resident Size: 5468 KB Page faults with physical i/o: 0'
    Oct 20 14:49:29 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708
    Oct 20 14:50:06 	php: /pkg_edit.php: Starting Squid
    Oct 20 14:50:06 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708
    Oct 20 14:50:06 	php: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -f /usr/pbi/squid-amd64/etc/squid/squid.conf' returned exit code '1', the output was '2013/10/20 14:50:06| aclParseIpData: unknown netmask '0.047109690603708' in '0.57.32.80/0.047109690603708' FATAL: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.57.32.80/0.047109690603708 Squid Cache (Version 3.1.22): Terminated abnormally. CPU Usage: 0.023 seconds = 0.023 user + 0.000 sys Maximum Resident Size: 5540 KB Page faults with physical i/o: 0'
    Oct 20 14:50:16 	check_reload_status: Reloading filter
    Oct 20 14:50:20 	check_reload_status: Syncing firewall
    Oct 20 14:50:22 	php: rc.filter_configure_sync: Havp: Squid is already configured as transparent proxy. Use 'Standard' proxy mode.
    Oct 20 14:50:22 	php: rc.filter_configure_sync: SQUID is installed but not started. Not installing "nat" rules.
    Oct 20 14:50:22 	php: rc.filter_configure_sync: Adding TFTP nat rules
    Oct 20 14:50:22 	php: rc.filter_configure_sync: Havp: Squid is already configured as transparent proxy. Use 'Standard' proxy mode.
    Oct 20 14:50:23 	php: rc.filter_configure_sync: SQUID is installed but not started. Not installing "pfearly" rules.
    Oct 20 14:50:23 	php: rc.filter_configure_sync: Havp: Squid is already configured as transparent proxy. Use 'Standard' proxy mode.
    Oct 20 14:50:23 	php: rc.filter_configure_sync: SQUID is installed but not started. Not installing "filter" rules.
    Oct 20 14:50:23 	php: /pkg_edit.php: Starting Squid
    Oct 20 14:50:23 	squid[41282]: Squid Parent: child process 41427 started
    Oct 20 14:50:27 	php: rc.filter_configure_sync: Havp: Squid is already configured as transparent proxy. Use 'Standard' proxy mode.
    Oct 20 14:50:27 	php: rc.filter_configure_sync: Adding TFTP nat rules
    Oct 20 14:50:27 	php: rc.filter_configure_sync: Havp: Squid is already configured as transparent proxy. Use 'Standard' proxy mode.
    Oct 20 14:50:27 	php: rc.filter_configure_sync: Havp: Squid is already configured as transparent proxy. Use 'Standard' proxy mode.
    Oct 20 14:54:20 	squid[41282]: Squid Parent: child process 41427 exited with status 0
    Oct 20 14:54:21 	php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was ''
    Oct 20 14:54:23 	squid[5530]: Squid Parent: child process 5785 started
    Oct 20 15:03:14 	check_reload_status: Syncing firewall
    Oct 20 15:03:16 	php: /pkg_edit.php: Starting HAVP
    Oct 20 15:03:20 	php: /pkg_edit.php: Reloading Squid for configuration sync
    Oct 20 15:03:20 	havp[43620]: === Starting HAVP Version: 0.91
    Oct 20 15:03:20 	havp[43620]: === Mandatory locking disabled! KEEPBACK settings not used!
    Oct 20 15:03:20 	havp[43620]: Running as user: havp, group: havp
    Oct 20 15:03:20 	havp[43620]: --- Initializing Clamd Socket Scanner
    Oct 20 15:03:20 	havp[43620]: Clamd Socket Scanner passed EICAR virus test (Eicar-Test-Signature)
    Oct 20 15:03:20 	havp[43620]: --- All scanners initialized
    Oct 20 15:03:20 	havp[43950]: Process ID: 43950
    Oct 20 15:03:21 	check_reload_status: Reloading filter
    Oct 20 15:03:26 	php: rc.filter_configure_sync: Adding TFTP nat rules
    Oct 20 15:03:33 	php: rc.filter_configure_sync: Adding TFTP nat rules
    ```![todel_pf_1_services.JPG](/public/_imported_attachments_/1/todel_pf_1_services.JPG)
    ![todel_pf_1_services.JPG_thumb](/public/_imported_attachments_/1/todel_pf_1_services.JPG_thumb)
    ![todel_pf_2_havp.JPG](/public/_imported_attachments_/1/todel_pf_2_havp.JPG)
    ![todel_pf_2_havp.JPG_thumb](/public/_imported_attachments_/1/todel_pf_2_havp.JPG_thumb)
    ![todel_pf_3_squid.JPG](/public/_imported_attachments_/1/todel_pf_3_squid.JPG)
    ![todel_pf_3_squid.JPG_thumb](/public/_imported_attachments_/1/todel_pf_3_squid.JPG_thumb)


  • two other screenshots..






  • Hi,

    as I said, I am getting nuts. Now, after a while, it seems to be working and I do not know why. After maybe 15 minutes it suddenly started checking the files.

    Can anybody check my settings in the screenshots? Did I configure the package correctly?

    keinstein



  • Hi guys. I do not know, if anybody is out there.

    Anyway, I made a reboot and HAVP stopped working.

    This is what I found in the syslog:

    
    Oct 20 21:15:44 havp[34823]: === Mandatory locking disabled! KEEPBACK settings not used! 
    Oct 20 21:15:44 havp[34823]: Running as user: havp, group: havp 
    Oct 20 21:15:44 havp[34823]: --- Initializing Clamd Socket Scanner 
    Oct 20 21:15:56 clamd[45503]: Can't open file or directory 
    Oct 20 21:15:58 havp[49172]: === Starting HAVP Version: 0.91 
    Oct 20 21:15:58 havp[49172]: === Mandatory locking disabled! KEEPBACK settings not used! 
    Oct 20 21:15:58 havp[49172]: Running as user: havp, group: havp 
    Oct 20 21:15:58 havp[49172]: --- Initializing Clamd Socket Scanner 
    
    

    and

    Oct 20 21:46:13 	php: /index.php: Successful login for user 'admin' from: 192.168.222.22
    Oct 20 21:46:34 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.121.65.51/0.20866550354197
    Oct 20 21:46:39 	php: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2013/10/20 21:46:34| aclParseIpData: unknown netmask '0.20866550354197' in '0.121.65.51/0.20866550354197' FATAL: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.121.65.51/0.20866550354197 Squid Cache (Version 3.1.22): Terminated abnormally. CPU Usage: 0.019 seconds = 0.013 user + 0.006 sys Maximum Resident Size: 6080 KB Page faults with physical i/o: 0'
    Oct 20 21:46:42 	squid: Bungled squid.conf line 22: acl localnet src 192.168.222.0/24 0.121.65.51/0.20866550354197
    


  • I have the same problem
    I get the same message
    You can scan files through a graphical interface

    Here is my message

    http://forum.pfsense.org/index.php/topic,67949.0.html

    I searched the forum and I got another message
    Where someone specifies what action he did and fix the problem

    http://forum.pfsense.org/index.php/topic,58254.msg311939.html#msg311939

    I have not tried because I do not know it will fit



  • 2  keinstein
    You can't use 2 proxies at the same time as transpared.
    You must cascade it.
    For example use HAVP option Proxy mode = Paren for Squid.



  • @dversg: well, that makes sense.

    @rest: I found a solutition: I am sorry, but pfsense had its chance. Maybe it has been my fault, but in the end i spent too much time in this. I was even that far to buy an commercial product. Finally I tried ipfire and I am surprised how easy it was to install and activate the squidproxy. I think pfsense is a very good piece of software, but in my case it did not work.


Log in to reply