Dansguardian clamav and other issues fix



  • Is Dansguardian Clamav issues fix
    Is Dansguardian upload issue fix
    Does Dansguardian work with clamav _0.97.8

    Does anyone have DansGuardian Install and working with clamav and when restart create the missing directory and files,

    would not mind posting their how to

    and  what you install first.

    thanks



  • Always works reliably for me… What I do.

    1.) Install dansguardian
    2.) Install Squid3.
    3.) Manually create clamav-clamd and clamav-freshclam shell scripts in /usr/local/etc/rc.d
    4.) Replace dansguardian executable with one form 2.12.0.6



  • @rjcrowder:

    Always works reliably for me… What I do.

    4.) Replace dansguardian executable with one form 2.12.0.6

    Whats the command for this?



  • You can find a link on this thread http://forum.pfsense.org/index.php/topic,61811.25.html. I didn't try to do a full install of Marcello's zip file. Instead I copied the file to my local machine and pulled the dansguardian executable out of it. Then I copied the executable up to my pfsense box.

    Now that I think about it, version 2.12.0.6 requires a small change to the dansguardian config file. You can accomplish the change by applying this patch to /usr/local/pkg/dansguardian.conf.template

    412a413,430
    > # - RJC - Some hard coded values required for 2.12.0.6
    > #
    > # Proxy timeout 
    > # Set tcp timeout between the Proxy and DansGuardian 
    > # Min 5 - Max 100
    > proxytimeout = 20
    > 
    > # Proxy header exchange
    > # Set timeout between the Proxy and DansGuardian 
    > # Min 20 - Max 300
    > proxyexchange = 20
    > 
    > # Pconn timeout
    > # how long a persistent connection will wait for other requests
    > # squid apparently defaults to 1 minute (persistent_request_timeout),
    > # so wait slightly less than this to avoid duff pconns.
    > # Min 5 - Max 300
    > pcontimeout = 55
    
    


  • another issue is blacklists. unfortunately, dansguardian doesn't work with blacklist. when i select a banned list, config file doesn't change.



  • @Amirkabir:

    another issue is blacklists. unfortunately, dansguardian doesn't work with blacklist. when i select a banned list, config file doesn't change.

    Works fine for me… can you give me any more info about your setup?



  • I updated dansguardian with bigblacklist.tar.gz.  i configured squid server on loopback interface and default port.
    in dansguardian banned list, i select news domains and press save button. config file doesn't change. i change my proxy settings in firefox to dansguardian ip:8080.
    badboys.com is blocked but all news domain (like http://beebenews.com/) can be accessed.



  • How did you update the blacklist? Did you re-download them? Let me give you a couple of debugging ideas.

    First, you'll have to force it to run "/usr/local/bin/php /usr/local/www/dansguardian.php fetch_blacklist". You can do this from the UI, but I'd just set the URL of the blacklist download in the UI and then go run it from the command line.  The package keeps an internal list of directories that you are allowed to pick from in the UI. The list is built when the above code is executed.

    So…
    1.) make sure you've run the fetch_blacklist code.
    2.) make sure it properl updated the blacklist directories
    3.) check the internal list of those directories (kept in config.xml)



  • Thanks rjcrowder
    I use my local package and blacklist repository. our admins doesn't have shell access.
    have you hardcoded blacklist url?  how can i change this url and get blacklist from my repository during package installation? (checking dansguardian blacklist …)



  • @Amirkabir:

    Thanks rjcrowder
    I use my local package and blacklist repository. our admins doesn't have shell access.
    have you hardcoded blacklist url?  how can i change this url and get blacklist from my repository during package installation? (checking dansguardian blacklist …)

    You can change the blacklist URL in the blacklist tab under dansguardian. Then change the update frequency to "download and update now" and click save.



  • I know…i want to change some code to update blacklist during package installation. this message appears during package installation:  checking dansguardian blacklist ...



  • I'm not sure how the whole install flow works, but the code is in /usr/local/pkg/dansguardian.inc and the function is sync_package_dansguardian(). Then blacklist check is done by line 931 (says "fetch_blacklist(…").



  • Dansguardian Antivirus  not blocking

    installed Dansguardian created all missing dir and files

    freshclam updated

    clamd started

    install squid

    Test with eicar antimalware testfile

    Dansguardian Antivirus Clamdscan not scanning or blocking

    eicar antimalware testfile did not get block by

    (ps -ax | grep clam, ps -ax | grep dans, ps -ax | grep squid)

    $ ps -ax | grep clam
    87531  ??  Is    0:16.74 clamd
    96153  ??  S      0:00.00 sh -c ps -ax | grep clam 2>&1
    96241  ??  S      0:00.00 grep clam

    $ ps -ax | grep dans
    34253  ??  S      0:00.00 sh -c ps -ax | grep dans 2>&1
    34663  ??  S      0:00.00 grep dans
    88079  ??  Is    0:00.22 /usr/local/sbin/dansguardian
    91229  ??  I      0:00.00 /usr/local/sbin/dansguardian
    91304  ??  I      0:00.00 /usr/local/sbin/dansguardian
    91316  ??  I      0:00.26 /usr/local/sbin/dansguardian
    91600  ??  I      0:00.05 /usr/local/sbin/dansguardian
    91636  ??  I      0:00.04 /usr/local/sbin/dansguardian
    91908  ??  I      0:00.06 /usr/local/sbin/dansguardian
    92171  ??  I      0:00.01 /usr/local/sbin/dansguardian
    92478  ??  I      0:00.02 /usr/local/sbin/dansguardian
    92824  ??  I      0:00.01 /usr/local/sbin/dansguardian
    93086  ??  I      0:00.01 /usr/local/sbin/dansguardian
    93343  ??  I      0:00.00 /usr/local/sbin/dansguardian
    93621  ??  I      0:00.00 /usr/local/sbin/dansguardian
    93870  ??  I      0:00.00 /usr/local/sbin/dansguardian
    94076  ??  I      0:00.00 /usr/local/sbin/dansguardian
    94298  ??  I      0:00.00 /usr/local/sbin/dansguardian
    94479  ??  I      0:00.00 /usr/local/sbin/dansguardian
    94565  ??  I      0:00.00 /usr/local/sbin/dansguardian
    94652  ??  I      0:00.00 /usr/local/sbin/dansguardian
    94988  ??  I      0:00.00 /usr/local/sbin/dansguardian
    95298  ??  I      0:00.00 /usr/local/sbin/dansguardian

    $ ps -ax | grep squid
    40576  ??  INs    0:00.00 /usr/pbi/squid-amd64/sbin/squid -f /usr/pbi/squid-amd
    41318  ??  SN    0:01.36 (squid-1) -f /usr/pbi/squid-amd64/etc/squid/squid.con
    64541  ??  S      0:00.00 sh -c ps -ax | grep squid 2>&1
    65018  ??  S      0:00.00 grep squid



  • thanks rjcrowder, But it doesn't work.
    I run "/usr/local/bin/php /usr/local/www/dansguardian.php fetch_blacklist" from shell .
    output message is :

    Content-type: text/html
    

    my config.xml is correct:

    <banned_includes>/usr/pbi/dansguardian-i386/etc/dansguardian/lists/blacklists/news/domains</banned_includes>
    

    But dansguardian config file doesn't change and news domain can still be accessed.  :(



  • Do you have a blacklist URL set in the UI (under the blacklists tab)? Does it work to manually retrieve the blacklist from the URL you've entered?



  • Yes, update works correctly.



  • Unfortunately, dansguardian files has been changed, but version numbers are same. i downloaded new files to my  package repository and problem solved.



  • @Amirkabir:

    Unfortunately, dansguardian files has been changed, but version numbers are same. i downloaded new files to my  package repository and problem solved.

    Interesting… that is one of the things that I've noted Marcello doing occasionally. He makes minor changes and puts them out under the same version number. Or at least that's what I thought was happening...

    Not good practice in my mind, but there must be some reason...



  • Very bad practice!