Dansguardian 2.12.0.3_2 does not work
-
See this thread for a workaround on the issues with 2.12.0.3_2 https://forum.pfsense.org/index.php?topic=75243.0
Unfortunately it's still unusable for me. At least the service now runs, but neither of the content scanners are working. My internet just breaks if I route my traffic through DG proxy.
DG reports the status of the content scanners as (off). So I ran clamd in shell and got ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock is in use by another process.
I then removed /var/run/clamav/clamd.sock and ran clamd again with no errors. DG still shows content scanner (off) and No traffic is routed to final destination.
What other packages do you have installed?
-
cron, squid3 and lightsquid…
Install order was
cron
dansguardian
squid3
lightsquidThen installed the pbi of the older version of the dansguardian package. After that, downloaded the blacklists and created the symbolic links to fix clam.
-
OK… in my case at least (on a fresh install as described in the other thread) clam wasn't starting... here's what I did to fix it...
cd /usr/local/bin ln -s /usr/pbi/dansguardian-amd64/bin/freshclam freshclam cd /usr/local/etc/ ln -s /usr/pbi/dansguardian-amd64/etc/freshclam.conf freshclam.conf cd /usr/local/sbin ln -s /usr/pbi/dansguardian-amd64/sbin/clamd clamd
Files already exist, and still no clamd on DG.
See this thread for a workaround on the issues with 2.12.0.3_2 https://forum.pfsense.org/index.php?topic=75243.0
Unfortunately it's still unusable for me. At least the service now runs, but neither of the content scanners are working. My internet just breaks if I route my traffic through DG proxy.
DG reports the status of the content scanners as (off). So I ran clamd in shell and got ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock is in use by another process.
I then removed /var/run/clamav/clamd.sock and ran clamd again with no errors. DG still shows content scanner (off) and No traffic is routed to final destination.
What other packages do you have installed?
Cron and Squid
-
I then removed /var/run/clamav/clamd.sock and ran clamd again with no errors. DG still shows content scanner (off) and No traffic is routed to final destination.
Do "ps -ax | grep clam" and see if clam is actually running…
Do "ps -ax | grep dans" to see if dans is actually runningAlso, what do you mean by "DG still shows content scanner (off)"? As far as I know, the way to turn clam on is by selecting it in the list (either clam or icapscan) on the general setup tab. I didn't think there was anywhere that indicated if it was running or not. What are you looking at?
If clam is selected, but not running when you try to browse to a page that should be virus scanned you will get an error indicating that dans could not scan the page. If you are not getting that error, and both dans and squid are running, then something else is likely setup wrong...
-
OK… in my case at least (on a fresh install as described in the other thread) clam wasn't starting... here's what I did to fix it...
cd /usr/local/bin ln -s /usr/pbi/dansguardian-amd64/bin/freshclam freshclam cd /usr/local/etc/ ln -s /usr/pbi/dansguardian-amd64/etc/freshclam.conf freshclam.conf cd /usr/local/sbin ln -s /usr/pbi/dansguardian-amd64/sbin/clamd clamd
Files already exist, and still no clamd on DG.
See this thread for a workaround on the issues with 2.12.0.3_2 https://forum.pfsense.org/index.php?topic=75243.0
Unfortunately it's still unusable for me. At least the service now runs, but neither of the content scanners are working. My internet just breaks if I route my traffic through DG proxy.
DG reports the status of the content scanners as (off). So I ran clamd in shell and got ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock is in use by another process.
I then removed /var/run/clamav/clamd.sock and ran clamd again with no errors. DG still shows content scanner (off) and No traffic is routed to final destination.
What other packages do you have installed?
Cron and Squid
run this command and post the output "ls -la /var/run/"
-
Do "ps -ax | grep clam" and see if clam is actually running…
Do "ps -ax | grep dans" to see if dans is actually runningAlso, what do you mean by "DG still shows content scanner (off)"? As far as I know, the way to turn clam on is by selecting it in the list (either clam or icapscan) on the general setup tab. I didn't think there was anywhere that indicated if it was running or not. What are you looking at?
If clam is selected, but not running when you try to browse to a page that should be virus scanned you will get an error indicating that dans could not scan the page. If you are not getting that error, and both dans and squid are running, then something else is likely setup wrong...
"ps -ax | grep clam
16871 ?? Is 0:00.00 /usr/pbi/dansguardian-amd64/sbin/clamd
52631 0 S+ 0:00.00 grep clamps -ax | grep dans
16871 ?? Is 0:00.00 /usr/pbi/dansguardian-amd64/sbin/clamd
29973 ?? Ss 0:00.01 /usr/local/sbin/dansguardian
30006 ?? I 0:00.00 /usr/local/sbin/dansguardian
30028 ?? I 0:00.00 /usr/local/sbin/dansguardian
30145 ?? I 0:00.00 /usr/local/sbin/dansguardian
30166 ?? I 0:00.00 /usr/local/sbin/dansguardian
30180 ?? I 0:00.00 /usr/local/sbin/dansguardian
30457 ?? I 0:00.00 /usr/local/sbin/dansguardian
30466 ?? I 0:00.00 /usr/local/sbin/dansguardian
30810 ?? I 0:00.00 /usr/local/sbin/dansguardian
30985 ?? I 0:00.00 /usr/local/sbin/dansguardian
31042 ?? I 0:00.00 /usr/local/sbin/dansguardian
34492 0 S+ 0:00.00 grep dansrun this command and post the output "ls -la /var/run/"
.
.
.
drwxr-xr-x 2 clamav wheel 512 Apr 18 12:26 clamav
-rw–----- 1 root wheel 5 Apr 18 12:26 cron.pid
-rw-r--r-- 1 root wheel 6 Apr 18 12:30 dansguardian.pid
.
.
. -
OK… so both clam and dans appear to be running. Is squid running? Is DG configured and listening on a port and talking to squid on the port that squid is listening on? What happens when you set dansguardian as your proxy and try to browse a page? What if you set squid as the proxy and try to browse?
Also - what do you mean when you say that the content scanner is "off".
-
Does your configuration page look like this??
-
OK… so both clam and dans appear to be running. Is squid running? Is DG configured and listening on a port and talking to squid on the port that squid is listening on? What happens when you set dansguardian as your proxy and try to browse a page? What if you set squid as the proxy and try to browse?
Also - what do you mean when you say that the content scanner is "off".
Ok, i reinstalled the package and followed the steps in your other thread (linked earlier). Changed Dan to listen on LAN, proxy on loopback. It could have been my settings, since I frantically messed with various settings to get DG working. Now everything works great!!
I was under the impression that under General->Content Scanner->Clamdscan (on) would show once enabled. Now i see that it shows the default value even when calmav is running.
I greatly appreciate your efforts. Thanks
-
Hi guys,
There is no updates on dasguardian code for more then one year, a lot of patches were submitted but none merged.
Every manual patch I have applied to dansguardian source code are not commited/applied on freebsd port too, so it's hard to have it compiled my core team.
Fredb has pushed a lot of uncommited fixes that he forked the project to have it applied.
https://forum.pfsense.org/index.php?topic=61811.msg376192#msg376192Full changelog from current dansguardian official code to e2guardian
https://raw.githubusercontent.com/e2guardian/e2guardian/master/e2guardian.release -
Marcello… I don't know if you've been watching the forums or not, but something definitely got broken in the 2.12.0.3_2 version of the package. There is something wrong with the content scanner stuff - multiple executables and configuration files are missing. Also, the blacklist download site is not being set.
At any rate... the workaround seems to be installing the 2.12.0.3 version from your repository...
-
something definitely got broken in the 2.12.0.3_2 version of the package.
That's the official version from ports compiled by core team, the code doesn't have some patches
At any rate… the workaround seems to be installing the 2.12.0.3 version from your repository...
I'm trying to port e2guardian to freebsd and then pfsense. As I said, dansguardian is no longer being updated by maintainers on sourceforge.
Many commits are pending.AFAIK, e2guardian will not have use restrictions as dasnguardian has.
The gui will be almost the same, just the package name will change. If core team aproves, it will be applied to pfsense 2.1 -
something definitely got broken in the 2.12.0.3_2 version of the package.
That's the official version from ports compiled by core team, the code doesn't have some patches
At any rate… the workaround seems to be installing the 2.12.0.3 version from your repository...
I'm trying to port e2guardian to freebsd and then pfsense. As I said, dansguardian is no longer being updated by maintainers on sourceforge.
Many commits are pending.AFAIK, e2guardian will not have use restrictions as dasnguardian has.
The gui will be almost the same, just the package name will change. If core team aproves, it will be applied to pfsense 2.1Very nice… I'll look forward to that... Thanks again Marcello