Squid3-dev ICAP Protocol Error on 32-bit
-
Sorry to necro this…
Has anyone found a solution to this? I get this same error message and if the issue is a malformed url in a config file, which one is it?
-
Thanks MIT for the details, however in squid 3.4.10_2 pkg 0.2.6 there are changes in the squid.inc file.
it's like this:
icap_service service_avi_req reqmod_precache icap://[::1]:1344/squid_clamav bypass=off
adaptation_access service_avi_req allow all
icap_service service_avi_resp respmod_precache icap://[::1]:1344/squid_clamav bypass=on
adaptation_access service_avi_resp allow alli changed the squid_clamav bypass=off to on and the eicar detection is working.
thank you again :)
-
As I've posted on other many squid3 topics, clamav integration will work if you:
-
Enable antivirus on squid
-
fix config warnings alerts
-
wait first freshclam to finish
-
stop and start (not restart) squid and c-icap service
Configure a clamav bypass has the same effect as disabling the antivirus integration.
I've tested it on amd64 at least 3 times and had a working on all tests.
-
-
Can you fix the default config so that it works by default. While the GUI does tell you what to do if you save the page again, I'm sure that a lot of people on the forum and irc having issues with Squid do not go back there and save the page a second time.
-
Can you fix the default config so that it works by default. While the GUI does tell you what to do if you save the page again, I'm sure that a lot of people on the forum and irc having issues with Squid do not go back there and save the page a second time.
Decide what ip to use on sarg reports warn_php for example is not that simple. If I force Lan IP on package config then somebody will ask to listen on WLAN and/or internal http server.
This is a first run configuration. Once configured, you do not need to check again antivurus options.
-
I have this problem on the 64 bit version RC 2.2 and I just go to the antivirus page and click save again and then the system comes back up .. but wish it stop messing up
-
Friends, help, please, how to solve a problem with this error ICAP?
Configuring a clamav bypass=1 is disabling the antivirus integration!
PFsense 2.1.5 x64, squid 3.3.10 -
Did you read the topic first?
https://forum.pfsense.org/index.php?topic=77264.msg485524#msg485524
-
Did you read the topic first?
https://forum.pfsense.org/index.php?topic=77264.msg485524#msg485524Friend, yes, I read it. But to my regret, I didn't understand part of instructions:
fix config warnings alerts
wait first freshclam to finish
Please, explain more in detail which needs to be made here.
Thanks! -
Antonio, don't waste your time in pfSense 2.1.5 x64 i-cap ist still broken there, since it has never worked before.
I guess you need to upgrade to pfSense 2.2 x64 to get it work, if I get marcelloc right?
fix config warnings alerts = look in Status: System logs: General for errors and fix it
wait first freshclam to finish = execute freshclam in the console/shell and watch via top till its finished
Good luck.
-
Error in system log (PFsense 2.1.5 x64, squid 3.3.10):
kernel: pid 85487 (c-icap), uid 9595: exited on signal 11It is possible to fix it, or it really nonremovable error in 2.1.5 x64 in ICAP?
I don't like 2.2. With it I have many more problems with Squid+SquidGuard+Lightsquid. May be later, build of PFsense will be stable and I update it. -
It is possible to fix it, or it really nonremovable error in 2.1.5 x64 in ICAP?
Unfortunatelly no. the icap error are related to freebsd 8.x and icap, not pfsense itself. the same compile args and config options works fine on freebsd 8.x 32bit version.
An workaround for pfsense 2.1.x 64bits if you are not using ssl interception is to use clamav on dansguardian ou havp.
-
I am receiving ICAP errors with squid3 on amd64 pfSense 2.2 but only on http sites. I think I must have something misconfigured because HTTPS is fine. How does one use HAVP with squid, I feel like I have too many redundant proxies with HAVP and Dansguardian.
-
I was having a similar problem until I saw this: https://forum.pfsense.org/index.php?topic=87424.msg480232#msg480232
fresh 2.2 install
Install squid3
…
chech squid tabs, save, fix config options pointed by gui alerts
On antivirus tab, save config twice as first time it will load sample files and second check config options.
via console wait (repeating ps ax | grep -i fresclam or tail -f /var/log/clamav/freshclam.log) clamav database first slow update
enable transparent mode(do not select loopback on any squid option)
stop and start squid via gui to force c-icap to restart too after first freshclam.
…Edited original post to describe my steps. The key part is the "save twice" on the AV tab. Fix the problems presented, each has its solution right in the message. I am now able to browse HTTP sites without the ICAP errors.
-
$ repeating ps ax | grep -i freshclam or tail -f /var/log/clamav/freshclam.log grep: freshclam: No such file or directory grep: or: No such file or directory grep: tail: No such file or directoryFor some reason I can't freshclam
-
$ repeating ps ax | grep -i freshclam or tail -f /var/log/clamav/freshclam.logThis line means
repeat this cmd on console every 30 seconds for example
ps ax | grep -i freshclamor this one once
tail -f /var/log/clamav/freshclam.log -
I think I just typed "freshclam" (without quotes) to update, as marcelloc says the other commands are to show the status of freshclam, not to execute it.
-
HI, Guys
I got errors:
ERROR
The requested URL could not be retrievedThe following error was encountered while trying to retrieve the URL: http://www.google.ca
Connection to 127.0.0.1 failed.
The system returned: (60) Operation timed out
The remote host or network may be down. Please try the request again.
Your cache administrator is admin@localhost.
ERROR
The requested URL could not be retrievedThe following error was encountered while trying to retrieve the URL: http://www.dslreports.com/forum/rogers
Unable to forward this request at this time.
This request could not be forwarded to the origin server or to any parent caches.
Some possible problems are:
An Internet connection needed to access this domains origin servers may be down.
All configured parent caches may be currently unreachable.
The administrator may not allow this cache to make direct connections to origin servers.Your cache administrator is admin@localhost.
I only installed snort, pfBlokerNG, and squid3, for Squid3, all the settings were setup by default, changed squid.inc, changed anti-virus configs, and execute freshclam, but I got above odd errors, can't surf internet unless turn off the transparent HTTP proxy.
What am I doing wrong?
-
Olá,
Caso alguém ainda esteja com problemas. Segue abaixo como funcionou em minha rede:
Pfsense 2.2.3 + Squid3 0.2.8 + SquidGuard 1.9.14 + i-cap/clamav
Defina em squidclamav.conf:
redirect http://IP_SEU_SERVIDOR/squid_clwarn.php
Para o caso de possuir SquidGuard, descomente a linha:
squidguard /usr/local/squidGuard/bin/squidGuard
Adicione em i-cap.conf:
Service squid_clamav squidclamav.so
Apague essa linha de i-cap.conf(Mesmo que esteja comentada):
ldap://cn=Directory Manager:Apassword@ldap.chtsanti.net?o=chtsanti?mermberUid?(&(objectClass=posixGroup)(cn=%s))
Pra mim está funcionando ok.
I hope it helps someone. ;D
-
Just add domain in Whitelist with http and you`r issue will solve.