Squid3-dev v3.3.10 pkg 2.2.6,SSL MiM + Diladele = c-icap no file scanning
-
hi i have instaled pfsense v2.1.4 i386 with this packages:
squid3-dev v3.3.10 pkg 2.2.6, working SSL man in the middle for filtering HTTPS
snort 2.9.6.2 pkg v3.1.1
pfblocker 1.0.2All working well (included eicar test http://www.eicar.org/85-0-Download.html file scaning with c-icap) without instaled diladele ( http://docs.diladele.com/administrator_guide_3_4/installation_and_removal/install_on_freebsd.html).
When i instal Diladele ( http://docs.diladele.com/administrator_guide_3_4/installation_and_removal/install_on_freebsd.html and add 'always_direct allow all; ssl_bump server-first all' to squid config), then i can filter https, http but scaning downloaded file (for examle exe, zip, com, txt) with virus scanner not working.
Can you pleas link me to some solution?
Thx,
Marian L.
-
ok, today i make some research and find how to chaining diladele and c-icap for filtering https and scaning downloaded files. I change /usr/pbi/squid-i386/etc/squid/squid.conf (problem is, i dont for now, how to make changes permanent:
chanched in squid.conf (also changet listening port in antivirus settings in pfsense UI to 1345):
# Custom options before auth always_direct allow all ssl_bump server-first all icap_enable on icap_preview_enable on icap_preview_size 4096 icap_persistent_connections on icap_send_client_ip on icap_send_client_username on icap_client_username_header X-Client-Username icap_service service_req reqmod_precache bypass=0 icap://127.0.0.1:1345/squidclamav icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1345/squidclamav icap_service qlproxy1 reqmod_precache bypass=0 icap://127.0.0.1:1344/reqmod icap_service qlproxy2 respmod_precache bypass=0 icap://127.0.0.1:1344/respmod acl qlproxy_icap_edomains dstdomain "/opt/qlproxy/etc/squid/icap_exclusions_domains.conf" acl qlproxy_icap_etypes rep_mime_type "/opt/qlproxy/etc/squid/icap_exclusions_contenttypes.conf" adaptation_access qlproxy1 deny qlproxy_icap_edomains adaptation_access qlproxy2 deny qlproxy_icap_edomains adaptation_access qlproxy2 deny qlproxy_icap_etypes adaptation_access qlproxy1 allow all adaptation_access qlproxy2 allow all adaptation_access service_req allow all adaptation_access service_resp allow all #icap_enable on #icap_send_client_ip on #icap_send_client_username on #icap_client_username_encode off #icap_client_username_header X-Authenticated-User #icap_preview_enable on #icap_preview_size 1024 # Always allow access to whitelist domains http_access allow whitelist acl sglog url_regex -i sgr=ACCESSDENIED http_access deny sglog # Setup allowed acls # Allow local network(s) on interface(s) http_access allow allowed_subnets http_access allow localnet # Default block all to be sure http_access deny allsrc
squid.conf after:
# This file is automatically generated by pfSense # Do not edit manually ! http_port 192.168.20.1:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-i386/etc/squid/serverkey.pem capath=/usr/pbi/squid-i386/share/certs/ icp_port 0 dns_v4_first on pid_filename /var/run/squid.pid cache_effective_user proxy cache_effective_group proxy error_default_language sk icon_directory /usr/pbi/squid-i386/etc/squid/icons visible_hostname localhost cache_mgr xxxxx@xxx.com access_log /var/squid/logs/access.log cache_log /var/squid/logs/cache.log cache_store_log none netdb_filename /var/squid/logs/netdb.state pinger_enable on pinger_program /usr/pbi/squid-i386/libexec/squid/pinger sslcrtd_program /usr/pbi/squid-i386/libexec/squid/ssl_crtd -s /var/squid/lib/ssl_db -M 4MB -b 2048 sslcrtd_children 5 sslproxy_capath /usr/pbi/squid-i386/share/certs/ logfile_rotate 90 debug_options rotate=90 shutdown_lifetime 3 seconds # Allow local network(s) on interface(s) acl localnet src 192.168.20.0/24 httpd_suppress_version_string on uri_whitespace strip # Break HTTP standard for flash videos. Keep them in cache even if asked not to. refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private # Let the clients favorite video site through with full caching acl youtube dstdomain .youtube.com cache allow youtube # Windows Update refresh_pattern range_offset_limit -1 refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims # Symantec refresh_pattern range_offset_limit -1 refresh_pattern liveupdate.symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims refresh_pattern symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims cache_mem 256 MB maximum_object_size_in_memory 512 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_dir aufs /var/squid/cache 100 32 256 minimum_object_size 0 KB maximum_object_size 10485760 KB offline_mode off cache_swap_low 90 cache_swap_high 95 cache allow all # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 # No redirector configured #Remote proxies # Setup some default acls # From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in. # acl localhost src 127.0.0.1/32 acl allsrc src all acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 3127 1025-65535 acl sslports port 443 563 # From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in. #acl manager proto cache_object acl purge method PURGE acl connect method CONNECT # Define protocols used for redirects acl HTTP proto HTTP acl HTTPS proto HTTPS acl allowed_subnets src 192.168.20.0/24 acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl" http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections # From 3.2 further configuration cleanups have been done to make things easier and safer. # The manager, localhost, and to_localhost ACL definitions are now built-in. # http_access allow localhost quick_abort_min -1 KB quick_abort_max 0 KB request_body_max_size 0 KB delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_initial_bucket_level 100 delay_access 1 allow allsrc # Reverse Proxy settings always_direct allow whitelist ssl_bump none whitelist # Custom options before auth always_direct allow all ssl_bump server-first all icap_enable on icap_preview_enable on icap_preview_size 4096 icap_persistent_connections on icap_send_client_ip on icap_send_client_username on icap_client_username_header X-Client-Username icap_service service_req reqmod_precache bypass=0 icap://127.0.0.1:1345/squidclamav icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1345/squidclamav icap_service qlproxy1 reqmod_precache bypass=0 icap://127.0.0.1:1344/reqmod icap_service qlproxy2 respmod_precache bypass=0 icap://127.0.0.1:1344/respmod acl qlproxy_icap_edomains dstdomain "/opt/qlproxy/etc/squid/icap_exclusions_domains.conf" acl qlproxy_icap_etypes rep_mime_type "/opt/qlproxy/etc/squid/icap_exclusions_contenttypes.conf" adaptation_access qlproxy1 deny qlproxy_icap_edomains adaptation_access qlproxy2 deny qlproxy_icap_edomains adaptation_access qlproxy2 deny qlproxy_icap_etypes adaptation_access qlproxy1 allow all adaptation_access qlproxy2 allow all adaptation_access service_req allow all adaptation_access service_resp allow all #icap_enable on #icap_send_client_ip on #icap_send_client_username on #icap_client_username_encode off #icap_client_username_header X-Authenticated-User #icap_preview_enable on #icap_preview_size 1024 # Always allow access to whitelist domains http_access allow whitelist acl sglog url_regex -i sgr=ACCESSDENIED http_access deny sglog # Setup allowed acls # Allow local network(s) on interface(s) http_access allow allowed_subnets http_access allow localnet # Default block all to be sure http_access deny allsrc
and some settings in clamd.conf (enable archive scanning and executable). I dont know if this help for scaning files, but i made it….
## ## Example config file for the Clam AV daemon ## Please read the clamd.conf(5) manual before editing this file. ## # Comment or remove the line below. #Example # Uncomment this option to enable logging. # LogFile must be writable for the user running daemon. # A full path is required. # Default: disabled LogFile /var/log/clamav/clamd.log # By default the log file is locked for writing - the lock protects against # running clamd multiple times (if want to run another clamd, please # copy the configuration file, change the LogFile variable, and run # the daemon with --config-file option). # This option disables log file locking. # Default: no #LogFileUnlock yes # Maximum size of the log file. # Value of 0 disables the limit. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. If LogFileMaxSize is enabled, log # rotation (the LogRotate option) will always be enabled. # Default: 1M LogFileMaxSize 2M # Log time with each message. # Default: no LogTime yes # Also log clean files. Useful in debugging but drastically increases the # log size. # Default: no #LogClean yes # Use system logger (can work together with LogFile). # Default: no LogSyslog yes # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. # Default: LOG_LOCAL6 #LogFacility LOG_MAIL # Enable verbose logging. # Default: no #LogVerbose yes # Enable log rotation. Always enabled when LogFileMaxSize is enabled. # Default: no LogRotate yes # Log additional information about the infected file, such as its # size and hash, together with the virus name. ExtendedDetectionInfo yes # This option allows you to save a process identifier of the listening # daemon (main thread). # Default: disabled PidFile /var/run/clamav/clamd.pid # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). #TemporaryDirectory /var/tmp # Path to the database directory. # Default: hardcoded (depends on installation options) DatabaseDirectory /var/db/clamav # Only load the official signatures published by the ClamAV project. # Default: no #OfficialDatabaseOnly no # The daemon can work in local mode, network mode or both. # Due to security reasons we recommend the local mode. # Path to a local socket file the daemon will listen on. # Default: disabled (must be specified by a user) LocalSocket /var/run/clamav/clamd.sock # Sets the group ownership on the unix socket. # Default: disabled (the primary group of the user running clamd) #LocalSocketGroup virusgroup # Sets the permissions on the unix socket to the specified mode. # Default: disabled (socket is world accessible) #LocalSocketMode 660 # Remove stale socket after unclean shutdown. # Default: yes FixStaleSocket yes # TCP port address. # Default: no #TCPSocket 3310 # TCP address. # By default we bind to INADDR_ANY, probably not wise. # Enable the following to provide some degree of protection # from the outside world. # Default: no #TCPAddr 127.0.0.1 # Maximum length the queue of pending connections may grow to. # Default: 200 #MaxConnectionQueueLength 30 # Clamd uses FTP-like protocol to receive data from remote clients. # If you are using clamav-milter to balance load between remote clamd daemons # on firewall servers you may need to tune the options below. # Close the connection when the data size limit is exceeded. # The value should match your MTA's limit for a maximum attachment size. # Default: 25M #StreamMaxLength 10M # Limit port range. # Default: 1024 #StreamMinPort 30000 # Default: 2048 #StreamMaxPort 32000 # Maximum number of threads running at the same time. # Default: 10 MaxThreads 20 # Waiting for data from a client socket will timeout after this time (seconds). # Default: 120 #ReadTimeout 300 # This option specifies the time (in seconds) after which clamd should # timeout if a client doesn't provide any initial command after connecting. # Default: 5 #CommandReadTimeout 5 # This option specifies how long to wait (in miliseconds) if the send buffer is full. # Keep this value low to prevent clamd hanging # # Default: 500 #SendBufTimeout 200 # Maximum number of queued items (including those being processed by MaxThreads threads) # It is recommended to have this value at least twice MaxThreads if possible. # WARNING: you shouldn't increase this too much to avoid running out of file descriptors, # the following condition should hold: # MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024) # # Default: 100 #MaxQueue 200 # Waiting for a new job will timeout after this time (seconds). # Default: 30 #IdleTimeout 60 # Don't scan files and directories matching regex # This directive can be used multiple times # Default: scan all #ExcludePath ^/proc/ #ExcludePath ^/sys/ # Maximum depth directories are scanned at. # Default: 15 MaxDirectoryRecursion 15 # Follow directory symlinks. # Default: no #FollowDirectorySymlinks yes # Follow regular file symlinks. # Default: no #FollowFileSymlinks yes # Scan files and directories on other filesystems. # Default: yes #CrossFilesystems yes # Perform a database check. # Default: 600 (10 min) #SelfCheck 600 # Execute a command when virus is found. In the command string %v will # be replaced with the virus name. # Default: no #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v" # Run as another user (clamd must be started by root for this option to work) # Default: don't drop privileges User clamav # Initialize supplementary group access (clamd must be started by root). # Default: no AllowSupplementaryGroups yes # Stop daemon when libclamav reports out of memory condition. #ExitOnOOM yes # Don't fork into background. # Default: no #Foreground yes # Enable debug messages in libclamav. # Default: no #Debug yes # Do not remove temporary files (for debug purposes). # Default: no #LeaveTemporaryFiles yes # Permit use of the ALLMATCHSCAN command. If set to no, clamd will reject # any ALLMATCHSCAN command as invalid. # Default: yes #AllowAllMatchScan no # Detect Possibly Unwanted Applications. # Default: no DetectPUA yes # Exclude a specific PUA category. This directive can be used multiple times. # See http://www.clamav.net/support/pua for the complete list of PUA # categories. # Default: Load all categories (if DetectPUA is activated) #ExcludePUA NetTool #ExcludePUA PWTool # Only include a specific PUA category. This directive can be used multiple # times. # Default: Load all categories (if DetectPUA is activated) #IncludePUA Spy #IncludePUA Scanner #IncludePUA RAT # In some cases (eg. complex malware, exploits in graphic files, and others), # ClamAV uses special algorithms to provide accurate detection. This option # controls the algorithmic detection. # Default: yes AlgorithmicDetection yes ## ## Executable files ## # PE stands for Portable Executable - it's an executable file format used # in all 32 and 64-bit versions of Windows operating systems. This option allows # ClamAV to perform a deeper analysis of executable files and it's also # required for decompression of popular executable packers such as UPX, FSG, # and Petite. If you turn off this option, the original files will still be # scanned, but without additional processing. # Default: yes ScanPE yes # Certain PE files contain an authenticode signature. By default, we check # the signature chain in the PE file against a database of trusted and # revoked certificates if the file being scanned is marked as a virus. # If any certificate in the chain validates against any trusted root, but # does not match any revoked certificate, the file is marked as whitelisted. # If the file does match a revoked certificate, the file is marked as virus. # The following setting completely turns off authenticode verification. # Default: no #DisableCertCheck yes # Executable and Linking Format is a standard format for UN*X executables. # This option allows you to control the scanning of ELF files. # If you turn off this option, the original files will still be scanned, but # without additional processing. # Default: yes #ScanELF yes # With this option clamav will try to detect broken executables (both PE and # ELF) and mark them as Broken.Executable. # Default: no #DetectBrokenExecutables yes ## ## Documents ## # This option enables scanning of OLE2 files, such as Microsoft Office # documents and .msi files. # If you turn off this option, the original files will still be scanned, but # without additional processing. # Default: yes ScanOLE2 yes # With this option enabled OLE2 files with VBA macros, which were not # detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros". # Default: no #OLE2BlockMacros no # This option enables scanning within PDF files. # If you turn off this option, the original files will still be scanned, but # without decoding and additional processing. # Default: yes ScanPDF yes # This option enables scanning within SWF files. # If you turn off this option, the original files will still be scanned, but # without decoding and additional processing. # Default: yes ScanSWF yes ## ## Mail files ## # Enable internal e-mail scanner. # If you turn off this option, the original files will still be scanned, but # without parsing individual messages/attachments. # Default: yes ScanMail yes # Scan RFC1341 messages split over many emails. # You will need to periodically clean up $TemporaryDirectory/clamav-partial directory. # WARNING: This option may open your system to a DoS attack. # Never use it on loaded servers. # Default: no ScanPartialMessages yes # With this option enabled ClamAV will try to detect phishing attempts by using # signatures. # Default: yes PhishingSignatures yes # Scan URLs found in mails for phishing attempts using heuristics. # Default: yes PhishingScanURLs yes # Always block SSL mismatches in URLs, even if the URL isn't in the database. # This can lead to false positives. # # Default: no #PhishingAlwaysBlockSSLMismatch no # Always block cloaked URLs, even if URL isn't in database. # This can lead to false positives. # # Default: no #PhishingAlwaysBlockCloak no # Allow heuristic match to take precedence. # When enabled, if a heuristic scan (such as phishingScan) detects # a possible virus/phish it will stop scan immediately. Recommended, saves CPU # scan-time. # When disabled, virus/phish detected by heuristic scans will be reported only at # the end of a scan. If an archive contains both a heuristically detected # virus/phish, and a real malware, the real malware will be reported # # Keep this disabled if you intend to handle "*.Heuristics.*" viruses # differently from "real" malware. # If a non-heuristically-detected virus (signature-based) is found first, # the scan is interrupted immediately, regardless of this config option. # # Default: no #HeuristicScanPrecedence yes ## ## Data Loss Prevention (DLP) ## # Enable the DLP module # Default: No #StructuredDataDetection yes # This option sets the lowest number of Credit Card numbers found in a file # to generate a detect. # Default: 3 #StructuredMinCreditCardCount 5 # This option sets the lowest number of Social Security Numbers found # in a file to generate a detect. # Default: 3 #StructuredMinSSNCount 5 # With this option enabled the DLP module will search for valid # SSNs formatted as xxx-yy-zzzz # Default: yes #StructuredSSNFormatNormal yes # With this option enabled the DLP module will search for valid # SSNs formatted as xxxyyzzzz # Default: no #StructuredSSNFormatStripped yes ## ## HTML ## # Perform HTML normalisation and decryption of MS Script Encoder code. # Default: yes # If you turn off this option, the original files will still be scanned, but # without additional processing. ScanHTML yes ## ## Archives ## # ClamAV can scan within archives and compressed files. # If you turn off this option, the original files will still be scanned, but # without unpacking and additional processing. # Default: yes ScanArchive yes # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). # Default: no ArchiveBlockEncrypted no ## ## Limits ## # The options below protect your system against Denial of Service attacks # using archive bombs. # This option sets the maximum amount of data to be scanned for each input file. # Archives and other containers are recursively extracted and scanned up to this # value. # Value of 0 disables the limit # Note: disabling this limit or setting it too high may result in severe damage # to the system. # Default: 100M MaxScanSize 150M # Files larger than this limit won't be scanned. Affects the input file itself # as well as files contained inside it (when the input file is an archive, a # document or some other kind of container). # Value of 0 disables the limit. # Note: disabling this limit or setting it too high may result in severe damage # to the system. # Default: 25M MaxFileSize 30M # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR # file, all files within it will also be scanned. This options specifies how # deeply the process should be continued. # Note: setting this limit too high may result in severe damage to the system. # Default: 16 MaxRecursion 10 # Number of files to be scanned within an archive, a document, or any other # container file. # Value of 0 disables the limit. # Note: disabling this limit or setting it too high may result in severe damage # to the system. # Default: 10000 MaxFiles 15000 # Maximum size of a file to check for embedded PE. Files larger than this value # will skip the additional analysis step. # Note: disabling this limit or setting it too high may result in severe damage # to the system. # Default: 10M MaxEmbeddedPE 10M # Maximum size of a HTML file to normalize. HTML files larger than this value # will not be normalized or scanned. # Note: disabling this limit or setting it too high may result in severe damage # to the system. # Default: 10M MaxHTMLNormalize 10M # Maximum size of a normalized HTML file to scan. HTML files larger than this # value after normalization will not be scanned. # Note: disabling this limit or setting it too high may result in severe damage # to the system. # Default: 2M MaxHTMLNoTags 2M # Maximum size of a script file to normalize. Script content larger than this # value will not be normalized or scanned. # Note: disabling this limit or setting it too high may result in severe damage # to the system. # Default: 5M MaxScriptNormalize 5M # Maximum size of a ZIP file to reanalyze type recognition. ZIP files larger # than this value will skip the step to potentially reanalyze as PE. # Note: disabling this limit or setting it too high may result in severe damage # to the system. # Default: 1M MaxZipTypeRcg 1M ## ## Clamuko settings ## # Enable Clamuko. Dazuko must be configured and running. Clamuko supports # both Dazuko (/dev/dazuko) and DazukoFS (/dev/dazukofs.ctrl). DazukoFS # is the preferred option. For more information please visit www.dazuko.org # Default: no #ClamukoScanOnAccess yes # The number of scanner threads that will be started (DazukoFS only). # Having multiple scanner threads allows Clamuko to serve multiple # processes simultaneously. This is particularly beneficial on SMP machines. # Default: 3 #ClamukoScannerCount 3 # Don't scan files larger than ClamukoMaxFileSize # Value of 0 disables the limit. # Default: 5M #ClamukoMaxFileSize 10M # Set access mask for Clamuko (Dazuko only). # Default: no #ClamukoScanOnOpen yes #ClamukoScanOnClose yes #ClamukoScanOnExec yes # Set the include paths (all files inside them will be scanned). You can have # multiple ClamukoIncludePath directives but each directory must be added # in a seperate line. (Dazuko only) # Default: disabled #ClamukoIncludePath /home #ClamukoIncludePath /students # Set the exclude paths. All subdirectories are also excluded. (Dazuko only) # Default: disabled #ClamukoExcludePath /home/bofh # With this option you can whitelist specific UIDs. Processes with these UIDs # will be able to access all files. # This option can be used multiple times (one per line). # Default: disabled #ClamukoExcludeUID 0 # With this option enabled ClamAV will load bytecode from the database. # It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses. # Default: yes #Bytecode yes # Set bytecode security level. # Possible values: # None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS # This value is only available if clamav was built with --enable-debug! # TrustSigned - trust bytecode loaded from signed .c[lv]d files, # insert runtime safety checks for bytecode loaded from other sources # Paranoid - don't trust any bytecode, insert runtime checks for all # Recommended: TrustSigned, because bytecode in .cvd files already has these checks # Note that by default only signed bytecode is loaded, currently you can only # load unsigned bytecode in --enable-debug mode. # # Default: TrustSigned #BytecodeSecurity TrustSigned # Set bytecode timeout in miliseconds. # # Default: 5000 # BytecodeTimeout 1000
-
huh, reply to myself :P …..
ok, permanent changes can make via pfsense UI.
1. set listening port "Antivirus" in "c-icap.conf" to "Port 1345"
2. set this in Custom ACLS (Before_Auth), with help of Diladele support:
always_direct allow all ssl_bump server-first all icap_enable on icap_preview_enable on icap_preview_size 4096 icap_persistent_connections on icap_send_client_ip on icap_send_client_username on icap_client_username_header X-Client-Username icap_service qlproxy1 reqmod_precache routing=0 bypass=0 icap://127.0.0.1:1344/reqmod icap_service qlproxy2 respmod_precache routing=0 bypass=0 icap://127.0.0.1:1344/respmod icap_service service_req reqmod_precache routing=0 bypass=0 icap://127.0.0.1:1345/squidclamav icap_service service_resp respmod_precache routing=0 bypass=0 icap://127.0.0.1:1345/squidclamav acl qlproxy_icap_edomains dstdomain "/opt/qlproxy/etc/squid/icap_exclusions_domains.conf" acl qlproxy_icap_etypes rep_mime_type "/opt/qlproxy/etc/squid/icap_exclusions_contenttypes.conf" adaptation_service_chain chain1 qlproxy1 service_req adaptation_access chain1 deny qlproxy_icap_edomains adaptation_access chain1 allow all adaptation_service_chain chain2 qlproxy2 service_resp adaptation_access chain2 deny qlproxy_icap_edomains adaptation_access chain2 deny qlproxy_icap_etypes adaptation_access chain2 allow all
but after save and restart squid service, in squid.conf remain this on end of file (always, because is autogenerated and i dont know where is template for generatin to delete these lines):
icap_enable on icap_send_client_ip on icap_send_client_username on icap_client_username_encode off icap_client_username_header X-Authenticated-User icap_preview_enable on icap_preview_size 1024 icap_service service_req reqmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav adaptation_access service_req allow all adaptation_access service_resp allow all
Can you pleas verify my settings and tune it? Thx.