ClamAV possible?
-
Yes - I don't run it on the current release of pfsense and I never had much luck the newest squid 3.
But yes. With the older squid, plus calmav, plus dansguardian it was quite stable. Worked great.
I imagine it still would be.
I do remember I had to go into command line to update and run clamav but only for the first signature update.
-
I also tested it periodically with the eicar test files and test site…
http://www.eicar.org/download/eicar.com.txt
-
With ClamAV? I just spent a while reading posts and they are almost exclusively failure reports.
Steve
Like I said… not currently using it, but dg with clamav always worked fine. The only reason I stopped using it was that it could take a long time (and sometimes time out) on very large file transfers.
-
My suggestion is:
1. Install squid 2, the stable one. 2.7.9 pkg v.4.3.4 (not squid 3)
2. reboot pfsense, then configure squid, the reboot again.
3. install dansguardian (I think clamav is part of that package)
You have to go into dansguardian and click the check box to enable clamav scanning.
You should probably do the first clamav signature update at the command line of pfsense.4. Configure dansguardian.
5. Configure the pfsense firewall so that selected machines on the LAN get HTTP through dansguardian.
If there is some new bug that would break this I wouldn't be aware of it. when my kids got older I deactivated net-nanny.
-
I really tried already allot and everything i found here but nothing works.
I also tried this: http://egoncalves.com.br/pfsense/pfsense-squid3-dev-clamav-i386/
But I'm on x64 and there I can't find a clwarn.cgiAlso in Dansguardian ClamAV does not start.
-
Hmmm. That doesn't look like the stable release of squid to me…
-
I must be lucky then.. I have it working using squid3-dev 3.3.10 pkg 2.2.6 on i386… Of course I can't remember if I had to do some work around...
Come to think of it, I think I may had to change folder permissions /var/log/c-icap and /var/log/clamav to be clamav:wheel and make sure clwarn.cgi is browser accessible
Just did a test to make sure its still working:
SquidClamAv 6.10: Virus detected!
The requested URL http://www.eicar.org/download/eicar.com.txt contains a virus
Virus name: Eicar-Test-SignatureThis file cannot be downloaded.
Origin: 192.168.0.101 / -
Powered by SquidClamAv 6.10.
-
I must be lucky then.. I have it working using squid3-dev 3.3.10 pkg 2.2.6 on i386…
As i wrote I'm on x64 and the folder creation and permission stuff is shown in the link and something i tried.
But i can't execute freshclam cause there is no clwarn.cgi on my system.
And as the forum searchs show - I'm not the only one with this problems. -
Cino - Cool. Then its possible with squid3 as well.
At the time that I tried it I had issues with that and no particular need for squid 3 over 2.
But its good to know its possible.
-
You took a look at this already?
http://egoncalves.com.br/pfsense/pfsense-squid3-dev-clamav-i386/
-
@Thats the link i was talking about and i posted above ;D
-
Hmmmm…
Sorry. I guess I'm not helping.
My next move might be to wipe the box and start fresh following that guide on a fresh install.That will be a controversial suggestion.
-
freshclam only updates the virus definitions. From what I can tell, the package wasn't setup to enable this for some reason but I was able to get it run.
edit /usr/pbi/squid-i386/etc/freshclam.conf to your liking. then run this from the cmdline
/usr/pbi/squid-i386/bin/freshclam -d /usr/pbi/squid-i386/etc/freshclam.confAuto start on reboots, create file /usr/local/etc/rc.d/freshclam.sh with 755
#!/bin/sh # This file was automatically generated # by the pfSense service handler. rc_start() { /usr/pbi/squid-i386/bin/freshclam -d /usr/pbi/squid-i386/etc/freshclam.conf } rc_stop() { killall freshclam } case $1 in start) rc_start ;; stop) rc_stop ;; restart) rc_stop rc_start ;; esacI copied /usr/pbi/squid-i386/libexec/squidclamav/clwarn.cgi to /usr/local/www/clwarn.cgi
adjust squid-i386 to squid-amd64 if your running amd64
-
i haven't tried it on amd64… It could be that the binaries are compiled run if you founded http://egoncalves.com.br/pfsense/pfsense-squid3-dev-clamav-i386/ cause that how-to looks basically what I did to get it to run..
-
@Cino, ok i will give it another try.
I'm on 2.2 Beta cause i run in Hyper-V and it looks like there is not really a stable and working Squid:
https://forum.pfsense.org/index.php?topic=82232.msg450075#msg450075Found it cause i wanted to try Squid3 and you can't install it.
-
I was able to get squid3-dev running on 2.2 using the work around in the first post in that thread. https://forum.pfsense.org/index.php?topic=82232.msg449847#msg449847
I didn't try all the feature in squid tho, just got it to run and used it over the weekend. I'd like to move to 2.2 but not ready (no time) tweak all the packages i use
-
No luck >:(
I did:killall squid cd /usr/pbi/squid-amd64/ cp -r ./local/* /usr/local/ rm -rf ./local ln -s /usr/local ./local sync squid /usr/pbi/squid-amd64/bin/freshclam -d /usr/pbi/squid-amd64/etc/freshclam.conf cp -p /usr/pbi/squid-amd64/libexec/squidclamav/clwarn.cgi /usr/local/www/ pw useradd clamav -G wheel pw usermod clamav -G wheel mkdir /var/log/clamav chmod 777 /var/log/clamav mkdir /var/db/clamav chmod 777 /var/db/clamav mkdir /var/run/clamav chmod 777 /var/run/clamav chmod 775 /usr/local/www/clwarn.cgi freshclamThe log is full of:
Squid_Alarm[42503]: Squid has exited. Reconfiguring filter. Squid_Alarm[42836]: Attempting restart... squid[47315]: Squid Parent: will start 1 kids squid[47315]: Squid Parent: (squid-1) process 48073 started squid[47315]: Squid Parent: (squid-1) process 48073 exited with status 1 squid[47315]: Squid Parent: (squid-1) process 49046 started Squid_Alarm[48826]: Reconfiguring filter... squid[47315]: Squid Parent: (squid-1) process 49046 exited with status 1 Squid_Alarm[50721]: Squid has resumed. Reconfiguring filter. check_reload_status: Reloading filter squid[47315]: Squid Parent: (squid-1) process 58000 started squid[47315]: Squid Parent: (squid-1) process 58000 exited with status 1 squid[47315]: Squid Parent: (squid-1) process 58304 started squid[47315]: Squid Parent: (squid-1) process 58304 exited with status 1 squid[47315]: Squid Parent: (squid-1) process 58620 started squid[47315]: Squid Parent: (squid-1) process 58620 exited with status 1 squid[47315]: Squid Parent: (squid-1) process 58620 will not be restarted due to repeated, frequent failuresWhat is the right way to disable squid without uninstalling?
Stoping the service does not allow me to surf the web.
Sure i can write here cause the side is ssl - but i can't browse plain http
as long squid is installed.EDIT:
Stupid me - disable transparent and i can surf -
Nobody some idea? :(