Suricata, squid3 w/clamd, dansguardian.
-
I haven't fixed the issue but I know the problem area. In squid3 configuration under the Antivirus setup tab, there appears to be some issues reported in that tab, perhaps corruption, as follows between + lines.
++++++++++++++++++++++++++++++++++++++++
The following input errors were detected:
Squidclamav warns redirect points to sample config domain (http://proxy.domain.dom/cgi-bin/clwarn.cgi)Change redirect info on 'squidclamav.conf' field to pfsense gui or an external host.
c-icap Squidclamav service definition is no present.
Add 'Service squid_clamav squidclamav.so'(without quotes) to 'c-icap.conf' field in order to get it working.
Remove ldap configuration'Manager:Apassword@ldap.chtsanti.net?o=chtsanti?mermberUid?(&(objectClass=posixGroup)(cn=%s))' from 'c-icap.conf' field.
+++++++++++++++++++++++++++++++++++++++++This is new. Note that I uninstalled dans and squid and installed them in the order Cino suggested. No success but both clam and c-icap did not run.
I'm going to make the changes above and report back.
-
Follow the steps in the error, see screen shot
Change the AV error redirect page to the IP of your box
Save config, then stop all squid related services. squid, c-icap, clamd. If you needed, killall them in the cmdline or reboot. Then save your config again and it they should all startup
-
Cino, I did all that at first (or so I thought) - including a hard shutdown. For the redirect I commented out the existing line with a "#" sign and entered the correct domain info in a line below. (I've always liked to keep a trail.) Anyway, I uncommented the redirect and changed that and deleted my line. Also deleted the ldap reference which was already commented - should have taken that as a clue.
All services working.
I really wanted to work with squidguard3 but had issues - will try again. Maybe include havp in the mix?
Thanks for your help - marcelloc too.
(I drove over 1000 miles this week and i'm wiped. will try tomorrow or Monday.)
-
I will say that cpu useage has doubleded from before. Before had suricata. squid, and dansguardian. Now no more dansguardian.
-
All services working.
I really wanted to work with squidguard3 but had issues - will try again. Maybe include havp in the mix?
Thanks for your help - marcelloc too.
(I drove over 1000 miles this week and i'm wiped. will try tomorrow or Monday.)
Glad its up and running for you! That's a lot of mileage, go get some sleep!
I updated squidguard's squid.conf options so it now runs on squid2 and squid3… https://github.com/pfsense/pfsense-packages/pull/787
squidguard-dev and squidguard3 should work with no issues, at least from my testing. I've been using squidguard-dev myself since its most recent (and by most recent, 5 years i think).If you need keyword filtering, dansguardian will work but I believe that package will be retiring in the future.
Since squid is using clamav, it doesn't make sense to use havp. They both use the same clamd engine.
I will say that cpu useage has doubleded from before. Before had suricata. squid, and dansguardian. Now no more dansguardian.
Another forum member has mention this also. I haven't noticed it myself but I have it running in a VM with only 2 computers going thru it for testing.
-
just to recap, before the last two version updates, all services (as in the subject header + a couple more) were functioning with cpu usage at 32%. With the updates, clam and icap stopped working. After reinstallation attempts, squid, clam, and icap worked. cpu usage with other services at 26%. This consistent with prior same configurations. Installed dansguardian and cpu usage hit 56% at first. then climbed to 92 %. This the same config as before upgrades.
Decided to allow install of packages without signature (= squidguard_squid3) after removing dansguardian and rebooting. squidguard install pegged cpu usage at 100% could not be configured. Squid stopped too. Removed Squidguard and back to a working 26% system. Too many redirects was the most common message in logs.
I started with a supermicro c2758 mobo near the end of the 2.2 alpha. Haven't had many issues differing from what others have reported. No apinger problems at all. I don't use the dns forwarder or resolver on a wan, lan, opt1, opt2 box. It's not production but lan is populated with 2 servers (1 win12 and 1 Ubuntu 14.04) and several pc's. besides network, email server, web server, dns, dhcp, print servers as well. Opt1 makes my Roku 3 happy and Opt2 is a storage system under development but has no outside world connections at this time.
Plan now is to wait 2.2 release and reninstall all unless someone has some thoughts.
-
Follow the steps in the error, see screen shot
Change the AV error redirect page to the IP of your box
Save config, then stop all squid related services. squid, c-icap, clamd. If you needed, killall them in the cmdline or reboot. Then save your config again and it they should all startup
service squid_clamav squidclamav.so
squid_clamav does not exist in /etc/rc.d or the local startup
directories (/usr/local/etc/rc.d)I edited the config and seen no result so I copy the service command to terminal ssh and I got that. No wonder Clam not starting.. why
Nothing in the folder /usr/local/etc/rc.d regarding Clamav -
service squid_clamav squidclamav.so
squid_clamav does not exist in /etc/rc.d or the local startup
directories (/usr/local/etc/rc.d)I edited the config and seen no result so I copy the service command to terminal ssh and I got that. No wonder Clam not starting.. why
Nothing in the folder /usr/local/etc/rc.d regarding Clamavstrange… when I installed on a fresh amd64 2.2, the links were created on my box. Have you installed squid3.4 since the 14th? A new PBI was created. Are you using i386 by chance? i've only been testing amd64
-
I just did fresh install of 2.2 64 bit and clam was not started after those mods.. I rebooted and then clam started but i-cap is now not starting
-
anything in your logs to pin point the issue?
pfsense system log
/var/log/c-icap
/var/log/clamav
/var/squid/logs -
service squid_clamav squidclamav.so
squid_clamav does not exist in /etc/rc.d or the local startupsquid_clamav is an c-icap service, not a rc.d file.
