Squid3 Antivirus on 2.2 release



  • I have encountered the below issue while activating Antivirus…

    After the initial check for activating Antivirus and then going in to change the redirect to "redirect https://x.x.x.x/squid_clwarn.php" while saving it throws his error.

    The following input errors were detected:

    c-icap Squidclamav service definition is no present.
        Add 'Service squid_clamav squidclamav.so'(without quotes) to 'c-icap.conf' field in order to get it working.
        Remove ldap configuration'Manager:Apassword@ldap.chtsanti.net?o=chtsanti?mermberUid?(&(objectClass=posixGroup)(cn=%s))' from 'c-icap.conf' field.

    After adding the "Service squid_clamav squidclamav.so" to icap.conf .. while saving it throws this error

    The following input errors were detected:

    Remove ldap configuration'Manager:Apassword@ldap.chtsanti.net?o=chtsanti?mermberUid?(&(objectClass=posixGroup)(cn=%s))' from 'c-icap.conf' field.

    Hashing out line does not work and I have to remove the line to make it work. Also, after clamd has downloaded the defs the service  does not start automatically even after a reboot. I have to issue the clamd command to start the service for the first time and after then it works even after reboots. This is not new to the 2.2 FINAL. Had the exact same issue with all January snapshots. Seems defintely as a Squid issue.



  • The gui alerts are there to show you what to fix on antivirus config files.  This is not an issue.

    And clamav will only work after a successful freshclam database update what take a while to finish on every system (pfsense or not).

    Next fresh install ,  try to run it from console to see how first updates are slow…



  • I have also same issue. what command and how to execute it.

    If I enable antivirus, I cant browse via Proxy.

    Pls help me.





  • removing this line will solve the problem..

    ldap://cn=Directory Manager:Apassword@ldap.chtsanti.net?o=chtsanti?mermberUid?(&(objectClass=posixGroup)(cn=%s))


  • Banned

    This nonsense is fixed properly as a part of https://github.com/pfsense/pfsense-packages/pull/1080 (specifically this commit).

    Couldn't work since it was trying to patch a file that's actually not distributed  ::) Why's the LDAP part being patched fails my understanding as well, the line is commented out in the first place.


Log in to reply