Squid3 + antivirus - any antivirus statistics?

Cache/Proxy
Log in to reply
  • N

    Hi all,

    I am using the squid3 3.4.10_2 pkg 0.2.6. I have enabled the Antivirus feature and it seems to work well. Did the different tests on the eicar website.
    squid is running in transparent mode für http and https.

    My question is:
    Is there a possibility to see statistics about how many viruses were found? And which IP address was downloading this? And which date is the last update of the databases?

    HAVP package seems to have some widgets for the dashboard but as far as I can see they do not work with the antivirus which is integrated into squid.

    Thank you for your help!

    0
  • C

    its manual process, but check /var/log/clamav/clamd.log for hits

    0
  • marcelloc

    If it's widget read data from the same log file, I think it is just a matter of "importing" it to squid package.

    Any tester to see if it work's ::) ?

    0
  • C

    I grabbed these files from haproxy-devel: haproxy.widget.php haproxy_socketinfo.inc

    From what I can tell looking at the code. It doesn't read  /var/log/clamav/clamd.log at all but provides stats on how many sessions are connected to haproxy. It also tells you if the service is up.

    sqstat could be the closes thing to it but its not a widget (http://samm.kiev.ua/sqstat/screenshot.png). Its in the lightsquid package. I've had issues with it; since it doesn't understand IPv6 addresses. Remove IPv6, works perfect.

    0
  • N

    Hi,

    thank you for your feedback. I tried with the eicar test virus but I do not get any logs in "clamd.log" file.
    There are only "SelfCheck: Database status OK." in it.

    Where to look if the lastes signatures were downloaded?

    0
  • marcelloc

    Run freshclam on console to force a database check/update.

    On eicar test it alerts a virus but do not log?

    0
  • N

    @marcelloc:

    (…)
    On eicar test it alerts a virus but do not log?

    Hi,

    exactly. It detects all eicar test files using http or https, zipped or unzipped but ist does not show anything in /var/log/clamav/clamd.log

    0
  • marcelloc

    I'll check config options.

    0
  • N

    Any new on the Antivirus statistics?
    If not - no problem.

    I have another question related to squid and probably clamav. When I am watching sport live streams it sometimes took (very) long to start the stream for the first time. And I have sometimes problems that I can watch the video for 2-3 minutes and the it stops. I can restart it and the it runs again for 2-3 minutes.

    Could this be related to clamdav and the maximum file size?
    Any suggestions how to debug this any deeper? The max file limit to scan on squid –> antivirus is set to 10000000 (10MB ?). But when looking into the clamav config files there is somewhere a limit of 20 or 25MB I think.

    Hopefully someone can explain me what's going on.

    Thank you!

    0
  • S

    I have the same issue.  Clamd is working great (and taking external checks from our mail server), but the clamd.log remains at 0bytes.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy