Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid3 + antivirus - any antivirus statistics?

    Scheduled Pinned Locked Moved Cache/Proxy
    10 Posts 4 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      Nachtfalke
      last edited by

      Hi all,

      I am using the squid3 3.4.10_2 pkg 0.2.6. I have enabled the Antivirus feature and it seems to work well. Did the different tests on the eicar website.
      squid is running in transparent mode für http and https.

      My question is:
      Is there a possibility to see statistics about how many viruses were found? And which IP address was downloading this? And which date is the last update of the databases?

      HAVP package seems to have some widgets for the dashboard but as far as I can see they do not work with the antivirus which is integrated into squid.

      Thank you for your help!

      1 Reply Last reply Reply Quote 0
      • C
        Cino
        last edited by

        its manual process, but check /var/log/clamav/clamd.log for hits

        1 Reply Last reply Reply Quote 0
        • marcellocM
          marcelloc
          last edited by

          If it's widget read data from the same log file, I think it is just a matter of "importing" it to squid package.

          Any tester to see if it work's ::) ?

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • C
            Cino
            last edited by

            I grabbed these files from haproxy-devel: haproxy.widget.php haproxy_socketinfo.inc

            From what I can tell looking at the code. It doesn't read  /var/log/clamav/clamd.log at all but provides stats on how many sessions are connected to haproxy. It also tells you if the service is up.

            sqstat could be the closes thing to it but its not a widget (http://samm.kiev.ua/sqstat/screenshot.png). Its in the lightsquid package. I've had issues with it; since it doesn't understand IPv6 addresses. Remove IPv6, works perfect.

            1 Reply Last reply Reply Quote 0
            • N
              Nachtfalke
              last edited by

              Hi,

              thank you for your feedback. I tried with the eicar test virus but I do not get any logs in "clamd.log" file.
              There are only "SelfCheck: Database status OK." in it.

              Where to look if the lastes signatures were downloaded?

              1 Reply Last reply Reply Quote 0
              • marcellocM
                marcelloc
                last edited by

                Run freshclam on console to force a database check/update.

                On eicar test it alerts a virus but do not log?

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • N
                  Nachtfalke
                  last edited by

                  @marcelloc:

                  (…)
                  On eicar test it alerts a virus but do not log?

                  Hi,

                  exactly. It detects all eicar test files using http or https, zipped or unzipped but ist does not show anything in /var/log/clamav/clamd.log

                  1 Reply Last reply Reply Quote 0
                  • marcellocM
                    marcelloc
                    last edited by

                    I'll check config options.

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • N
                      Nachtfalke
                      last edited by

                      Any new on the Antivirus statistics?
                      If not - no problem.

                      I have another question related to squid and probably clamav. When I am watching sport live streams it sometimes took (very) long to start the stream for the first time. And I have sometimes problems that I can watch the video for 2-3 minutes and the it stops. I can restart it and the it runs again for 2-3 minutes.

                      Could this be related to clamdav and the maximum file size?
                      Any suggestions how to debug this any deeper? The max file limit to scan on squid –> antivirus is set to 10000000 (10MB ?). But when looking into the clamav config files there is somewhere a limit of 20 or 25MB I think.

                      Hopefully someone can explain me what's going on.

                      Thank you!

                      1 Reply Last reply Reply Quote 0
                      • S
                        spittlbm
                        last edited by

                        I have the same issue.  Clamd is working great (and taking external checks from our mail server), but the clamd.log remains at 0bytes.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.