Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Squid3 + antivirus - any antivirus statistics?

    Cache/Proxy
    4
    10
    2114
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      Nachtfalke last edited by

      Hi all,

      I am using the squid3 3.4.10_2 pkg 0.2.6. I have enabled the Antivirus feature and it seems to work well. Did the different tests on the eicar website.
      squid is running in transparent mode für http and https.

      My question is:
      Is there a possibility to see statistics about how many viruses were found? And which IP address was downloading this? And which date is the last update of the databases?

      HAVP package seems to have some widgets for the dashboard but as far as I can see they do not work with the antivirus which is integrated into squid.

      Thank you for your help!

      1 Reply Last reply Reply Quote 0
      • C
        Cino last edited by

        its manual process, but check /var/log/clamav/clamd.log for hits

        1 Reply Last reply Reply Quote 0
        • marcelloc
          marcelloc last edited by

          If it's widget read data from the same log file, I think it is just a matter of "importing" it to squid package.

          Any tester to see if it work's ::) ?

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • C
            Cino last edited by

            I grabbed these files from haproxy-devel: haproxy.widget.php haproxy_socketinfo.inc

            From what I can tell looking at the code. It doesn't read  /var/log/clamav/clamd.log at all but provides stats on how many sessions are connected to haproxy. It also tells you if the service is up.

            sqstat could be the closes thing to it but its not a widget (http://samm.kiev.ua/sqstat/screenshot.png). Its in the lightsquid package. I've had issues with it; since it doesn't understand IPv6 addresses. Remove IPv6, works perfect.

            1 Reply Last reply Reply Quote 0
            • N
              Nachtfalke last edited by

              Hi,

              thank you for your feedback. I tried with the eicar test virus but I do not get any logs in "clamd.log" file.
              There are only "SelfCheck: Database status OK." in it.

              Where to look if the lastes signatures were downloaded?

              1 Reply Last reply Reply Quote 0
              • marcelloc
                marcelloc last edited by

                Run freshclam on console to force a database check/update.

                On eicar test it alerts a virus but do not log?

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • N
                  Nachtfalke last edited by

                  @marcelloc:

                  (…)
                  On eicar test it alerts a virus but do not log?

                  Hi,

                  exactly. It detects all eicar test files using http or https, zipped or unzipped but ist does not show anything in /var/log/clamav/clamd.log

                  1 Reply Last reply Reply Quote 0
                  • marcelloc
                    marcelloc last edited by

                    I'll check config options.

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • N
                      Nachtfalke last edited by

                      Any new on the Antivirus statistics?
                      If not - no problem.

                      I have another question related to squid and probably clamav. When I am watching sport live streams it sometimes took (very) long to start the stream for the first time. And I have sometimes problems that I can watch the video for 2-3 minutes and the it stops. I can restart it and the it runs again for 2-3 minutes.

                      Could this be related to clamdav and the maximum file size?
                      Any suggestions how to debug this any deeper? The max file limit to scan on squid –> antivirus is set to 10000000 (10MB ?). But when looking into the clamav config files there is somewhere a limit of 20 or 25MB I think.

                      Hopefully someone can explain me what's going on.

                      Thank you!

                      1 Reply Last reply Reply Quote 0
                      • S
                        spittlbm last edited by

                        I have the same issue.  Clamd is working great (and taking external checks from our mail server), but the clamd.log remains at 0bytes.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post