Squid3 Transparent Proxy with antivirus

messerchmidt

the c-icap antivirus should work too (it is for me)

the havp Antivirus HTTP proxy Service is broken,

jeffhammett

@messerchmidt:

go to services->proxy filter (use squid dev) _> squidgaurd common acl and under target rules, put each to "allow" (tab and 3 x down arrow cliicks, then tab again)

save and reboot squid 3 (or the whole pfsense box)

I don't have Services->Proxy Filter. Only Proxy Server and Reverse Proxy. Is Proxy Filter Squidguard? I have only installed Squid3 so far.

exograpix

Try to update clam antivirus manually through shell

jeffhammett

@exograpix:

Try to update clam antivirus manually through shell

Can you provide instructions or a link or upgrading clamav through the shell? I'm afraid I don't know how to do that.

jonesr

https://forum.pfsense.org/index.php?topic=77264.0

You aren't alone. This thread provides some background but also specifically on how to update with freshclam.

deajan

Hello,

Basically the icap service listens on IPv6 instead of IPv4.
Open the file /usr/local/pkg/squid.inc and edit the following lines from

icap_service service_avi_req reqmod_precache icap://[::1]:1344/squid_clamav bypass=off
adaptation_access service_avi_req allow all
icap_service service_avi_resp respmod_precache icap://[::1]:1344/squid_clamav bypass=on
adaptation_access service_avi_resp allow all

to

icap_service service_avi_req reqmod_precache icap://localhost:1344/squid_clamav bypass=off
adaptation_access service_avi_req allow all
icap_service service_avi_resp respmod_precache icap://localhost:1344/squid_clamav bypass=on
adaptation_access service_avi_resp allow all

Restart squid and and icap and it should work :)

messerchmidt

still wont go, get this when i try to enable it under proxy server -> antivirus

The following input errors were detected:

Squidclamav warns redirect points to sample config domain (http://proxy.domain.dom/squid_clwarn.php)
Change redirect info on 'squidclamav.conf' field to pfsense gui or an external host.
c-icap Squidclamav service definition is no present.
Add 'Service squid_clamav squidclamav.so'(without quotes) to 'c-icap.conf' field in order to get it working.
Remove ldap configuration'Manager:Apassword@ldap.chtsanti.net?o=chtsanti?mermberUid?(&(objectClass=posixGroup)(cn=%s))' from 'c-icap.conf' field.

deajan

Well that's the basic config to add, i guessed you should already have done this.
As it is said, modify your config files (in GUI this time):

Add this to the last line of c-icap.conf
Service squid_clamav squidclamav.so

in Squidclamav.conf change the redirection line to something like
redirect http://myinternalurl.when.virus.detected

and remove the stated ldap line in c-icap.conf (even if it's commented out, remove it !)

Regards,
Ozy.

zlejsyad

I just wanna say thank you, steps above works perfect for me.

pfsense 2.2.4-RELEASE (amd64)
squid3 0.3.4

A Former User

Finally getting to turning on squid3 antivirus and smacked right into this same problem.

Running on pfSense 2.2.5-DEVELOPMENT (amd64) built on Sun Nov 01, with squid3 0.4.1.1,

The filename to edit is different, it's now /usr/local/pkg/squid_antivirus.inc

But editing to change [::1] to 127.0.0.1 now works, and even though the C-ICAP access log still shows ::1, it still passes the EICAR test.

Much thanks for the workaround.