Squid3 Antivirus config files

  • How does clamd.conf figure into the config files?  The panel gives us access to edit squidclamav.conf, c-icap.conf, and c-icap.magic.  Why not give access to the clamd.conf file as well?  As far as I can figure squidclamav.conf file is the configuration for the actual clam scanner.  c-icap appears to be the configuration for the i-cap interface (which, I'm assuming, is the interface between the squid proxy and clamd).  c-icap.magic seems to be more filtering choices?  I'm just not sure what goes to what.  Any help would be appreciated.  Thanks.

  • Banned

    Not sure what you want to configure there, things are configured in squidclamav.conf. Also, kindly read this comment regarding the mess. Definitely will not be adding pretty much irrelevant clamav stuff into the mix ATM.

  • Well, I see a bunch of options in clamd.conf and I was wondering if changing them did anything and if so, why not have it in the gui?  On top of that I was wondering why there were 3 different config files and what each one housed.  I guess the end result I'd be looking for how to make changes if something were not being scanned properly.

  • Banned

    When something's not passed to ClamAV, it's not going to get scanned. What's passed is NOT controlled by clamd.conf at all. Regardless, as noted on other threads, this is being completely reworked because the corrent code is unfixable. You'll be able to manage things either manually in the advanced fields, or via the GUI options, not both at the same time. Totally broken.

    Manual config:

    GUI config:

  • Looking forward to this change 8)

  • Good to know.  So, there isn't anything we need to do in c-icap.conf or c-icap.magic?  Everything is in the squidclamav.conf?  I'll just stick to the GUI options for now.  Thanks.

  • Banned

    The screenshot is obviously truncated…

    Those fields are greyed out, disabled and empty unless you enable manual configuration.

  • Banned

  • @doktornotor:

    Hopefully finished: https://github.com/pfsense/pfsense-packages/pull/1088

    I've been lurking following the pull requests and your work on github. Very nice job so far, keep up the good work!

  • I'm looking to make some changes to stop the "Heuristics.Broken.Executable" issue from coming up but I'm not sure where I would put in the "DetectBrokenExecutables  no".  Would that go in the squidclamav.conf file?

  • Banned

    No; that goes to clamd.conf - however, that's the default.

  • That's default now?  Nice.  The last builds I made were in the 2.1.4s and it had to be put in manually into the clamd.conf.  I didn't know if it needed to go in the same place with this package.  I'm so glad to be rid of those annoying messages by default now.  What is a broken executable?  They download and run fine so I'm not sure what is flagging.

  • Banned


    That's default now

    That's always been the default with ClamAV AFAICT.

    With this option clamav will try to detect broken executables (both PE and

    ELF) and mark them as Broken.Executable.

    # Default: no
    #DetectBrokenExecutables yes


    What is a broken executable?  They download and run fine so I'm not sure what is flagging.

    Anything having "broken" PE header.

  • That's always been the default with ClamAV AFAICT.

    All I know is that whenever I deploy pfSense with ClamAV then my customers complain about being unable to download files because of the "Heuristics.Broken.Executable" error.  If I don't need to go and modify the config file for that anymore I'd be happy.  I always seem to forget…

Log in to reply