Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid3 Antivirus config files

    Scheduled Pinned Locked Moved Cache/Proxy
    14 Posts 3 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Stewart
      last edited by

      How does clamd.conf figure into the config files?  The panel gives us access to edit squidclamav.conf, c-icap.conf, and c-icap.magic.  Why not give access to the clamd.conf file as well?  As far as I can figure squidclamav.conf file is the configuration for the actual clam scanner.  c-icap appears to be the configuration for the i-cap interface (which, I'm assuming, is the interface between the squid proxy and clamd).  c-icap.magic seems to be more filtering choices?  I'm just not sure what goes to what.  Any help would be appreciated.  Thanks.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Not sure what you want to configure there, things are configured in squidclamav.conf. Also, kindly read this comment regarding the mess. Definitely will not be adding pretty much irrelevant clamav stuff into the mix ATM.

        1 Reply Last reply Reply Quote 0
        • S
          Stewart
          last edited by

          Well, I see a bunch of options in clamd.conf and I was wondering if changing them did anything and if so, why not have it in the gui?  On top of that I was wondering why there were 3 different config files and what each one housed.  I guess the end result I'd be looking for how to make changes if something were not being scanned properly.

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            When something's not passed to ClamAV, it's not going to get scanned. What's passed is NOT controlled by clamd.conf at all. Regardless, as noted on other threads, this is being completely reworked because the corrent code is unfixable. You'll be able to manage things either manually in the advanced fields, or via the GUI options, not both at the same time. Totally broken.

            Manual config:

            GUI config:

            1 Reply Last reply Reply Quote 0
            • N
              Netizen1
              last edited by

              Looking forward to this change 8)

              1 Reply Last reply Reply Quote 0
              • S
                Stewart
                last edited by

                Good to know.  So, there isn't anything we need to do in c-icap.conf or c-icap.magic?  Everything is in the squidclamav.conf?  I'll just stick to the GUI options for now.  Thanks.

                1 Reply Last reply Reply Quote 0
                • D
                  doktornotor Banned
                  last edited by

                  The screenshot is obviously truncated…

                  Those fields are greyed out, disabled and empty unless you enable manual configuration.

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned
                    last edited by

                    Hopefully finished: https://github.com/pfsense/pfsense-packages/pull/1088

                    1 Reply Last reply Reply Quote 0
                    • N
                      Netizen1
                      last edited by

                      @doktornotor:

                      Hopefully finished: https://github.com/pfsense/pfsense-packages/pull/1088

                      I've been lurking following the pull requests and your work on github. Very nice job so far, keep up the good work!

                      1 Reply Last reply Reply Quote 0
                      • S
                        Stewart
                        last edited by

                        I'm looking to make some changes to stop the "Heuristics.Broken.Executable" issue from coming up but I'm not sure where I would put in the "DetectBrokenExecutables  no".  Would that go in the squidclamav.conf file?

                        1 Reply Last reply Reply Quote 0
                        • D
                          doktornotor Banned
                          last edited by

                          No; that goes to clamd.conf - however, that's the default.

                          1 Reply Last reply Reply Quote 0
                          • S
                            Stewart
                            last edited by

                            That's default now?  Nice.  The last builds I made were in the 2.1.4s and it had to be put in manually into the clamd.conf.  I didn't know if it needed to go in the same place with this package.  I'm so glad to be rid of those annoying messages by default now.  What is a broken executable?  They download and run fine so I'm not sure what is flagging.

                            1 Reply Last reply Reply Quote 0
                            • D
                              doktornotor Banned
                              last edited by

                              @Stewart:

                              That's default now

                              That's always been the default with ClamAV AFAICT.

                              With this option clamav will try to detect broken executables (both PE and

                              ELF) and mark them as Broken.Executable.

                              # Default: no
                              #DetectBrokenExecutables yes

                              @Stewart:

                              What is a broken executable?  They download and run fine so I'm not sure what is flagging.

                              Anything having "broken" PE header.

                              1 Reply Last reply Reply Quote 0
                              • S
                                Stewart
                                last edited by

                                That's always been the default with ClamAV AFAICT.

                                All I know is that whenever I deploy pfSense with ClamAV then my customers complain about being unable to download files because of the "Heuristics.Broken.Executable" error.  If I don't need to go and modify the config file for that anymore I'd be happy.  I always seem to forget…

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.