Anti virus Fails eicar test file

firefox

i have pfsense 2.2.4  (32bit)
and squid3

the anti virus is working
but it Fails eicar test file

this is the Configuration in the tabs
Is it possible to fix it ?

squidclamav.conf

#-----------------------------------------------------------------------------
# SquidClamav default configuration file
#
# To know to customize your configuration file, see squidclamav manpage
# or go to http://squidclamav.darold.net/
#
#-----------------------------------------------------------------------------
#
# Global configuration
#

# Maximum size of a file that may be scanned. Any file bigger that this value
# will not be scanned.
maxsize 5000000

# When a virus is found then redirect the user to this URL
redirect www.google.com

# Path to the squiGuard binary if you want URL filtering, note that you'd better
# use the squid configuration directive 'url_rewrite_program' instead.
#squidguard /usr/local/squidGuard/bin/squidGuard

# Path to the clamd socket, use clamd_local if you use Unix socket or if clamd
# is listening on an Inet socket, comment clamd_local and set the clamd_ip and
# clamd_port to the corresponding value.
clamd_local /var/run/clamav/clamd.sock
#clamd_ip 192.168.1.5,127.0.0.1
#clamd_port 3310

# Set the timeout for clamd connection. Default is 1 second, this is a good
# value but if you have slow service you can increase up to 3.
timeout 1

# Force SquidClamav to log all virus detection or squiguard block redirection
# to the c-icap log file.
logredir 0

# Enable / disable DNS lookup of client ip address. Default is enabled '1' to
# preserve backward compatibility but you must desactivate this feature if you
# don't use trustclient with hostname in the regexp or if you don't have a DNS
# on your network. Disabling it will also speed up squidclamav.
dnslookup 1

# Enable / Disable Clamav Safe Browsing feature. You mus have enabled the
# corresponding behavior in clamd by enabling SafeBrowsing into freshclam.conf
# Enabling it will first make a safe browsing request to clamd and then the
# virus scan request. 
safebrowsing 0

#
# Here is some defaut regex pattern to have a high speed proxy on system
# with low resources.
#

# Do not scan images
#abort ^.*\.(ico|gif|png|jpg)$
#abortcontent ^image\/.*$

# Do not scan text files
#abort ^.*\.(css|xml|xsl|js|html|jsp)$
#abortcontent ^text\/.*$
#abortcontent ^application\/x-javascript$

# Do not scan streamed videos
#abortcontent ^video\/x-flv$
#abortcontent ^video\/mp4$

# Do not scan flash files
#abort ^.*\.swf$
#abortcontent ^application\/x-shockwave-flash$

# Do not scan sequence of framed Microsoft Media Server (MMS) data packets
#abortcontent ^.*application\/x-mms-framed.*$

# White list some sites
#whitelist .*\.clamav.net

# See also 'trustuser' and 'trustclient' configuration directives

c-icap.conf

Service squid_clamav squidclamav.so
#
# This file contains the default settings for c-icap
# 
# 

# TAG: PidFile
# Format: PidFile pid_file
# Description:
#	The file to store the pid of the main process of the c-icap server.
# Default:
#	PidFile /var/run/c-icap/c-icap.pid
PidFile /var/run/c-icap/c-icap.pid

# TAG: CommandsSocket
# Format: CommandsSocket socket_file
# Description:
#	The path of file to use as control socket for c-icap
# Default:
#	CommandsSocket /var/run/c-icap/c-icap.ctl
CommandsSocket /var/run/c-icap/c-icap.ctl

# TAG: Timeout
# Format: Timeout seconds
# Description:
#	The time in seconds after which a connection without activity
#	can be cancelled.
# Default:
#	Timeout 300
Timeout 300

# TAG: MaxKeepAliveRequests
# Format: MaxKeepAliveRequests number
# Description:
#	The maximum number of requests can be served by one connection
#	Set it to -1 for no limit
# Default:
#	MaxKeepAliveRequests 100
MaxKeepAliveRequests 100

# TAG: KeepAliveTimeout
# Format: KeepAliveTimeout seconds
# Description:
#	The maximum time in seconds waiting for a new requests before a 
#	connection will be closed.
#	If the value is set to -1, there is no timeout.
# Default:
#	KeepAliveTimeout 600
KeepAliveTimeout 600  

# TAG: StartServers
# Format: StartServers number
# Description:
#	The initial number of server processes. Each server process
#	generates a number of threads, which serve the requests.
# Default:
#	StartServers 3
StartServers 3

# TAG: MaxServers
# Format: MaxServers number
# Description:
#	The maximum allowed number of server processes.
# Default:
#	MaxServers 10
MaxServers 10

# TAG: MinSpareThreads
# Format: MinSpareThreads number
# Description:
#	If the number of the available threads is less than number,
#	the c-icap server starts a new child.
# Default:
#	MinSpareThreads     10
MinSpareThreads     10

# TAG: MaxSpareThreads
# Format: MaxSpareThreads number
# Description:
#	If the number of the available threads is more than number then 
#	the c-icap server kills a child.
# Default:
#	MaxSpareThreads     20
MaxSpareThreads     20

# TAG: ThreadsPerChild
# Format:  ThreadsPerChild number
# Description:
#	The number of threads per child process.
# Default:
#	ThreadsPerChild     10
ThreadsPerChild     10

# TAG: MaxRequestsPerChild
# Format: MaxRequestsPerChild number
# Description:
#	The maximum number of requests that a child process can serve.
#	After this number has been reached, process dies. The goal of this
#	parameter is to minimize the risk of memory leaks and increase the
#	stability of c-icap. It can be disabled by setting its value to 0.
# Default:
#	MaxRequestsPerChild  0
MaxRequestsPerChild  0

# TAG: Port
# Format: Port port
# Description:
#	The port number that the c-icap server uses to listen to requests.
# Default:
#	Port 1344
Port 1344 

# TAG: User
# Format: User username
# Description:
#	The user owning c-icap's processes. By default, the owner is the
#	user who runs the program.
# Default:
#	No value
# Example:
#	User wwwrun

# TAG: Group
# Format: Group groupname
# Description:
#	The group of users owning c-icap's processes, which, by default
#	is the group of the current user.
# Default:
#	No value
# Example:
#	Group nogroup

# TAG: ServerAdmin
# Format: ServerAdmin admin_mail
# Description:
#	The Administrator of this server. Used when displaying information
#	about this server (logs, info service, etc)
# Default:
#	No value
ServerAdmin you@your.address

# TAG: ServerName
# Format: ServerName aServerName
# Description:
#	A name for this server. Used when displaying information about this
#	server (logs, info service, etc)
# Default:
#	No value
ServerName YourServerName

# TAG: TmpDir
# Format: TmpDir dir
# Description:
#	dir is the location of temporary files.
# Default:
#	TmpDir /var/tmp
TmpDir /var/tmp

# TAG: MaxMemObject
# Format: MaxMemObject bytes
# Description:
#	The maximum memory size in bytes taken by an object which
#	is processed by c-icap . If the size of an object's body is
#	larger than the maximum size a temporary file is used.
# Default:
#	MaxMemObject 131072
MaxMemObject 131072

# TAG: DebugLevel
# Format: DebugLevel level
# Description:
#	The level of debugging information to be logged.
#	The acceptable range of levels is between 0 and 10.
# Default:
#	DebugLevel 1
DebugLevel 1

# TAG: Pipelining
# Format: Pipelining on|off
# Description:
#	Enable or disable ICAP requests pipelining
# Default:
#	Pipelining on
Pipelining on

# TAG: SupportBuggyClients
# FORMAT: SupportBuggyClients on|off
# Description:
#	Try to handle requests from buggy clients, for example ICAP requests
#	missing "\r\n" sequences
# Default:
# SupportBuggyClients off
SupportBuggyClients off

# TAG: ModulesDir
# Format: ModulesDir dir
# Description:
#	The location of modules
# Default:
#	ModulesDir /usr/local/lib/c_icap
ModulesDir /usr/local/lib/c_icap

# TAG: ServicesDir
# Format: ServicesDir dir
# Description:
#	The location of services
# Default:
#	ServicesDir /usr/local/lib/c_icap
ServicesDir /usr/local/lib/c_icap

# TAG: TemplateDir
# Format: TemplateDir dir
# Description:
#	The location of the text templates used by c-icap and its services,
#	categorized by language and services/modules
# Default:
#	No value
# Example:
TemplateDir /usr/local/share/c_icap/templates/

# TAG: TemplateDefaultLanguage
# Format: TemplateDefaultLanguage lang
# Description:
#	Sets the default language to use for text templates
# Default:
#	TemplateDefaultLanguage en
TemplateDefaultLanguage en

#TemplateReloadTime 360
#TemplateCacheSize 20
#TemplateMemBufSize 8192

# TAG: LoadMagicFile
# Format: LoadMagicFile path
# Description:
#	Load a c-icap magic file. A magic file contains various 
#	data type definitions. Look inside default c-icap.magic file
#	for more informations.
#	It can be used more than once to use multiple magic files.
# Default:
#	LoadMagicFile /usr/local/etc/c-icap/c-icap.magic
LoadMagicFile /usr/local/etc/c-icap/c-icap.magic

# TAG: RemoteProxyUsers
# Format: RemoteProxyUsers onoff
# Description:
#	Set it to on if you want to use username provided by the proxy server.
#	This is the recomended way to use users in c-icap.
#	If the RemoteProxyUsers is off and c-icap configured to use users or
#	groups the internal authentication mechanism will be used.
# Default:
#	RemoteProxyUsers off
RemoteProxyUsers off

# TAG: RemoteProxyUserHeader
# Format: RemoteProxyUserHeader Header
# Description:
#	Used to specify the icap header used by the proxy server to send
#	the authenticated client username to c-icap server 
# Default:
#	RemoteProxyUserHeader X-Authenticated-User
RemoteProxyUserHeader X-Authenticated-User

# TAG: RemoteProxyUserHeaderEncoded
# Format: RemoteProxyUserHeaderEncoded onoff
# Description:
#	Set it to off if the RemoteProxyUserHeader is not base64 encoded
# Default:
#	RemoteProxyUserHeaderEncoded on
RemoteProxyUserHeaderEncoded on

# TAG: AuthMethod
# Format: AuthMethod Method Authenticator
# Description:
#	Used to define the internal authentication mechanism to use. This
#	feature is not well tested and may cause problems. It is better to use
#	RemoteProxyUser configuration.
#	Method is the authentication method to use (basic, digest, etc).
#	Currently only basic authentication method is implemented as build in
#	module
#	Authenticator currently can only be "basic_simple_db"
#	It can be considered as a user/password store and can be
#	implemented as external module. The basic_simple_db is implemented as
#	build it module
# Default:
#	No set
# Example:
#	AuthMethod basic basic_simple_db

# TAG: basic.Realm
# Format: basic.Realm ARealm
# Description:
#	Specify the basic method realm
# Default:
#	basic.Realm "Basic authentication"
# Example:
#	basic.Realm "c-icap server authentication"

# TAG: basic_simple_db.UsersDB
# Format: basic_simple_db.UsersDB LookupTable
# Description:
#	Specify the lookup table where the usernames/passwords pairs 
#	are stored. The paswords must be unencrypted
#	For more information about c-icap lookup tables read c-icap server
#	manual page
# Default:
#	No value
# Example:
#	basic_simple_db.UsersDB hash:/usr/local/c-icap/etc/c-icap-users.txt

# TAG: GroupSourceByGroup
# Format: GroupSourceByGroup LookupTable
# Description:
#	Defines a lookup table where the groups of users are stored indexed
#	by group. It can be used more than once.
#	For more information about c-icap lookup tables read c-icap server
#	manual page
# Default:
#	No set
# Example:
#	GroupSourceByGroup hash:/usr/local/c-icap/etc/c-icap-groups.txt

# TAG: GroupSourceByUser
# Format: GroupSourceByUser LookupTable
# Description:
#	Defines a lookup table where the groups of users are stored indexed 
#	by user. It can be used more than once.
#	For more information about c-icap lookup tables read c-icap server
#	manual page
# Default:
#	No set
# Example:
#	GroupSourceByUser hash:/usr/local/c-icap/etc/c-icap-user-groups.txt

# TAG: acl
# Format: acl name type[{param}] value1 [value2] [...]
# Description:
#	Supported acl types are:
#		acl aclname service service1 ...
#		     The servicename
#		acl aclname type OPTIONS|RESPMOD|REQMOD ...
#		     The icap method
#		acl aclname port port1 ...
#		     The icap server port
#		acl aclname src ip1/netmask1 ...
#		     The client ip address
#		acl aclname srvip ip1/netmask1 ...
#		     The c-icap server ip address
#		acl aclname icap_header{HeaderName} value1 ...
#		     Matches the icap header HeaderName with value1 ...
#		     The values are in regex form: /avalue/
#		acl aclname icap_resp_header{HeaderName} value1 ...
#		     The icap response header
#		     The values are in regex form: /avalue/
#		acl aclname http_req_header{HeaderName} value1 ...
#		     The http request header
#		     The values are in regex form: /avalue/
#		acl aclname http_resp_header{HeaderName} value1 ...
#		     The http response header
#		     The values are in regex form: /avalue/
#		acl aclname data_type type1 ...
#		     The data type as recognized by the internal data type
#		     recognizer. The types are defined in c-icap.magic file
#		acl aclname auth username|* ...
#		     The authenticated users. Using * instead of username means
#		     all users.
#		acl aclname group group1 ...
#		     if the user of request belongs to given groups
# Default:
#	None set
# Examples:
#	acl OPTIONS type OPTIONS
#	acl RESPMOD type RESPMOD
#	acl REQMOD  type REQMOD
#	acl ALLREQUESTS type OPTIONS RESPMOD REQMOD
#	acl XHEAD icap_header{X-Test}  /value/
#	acl ECHO service echo
#	acl localnet src 192.168.1.0/255.255.255.0
#	acl localhost src 127.0.0.1/255.255.255.255
#	acl all src 0.0.0.0/0.0.0.0

# TAG: icap_access
# Format: icap_access allow|deny [!]acl1 ...
# Description:
#	Allowing or denying ICAP access based on defined access lists
# Default:
#	None set
# Example:
#	icap_access deny XHEAD
#	#Allow OPTIONS method for all:
#	icap_access allow localnet OPTIONS
#	#Require authentication for all users from local network:
#	icap_access allow AUTH localnet
#	icap_access deny all

# TAG: client_access
# Format: client_access allow|deny acl1 [acl2] [...]
# Description:
#	Allowing or denying connections on c-icap based on
#	defined access lists. Only the acl types src, srvip and port
#	can be used.
# Default:
#	None set
# Example:
#	client_access allow all

# TAG: LogFormat 
# Format: LogFormat Name Format
# Description:
#	Name is a name for this log format.
#	Format is a string with embedded % format codes. % format codes 
#	has the following form:
#	    % [-] [width] [{argument}] formatcode
#	    if - is specified then the output is left aligned
#	    if width specified then the field is exactly width size
#	    some formatcodes support arguments given as {argument}
#	
#	Format codes:
#	       %a:  Remote IP-Address
#	       %la: Local IP Address
#	       %lp: Local port
#	       %>a: Http Client IP Address. Only supported if the proxy 
#	       	    client supports the "X-Client-IP" header
#	       %<a: http="" server="" ip="" address.="" only="" supported="" if="" the="" proxy<br="">#	       	    client supports the "X-Server-IP" header
#	       %ts: Seconds since epoch
#	       %tl: Local time. Supports optional strftime format argument
#	       %tg: GMT time. Supports optional strftime format argument
#	       %>ho: Modified Http request header. Supports header name
#	       	     as argument. If no argument given the first line returned
#	       %huo: Modified Http request url
#	       %<ho: modified="" http="" reply="" header.="" supports="" header="" name<br="">#	       	     as argument. If no argument given the first line returned
#	       %iu: Icap request url
#	       %im: Icap method
#	       %is: Icap status code
#	       %>ih: Icap request header. Supports header name
#	       	     as argument. If no argument given the first line returned
#	       %<ih: icap="" response="" header.="" supports="" header="" name<br="">#	       	     as argument. If no argument given the first line returned
#	       %Ih: Http bytes received
#	       %Oh: Http bytes sent
#	       %Ib: Http body bytes received
#	       %Ob: Http body bytes sent
#	       %I: Bytes received
#	       %O: Bytes sent
#	       %bph: The first 5 bytes of the body preview data. Non 
#	       	     printable characters printed in hex form.
#	       	     Supports the number of bytes to output as argument.
#	       %un: Username
#	       %Sl: Service log string
#              %Sa: Attribute value set by service. The attribute name must 
#                   given as argument.
# Default:
#	None set
# Example:
#	LogFormat myFormat "%tl, %a %im %iu %is %I %O %Ib %Ob %{10}bph" 

# TAG: ServerLog
# Format: ServerLog LogFile
# Description:
#	the file used by the build-in logger file_logger to 
#	store debugging information, errors and other
#	information about the c-icap server.
# Default:
#	ServerLog /var/log/c-icap/server.log
ServerLog /var/log/c-icap/server.log

# TAG: AccessLog
# Format: AccessLog LogFile [LogFormat] [[!]acl1] [[!]acl2] [...]
# Description:
#	LogFile is a file where to log access information.
#	LogFormat is the log format to use. If ommited c-icap uses:
#	 	"%tl, %la %a %im %iu %is"
#	Also acls can be used to select certain requests to be logged.
#	This directive can be used more than once to specify more than
#	one access log files
# Default:
#	AccessLog /var/log/c-icap/access.log
# Example:
#	AccessLog /var/log/c-icap/access.log MyFormat all
AccessLog /var/log/c-icap/access.log

# TAG: Logger
# Format: Logger LoggerName
# Description:
#	Specify wich logger to use. By default uses the build in "file_logger" which
#	uses files for access and server logging.
# Default:
#	Logger file_logger
# Example:
#	Logger sys_logger

# TAG: Module
# Format: Module Type ModuleFile
# Description:
#	Load an external module/plugin to c-icap.
#	ModuleFile is the filename of the module. If no full path given then c-icap
#	searche in path defined by the ModulesDir configuration parameter.
#	Type is the type of the external module and can be one of the following:
#	- "logger" for modules implement a logger
#	- "common" for general purpose modules
# Default:
#	
# Example:
#	Module logger sys_logger.so

# TAG: Service
# Format: Service aName ServiceFile
# Description:
#	It loads the service ServiceFile. The argument aName used 
#	as alias name for the service
# Default:
#	
# Example:
#	Service echo_service srv_echo.so

# TAG: ServiceAlias
# Format: ServiceAlias AliasName ServiceName[?param1=value1¶m2=value2...]
# Description:
#	Used to define an alias name for a service.
# Default:
#	
# Example:
#	ServiceAlias avscan srv_clamav?allow204=on&sizelimit=off&mode=simple

#
# TAG: General configuration parameters for all services
# Description:
#	PreviewSize: The preview data size to advertise to the icap client
#	MaxConnections: The client should not use more than MaxConnections
#		for this service.
#	TransferPreview: The list of file extensions, seperated by commas,
#		for which the client should send preview data.
#	TransferIgnore: The list of file extensions that should not be sent
#		to the icap server
#	TransferComplete: The list of file extensions that should be sent
#		in their entirety, without preview, to the icap server
#	OptionsTTL: The options ttl for the service. The "sec[s]", "min" or 
#		"hour[s]" can be used to secify that the time is in seconds
#		minutes or hours respectively. If no time-units given
#		seconds are assumed.
#	Allow206 on|off: Enable/disable advertise of 206 responses.
#
# Example:
#	echo.PreviewSize 512
#	echo.TransferIgnore gif, jpeg
#	echo.OptionsTTL 3 min

######################################################
# External modules comming with core c-icap server
#
# Module: echo
# Description:
#	Simple test service
# Example:
#	Service echo srv_echo.so
Service echo srv_echo.so

# Module: sys_logger
# Description:
#	Add support for logging access and server events to syslog server
#	Use "Module" configuration parameter to load this module and "Logger"
#	to make it default logger for the c-icap.
# Example:
#	Module logger sys_logger.so
#	Logger sys_logger

# TAG: sys_logger.Prefix
# Format: sys_logger.Prefix string
# Description:
#	 string is be presented in every syslog message.
# Default:
#	sys_logger.Prefix "C-ICAP:"

# TAG: sys_logger.Facility
# Format: sys_logger.Facility daemon|user|local1|local2|local3|local4|local5|local6|local7
# Description:
#	specifies the facility type of syslog. 
# Default:
#	sys_logger.Facility daemon

# TAG: sys_logger.access_priority
# Format: sys_logger.access_priority alert|crit|debug|emerg|err|info|notice|warning
# Description:
#	determines  the  importance  of the access log message
# Default:
#	sys_logger.access_priority info

# TAG: sys_logger.server_priority
# Format: sys_logger.server_priority alert|crit|debug|emerg|err|info|notice|warning
# Description:
#	determines  the  importance  of the server log message
# Default:
#	sys_logger.server_priority crit

# TAG: sys_logger.LogFormat
# Format: sys_logger.LogFormat LOGFORMAT
# Description:
#	The log format to use. If no log format defined then 
#	the following will be used:
#	    "%la %a %im %iu %is"
# Default:
#	None set 
# Example:
#	Logformat BasicFormat "%la %a %im %iu %is"
#	sys_logger.LogFormat BasicFormat

# TAG: sys_logger.access
# Format: sys_logger.access [!]acl1 ...
# Description:
#	Allow selecting ICAP requests to be logged using acls.
#	By default all requests will be logged.
# Default:
#	None set
# Example:
#	sys_logger.access all

# End module: sys_logger

# Module: bdb_tables
# Description:
#	Add support for Berkeley DB based lookup tables. The format for 
#	bdb path of the lookup table is:
#		bdb:/path/to/bdb
#	Use the c-icap-mkbdb utility to build Berkeley DB c-icap lookup tables
# Example:
#	Module common bdb_tables.so

# End module: bdb_tables

# Module: dnsbl_tables
# Description:
#	Add support for dns lookup tables. Can be used to access
#	dns block lists. The dnsbl lookup table path definition is:
#	    dnsbl:domainname
#	For example the lookup table  for accessing the black.uribl.com
#	dns black list is: 
#	    dnsbl:black.uribl.com
# Example:
#	Module common dnsbl_tables.so

# End module: dnsbl_tables

# Module: ldap_module
# Description:
#	Add LDAP support to c-icap. The user can use LDAP based lookup tables
#	using the following lookup table path:
#	      ldap://[username:password@]ldapserver?base?attr1,attr2?filter[{[cache=no]}]
#	The filter can contain the "%s" formating code which will be replaced by
#	the search key
#	Examples of supported ldap urls:
#	     ldap://ldap.chtsanti.net?o=chtsanti?cn,uid?uid=%s
#	     
#	
#	WARNING: is not enough tested it may contain bugs!
# Example:
#	Module common ldap_module.so

# End module: ldap_module

[size][color]c-icap.magic[/color][/size]
[code]# In this file defined the types of files and the groups of file types. 
# The predefined data types, which are not included in this file, 
# are ASCII, ISO-8859, EXT-ASCII, UTF (not implemented yet), HTML 
# which are belongs to TEXT predefined group and BINARY which 
# belongs to DATA predefined group.
#
# The line format of magic file is:
#
# offset:Magic:Type:Short Description:Group1[:Group2[:Group3]...]
#
# CURRENT GROUPS are :TEXT DATA EXECUTABLE ARCHIVE GRAPHICS STREAM DOCUMENT

0:MZ:MSEXE:DOS/W32 executable/library/driver:EXECUTABLE
0:LZ:DOSEXE:MS-DOS executable:EXECUTABLE
0:\177ELF:ELF:ELF unix executable:EXECUTABLE
0:\312\376\272\276:JavaClass:Compiled Java class:EXECUTABLE

#Archives
0:Rar!:RAR:Rar archive:ARCHIVE
0:PK\003\004:ZIP:Zip archive:ARCHIVE
0:PK00PK\003\004:ZIP:Zip archive:ARCHIVE
0:\037\213:GZip:Gzip compressed file:ARCHIVE
0:BZh:BZip:BZip compressed file:ARCHIVE
0:SZDD:Compress.exe:MS Copmress.exe'd compressed data:ARCHIVE
0:\037\235:Compress:UNIX compress:ARCHIVE
0:MSCF:MSCAB:Microsoft cabinet file:ARCHIVE
257:ustar:TAR:Tar archive file:ARCHIVE
0:\355\253\356\333:RPM:Linux RPM file:ARCHIVE
0:\170\237\076\042:TNEF:Transport Neutral Encapsulation Format:ARCHIVE
20:\xDC\xA7\xC4\xFD:ZOO:Zoo archiver:ARCHIVE
2:-lh:LHA:Lha archiver:ARCHIVE
#Other type of Archives
0:ITSF:MSCHM:MS Windows Html Help:ARCHIVE
0:!<arch>\012debian:debian:Debian package:ARCHIVE

# Graphics
0:GIF8:GIF:GIF image data:GRAPHICS
0:BM:BMP:BMP image data:GRAPHICS
0:\377\330:JPEG:JPEG image data:GRAPHICS
0:\211PNG:PNG:PNG image data:GRAPHICS
0:\000\000\001\000:ICO:MS Windows icon resource:GRAPHICS
0:FWS:SWF:Shockwave Flash data:GRAPHICS
0:CWS:SWF:Shockwave Flash data:GRAPHICS

#STREAM
0:\000\000\001\263:MPEG:MPEG video stream:STREAM
0:\000\000\001\272:MPEG::STREAM
0:RIFF:RIFF:RIFF video/audio stream:STREAM
0:OggS:OGG:Ogg Stream:STREAM
0:ID3:MP3:MP3 audio stream:STREAM
0:\377\373:MP3:MP3 audio stream:STREAM
0:\377\372:MP3:MP3 audio stream:STREAM
0:\060\046\262\165\216\146\317:ASF:WMA/WMV/ASF:STREAM
0:.ra\0375:RAF:Real audio stream:STREAM
0:.RMF:RMF:Real Media File:STREAM
0:OggS:OGG:Ogg stream data:STREAM
8:AIFF:AIFF:AIFF audio data:STREAM
8:AIFC:AIFF:AIFF-C audio data:STREAM
8:8SVX:AIFF:IFF/8SVX audio data:STREAM

0:MOVI:SGI:SGI video format:STREAM
4:moov:QTFF:Quick time  video format:STREAM
4:mdat:QTFF:Quick time  video format:STREAM
4:wide:QTFF:Quick time  video format:STREAM
4:skip:QTFF:Quick time  video format:STREAM
4:free:QTFF:Quick time  video format:STREAM
8:isom:MP4:MP4 Apple video format:STREAM
8:mp41:MP4:MP4 Apple video format:STREAM
8:mp42:MP4:MP4 Apple video format:STREAM
8:mmp44:MP4:MP4 Apple video format:STREAM
8:M4A:MP4:MP4 Apple video format:STREAM
8:3gp:3GPP:3GPP Apple video format:STREAM
8:avc1:3GPP:3GPP Apple video format:STREAM

#Responce from stream server :-)
0:ICY 200 OK:ShouthCast:Shouthcast audio stream:STREAM

#Documents
0:\320\317\021\340\241\261:MSOFFICE:MS Office Document:DOCUMENT
0:\376\067\0\043:MSOFFICE:MS Office Document:DOCUMENT
0:\333\245-\000\000\000:MSOFFICE:MS Office Document:DOCUMENT
0:\208\207\017\224\161\177\026\225\000:MSOFFICE::DOCUMENT
4:Standard Jet DB:MSOFFICE:MS Access Database:DOCUMENT
0:%PDF-:PDF:PDF document:DOCUMENT
0:%!:PS:PostScript document:DOCUMENT
0:\004%!:PS:PostScript document:DOCUMENT[/code]

[size][color]freshclam.conf[/color][/size]
[code]##
## Example config file for freshclam
## Please read the freshclam.conf(5) manual before editing this file.
##

# Comment or remove the line below.

# Path to the database directory.
# WARNING: It must match clamd.conf's directive!
# Default: hardcoded (depends on installation options)
DatabaseDirectory /var/db/clamav

# Path to the log file (make sure it has proper permissions)
# Default: disabled
UpdateLogFile /var/log/clamav/freshclam.log

# Maximum size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes).
# in bytes just don't use modifiers. If LogFileMaxSize is enabled,
# log rotation (the LogRotate option) will always be enabled.
# Default: 1M
#LogFileMaxSize 2M

# Log time with each message.
# Default: no
#LogTime yes

# Enable verbose logging.
# Default: no
#LogVerbose yes

# Use system logger (can work together with UpdateLogFile).
# Default: no
#LogSyslog yes

# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL

# Enable log rotation. Always enabled when LogFileMaxSize is enabled.
# Default: no
#LogRotate yes

# This option allows you to save the process identifier of the daemon
# Default: disabled
PidFile /var/run/clamav/freshclam.pid

# By default when started freshclam drops privileges and switches to the
# "clamav" user. This directive allows you to change the database owner.
# Default: clamav (may depend on installation options)
DatabaseOwner clamav

# Initialize supplementary group access (freshclam must be started by root).
# Default: no
AllowSupplementaryGroups yes

# Use DNS to verify virus database version. Freshclam uses DNS TXT records
# to verify database and software versions. With this directive you can change
# the database verification domain.
# WARNING: Do not touch it unless you're configuring freshclam to use your
# own database verification domain.
# Default: current.cvd.clamav.net
#DNSDatabaseInfo current.cvd.clamav.net

# Uncomment the following line and replace XY with your country
# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
# You can use db.XY.ipv6.clamav.net for IPv6 connections.
#DatabaseMirror db.XY.clamav.net

# database.clamav.net is a round-robin record which points to our most 
# reliable mirrors. It's used as a fall back in case db.XY.clamav.net is 
# not working. DO NOT TOUCH the following line unless you know what you
# are doing.
DatabaseMirror database.clamav.net

# How many attempts to make before giving up.
# Default: 3 (per mirror)
#MaxAttempts 5

# With this option you can control scripted updates. It's highly recommended
# to keep it enabled.
# Default: yes
#ScriptedUpdates yes

# By default freshclam will keep the local databases (.cld) uncompressed to
# make their handling faster. With this option you can enable the compression;
# the change will take effect with the next database update.
# Default: no
#CompressLocalDatabase no

# With this option you can provide custom sources (http:// or file://) for
# database files. This option can be used multiple times.
# Default: no custom URLs
#DatabaseCustomURL http://myserver.com/mysigs.ndb
#DatabaseCustomURL file:///mnt/nfs/local.hdb

# This option allows you to easily point freshclam to private mirrors.
# If PrivateMirror is set, freshclam does not attempt to use DNS
# to determine whether its databases are out-of-date, instead it will
# use the If-Modified-Since request or directly check the headers of the
# remote database files. For each database, freshclam first attempts
# to download the CLD file. If that fails, it tries to download the
# CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo
# and ScriptedUpdates. It can be used multiple times to provide
# fall-back mirrors.
# Default: disabled
#PrivateMirror mirror1.mynetwork.com
#PrivateMirror mirror2.mynetwork.com

# Number of database checks per day.
# Default: 12 (every two hours)
#Checks 24

# Proxy settings
# Default: disabled
#HTTPProxyServer myproxy.com
#HTTPProxyPort 1234
#HTTPProxyUsername myusername
#HTTPProxyPassword mypass

# If your servers are behind a firewall/proxy which applies User-Agent
# filtering you can use this option to force the use of a different
# User-Agent header.
# Default: clamav/version_number
#HTTPUserAgent SomeUserAgentIdString

# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
# multi-homed systems.
# Default: Use OS'es default outgoing IP address.
#LocalIPAddress aaa.bbb.ccc.ddd

# Send the RELOAD command to clamd.
# Default: no
NotifyClamd /usr/local/etc/clamd.conf

# Run command after successful database update.
# Default: disabled
#OnUpdateExecute command

# Run command when database update process fails.
# Default: disabled
#OnErrorExecute command

# Run command when freshclam reports outdated version.
# In the command string %v will be replaced by the new version number.
# Default: disabled
#OnOutdatedExecute command

# Don't fork into background.
# Default: no
#Foreground yes

# Enable debug messages in libclamav.
# Default: no
#Debug yes

# Timeout in seconds when connecting to database server.
# Default: 30
#ConnectTimeout 60

# Timeout in seconds when reading from database server.
# Default: 30
#ReceiveTimeout 60

# With this option enabled, freshclam will attempt to load new
# databases into memory to make sure they are properly handled
# by libclamav before replacing the old ones.
# Default: yes
#TestDatabases yes

# When enabled freshclam will submit statistics to the ClamAV Project about
# the latest virus detections in your environment. The ClamAV maintainers
# will then use this data to determine what types of malware are the most
# detected in the field and in what geographic area they are.
# Freshclam will connect to clamd in order to get recent statistics.
# Default: no
#SubmitDetectionStats /path/to/clamd.conf

# Country of origin of malware/detection statistics (for statistical
# purposes only). The statistics collector at ClamAV.net will look up
# your IP address to determine the geographical origin of the malware
# reported by your installation. If this installation is mainly used to
# scan data which comes from a different location, please enable this
# option and enter a two-letter code (see http://www.iana.org/domains/root/db/)
# of the country of origin.
# Default: disabled
#DetectionStatsCountry country-code

# This option enables support for our "Personal Statistics" service. 
# When this option is enabled, the information on malware detected by
# your clamd installation is made available to you through our website.
# To get your HostID, log on http://www.stats.clamav.net and add a new
# host to your host list. Once you have the HostID, uncomment this option
# and paste the HostID here. As soon as your freshclam starts submitting
# information to our stats collecting service, you will be able to view
# the statistics of this clamd installation by logging into
# http://www.stats.clamav.net with the same credentials you used to
# generate the HostID. For more information refer to:
# http://www.clamav.net/documentation.html#cctts 
# This feature requires SubmitDetectionStats to be enabled.
# Default: disabled
#DetectionStatsHostID unique-id

# This option enables support for Google Safe Browsing. When activated for
# the first time, freshclam will download a new database file (safebrowsing.cvd)
# which will be automatically loaded by clamd and clamscan during the next
# reload, provided that the heuristic phishing detection is turned on. This
# database includes information about websites that may be phishing sites or
# possible sources of malware. When using this option, it's mandatory to run
# freshclam at least every 30 minutes.
# Freshclam uses the ClamAV's mirror infrastructure to distribute the
# database and its updates but all the contents are provided under Google's
# terms of use. See http://www.google.com/transparencyreport/safebrowsing
# and http://www.clamav.net/documentation.html#safebrowsing 
# for more information.
# Default: disabled
#SafeBrowsing yes

# This option enables downloading of bytecode.cvd, which includes additional
# detection mechanisms and improvements to the ClamAV engine.
# Default: enabled
#Bytecode yes

# Download an additional 3rd party signature database distributed through
# the ClamAV mirrors. 
# This option can be used multiple times.
#ExtraDatabase dbname1
#ExtraDatabase dbname2[/code]

[/s][/s]</arch></ih:></ho:></a:>

doktornotor

The configuration in the tabs is most likely not what the real configuration is. Wipe all those textareas and save. Until next version (https://github.com/pfsense/pfsense-packages/pull/1088), any debugging of this is a complete waste of time.

firefox

i have version 0.3.8
when is this  version Is distributed ?

Netizen1

@firefox:

i have version 0.3.8
when is this  version Is distributed ?

As soon as the pull request doktornotor quoted gets approved and merged… no ETA at this point

doktornotor

Try with 0.3.9.1

firefox

After the update, and after it runs
Still Fails

it this website ?

http://www.eicar.org/85-0-Download.html

i try to download this files
and they are downloaded
no any virus Message

doktornotor

Clear your browser cache. All I can suggest. When it's cached locally, won't hit Squid at all.

firefox

i  Clear my browser cache
and try from another computer

and just delete squid cache

still cant see the virus

Could be
Something in the settings squid

doktornotor

Dude. This just works, as shown on the screenshots above.

• The ACLs have no relevance as long as you keep the Allow Users on Interface checked.
• The Traffic Mgmt is totally irrelevant

The only relevant things here is that

• Antivirus is enabled an running
• The file is not cached locally by the browser
• The request hits the proxy (i.e., your browser is configured to use the proxy)

Check the logs to see whether that requests goes to Squid or not. Its shown realtime. Use the damned logs. They are there for a reason.

firefox

The only relevant things here is that

• Antivirus is enabled an running
• The file is not cached locally by the browser
• The request hits the proxy (i.e., your browser is configured to use the proxy)

Antivirus is enabled an running – yes
The file is not cached locally by the browser -- How do I check it ?
The request hits the proxy (i.e., your browser is configured to use the proxy) yes

Check the logs to see whether that requests goes to Squid or not. Its shown realtime. Use the damned logs. They are there for a reason.

real time dont show notting
i try my ip

what is

damned logs

dont see this tab


doktornotor

Auto-Detect proxy does absolutely NOTHING useful without DHCP/DNS/WPAD configuration. Unless Squid is configured as transparent, those requests will not ever hit the proxy. Which very much corresponds with your observation that "real time dont show notting".

firefox

Auto-Detect proxy does absolutely NOTHING useful without DHCP/DNS/WPAD configuration

It was on "use system proxy settings"
I changed it
I wanted to see if that would help

Unless Squid is configured as transparent, those requests will not ever hit the proxy.

squid not configured as transparent (I tried it – There was no Internet access)

Which very much corresponds with your observation that "real time dont show notting

how do i make it work
it work before (dont remember the last time I checked, the date I mean)

what is

damned logs

where i can see it ?

doktornotor

Kindly explicitly point your browser to you pfSense LAN IP port 3128 in the proxy settings. Proxy autoconfiguration will not work without setting up things as mentioned above.

firefox

like this ?


doktornotor

No, NOT like this. You cannot leave the field before the port empty!!!

firefox

You cannot leave the field before the port empty!!!

What should be listed there ?

Thanks for your help and patience

doktornotor

@firefox:

You cannot leave the field before the port empty!!!

What should be listed there ?

Urgh!!!! I already answered that question!!!

@doktornotor:

Kindly explicitly point your browser to your pfSense LAN IP port 3128 in the proxy settings.

firefox

i did it but
when it was like that
i had no internet access
not even to the pfsense 192.168.0.1


doktornotor

OK. I seriously do NOT have time for this any more. Maybe someone else has the patience to explain how to configure a proxy in browser in 2-pages thread. I don't any more. This gets hazardous to my health and mental sanity.

FUCKING HELL: Type the IP adress there!!! Of the pfSense LAN. "pfSense LAN IP" is not a valid IP address!!! WTH!!!!!!!!!!!  Google how IP address looks if unsure!

:( >:( >:( >:( >:( >:( >:( >:( >:( >:(

firefox

It works finally

Thank you

Before
I did not have to write this information,
And it worked

Anyway
Thanks again