Squid+transparent proxy+antivirus broken [FIXED]



  • I have the latest RC and performed a clean install to attempt to get this going.

    1.  Installed squid package (rebooted)
    2.  configured squid+transparent proxy - working (rebooted)
    3.  configured antivirus and downloaded latested clam database - waited for it to finish (/var/db/clamav has daily/main/bytecode) (rebooted)

    Transparent proxy works.  Browsed to eicar.org and attempted to download test virus files and I get the following squid error:

    The following error was encountered while trying to retrieve the URL: http://www.eicar.org/download/eicar.com
    
    Read Error
    
    The system returned: (54) Connection reset by peer
    
    An error condition occurred while reading data from the network. Please retry your request.
    
    Your cache administrator is admin@localhost.
    
    

    I checked the logs and I see "Message WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.sock: No such file or directory"

    I checked on the firewall and it exists with what appears to be proper permissions and ownership:

    [2.3-RC][root@pfSense.localdomain]/root: ls -la /var/run/clamav/clamd.sock
    srw-rw-rw-  1 clamav  clamav  0 Apr  8 16:12 /var/run/clamav/clamd.sock

    The socket appears to be working correctly also:

    [2.3-RC][root@pfSense.localdomain]/root: echo PING |nc -U /var/run/clamav/clamd.sock
    PONG

    Nothing else is running on this box (yet) - any ideas what I could have missed or what may be broken?



  • UPDATE:  just updated to the latest RC (prior to Monday's release) and this is indeed working now.