Check these Squid ClamAV log entries please



  • I'm seeing entries below about not attaching to memory and versions being out of date. Also the clamav 200 & 204 messages. Are these all 'ok' or is something not working right here..

    
    C-ICAP - Access Logs
    Date-Time		Message
    03.05.2016 19:45:19	127.0.0.1 127.0.0.1 RESPMOD squid_clamav 200
    03.05.2016 19:45:19	127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    03.05.2016 19:45:18	127.0.0.1 127.0.0.1 RESPMOD squid_clamav 200
    03.05.2016 19:45:18	127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    03.05.2016 19:45:17	127.0.0.1 127.0.0.1 RESPMOD squid_clamav 200
    03.05.2016 19:45:17	127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    03.05.2016 19:45:16	127.0.0.1 127.0.0.1 RESPMOD squid_clamav 200
    03.05.2016 19:45:16	127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    03.05.2016 19:45:15	127.0.0.1 127.0.0.1 RESPMOD squid_clamav 200
    03.05.2016 19:45:15	127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    repeats…
    
    C-ICAP - Server Logs
    Date-Time		Message
    30.04.2016 16:27:50	can't attach shared memory!Sat Apr 30 16:34:55 2016
    28.04.2016 21:06:32	squidclamav.c(1704) dconnect: Thu Apr 28 21:06:32 2016
    28.04.2016 21:06:31	squidclamav.c(614) squidclamav_end_of_data_handler: Thu Apr 28 21:06:31 2016
    25.04.2016 15:39:10	can't attach shared memory!Mon Apr 25 16:19:05 2016
    25.04.2016 14:44:56	squidclamav.c(1487) generate_response_page: Mon Apr 25 14:44:56 2016
    25.04.2016 14:33:05	squidclamav.c(1487) generate_response_page: Mon Apr 25 14:33:05 2016
    25.04.2016 14:33:00	squidclamav.c(1487) generate_response_page: Mon Apr 25 14:33:00 2016
    25.04.2016 14:32:56	squidclamav.c(1487) generate_response_page: Mon Apr 25 14:32:56 2016
    25.04.2016 14:32:38	squidclamav.c(1487) generate_response_page: Mon Apr 25 14:32:38 2016
    25.04.2016 14:23:50	squidclamav.c(614) squidclamav_end_of_data_handler: Mon Apr 25 14:23:50 2016
    25.04.2016 14:23:50	squidclamav.c(1704) dconnect: Mon Apr 25 14:23:50 2016
    25.04.2016 14:23:48	squidclamav.c(614) squidclamav_end_of_data_handler: Mon Apr 25 14:23:48 2016
    25.04.2016 14:23:48	squidclamav.c(1704) dconnect: Mon Apr 25 14:23:48 2016
    25.04.2016 14:23:48	squidclamav.c(614) squidclamav_end_of_data_handler: Mon Apr 25 14:23:48 2016
    25.04.2016 14:23:48	squidclamav.c(1704) dconnect: Mon Apr 25 14:23:48 2016
    25.04.2016 14:23:47	squidclamav.c(614) squidclamav_end_of_data_handler: Mon Apr 25 14:23:47 2016
    25.04.2016 14:23:47	squidclamav.c(1704) dconnect: Mon Apr 25 14:23:47 2016
    
    ClamAV - freshclam Logs
    Message
    bytecode.cvd is up to date (version: 277, sigs: 47, f-level: 63, builder: neo)
    daily.cld is up to date (version: 21514, sigs: 90868, f-level: 63, builder: neo)
    main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
    DON'T PANIC! Read http://www.clamav.net/support/faq
    WARNING: Local version: 0.99 Recommended version: 0.99.2
    WARNING: Your ClamAV installation is OUTDATED!
    ClamAV update process started at Tue May 3 19:00:00 2016
    --------------------------------------
    


  • Bump..



  • I would like to know this, too. Please!



  • My C-ICAP logs are currently getting spammed with this junk:

    10.08.2016 19:56:35
    127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.08.2016 19:56:27
    127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.08.2016 19:56:24
    127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.08.2016 19:56:17
    127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.08.2016 19:56:17
    127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.08.2016 19:56:16
    127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.08.2016 19:56:16
    127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.08.2016 19:56:16
    127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.08.2016 19:56:16
    127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
    10.08.2016 19:56:16
    127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.08.2016 19:56:16
    127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.08.2016 19:56:15
    127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.08.2016 19:56:15
    127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.08.2016 19:56:15
    127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.08.2016 19:56:15
    127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.08.2016 19:56:15
    127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.08.2016 19:56:15
    127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.08.2016 19:56:15
    127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.08.2016 19:56:15
    127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.08.2016 19:56:15
    127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.08.2016 19:56:15
    127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.08.2016 19:56:15
    127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.08.2016 19:56:15
    127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.08.2016 19:56:15
    127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.08.2016 19:56:15
    127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    

    What's going on here? Access to some sites through the proxy server are also extremely slow. For example trying to load Microsoft.com takes upwards of 5 minutes for a page to load! other sites are lightning fast. Nothing disconcerting in the logs aside from this.



  • SB can help???

    Date-Time Message
    10.12.2017 20:31:34 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.12.2017 20:31:34 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
    10.12.2017 20:31:33 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.12.2017 20:31:33 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
    10.12.2017 20:31:33 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.12.2017 20:31:32 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
    10.12.2017 20:31:32 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.12.2017 20:31:31 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
    10.12.2017 20:31:31 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204



  • @yahav02:

    SB can help???

    Date-Time Message
    10.12.2017 20:31:34 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.12.2017 20:31:34 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
    10.12.2017 20:31:33 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.12.2017 20:31:33 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
    10.12.2017 20:31:33 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.12.2017 20:31:32 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
    10.12.2017 20:31:32 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
    10.12.2017 20:31:31 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
    10.12.2017 20:31:31 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204

    Those are normal.
    If I remember correctly that is the Request's from the client being sent to the C-ICAP and ClamAV.

    The Response is after it has been scanned by ClamAV and if a virus is found you will see a generate
    response page in the C-ICAP Server Table.


Log in to reply