Check these Squid ClamAV log entries please
-
I'm seeing entries below about not attaching to memory and versions being out of date. Also the clamav 200 & 204 messages. Are these all 'ok' or is something not working right here..
C-ICAP - Access Logs Date-Time Message 03.05.2016 19:45:19 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 200 03.05.2016 19:45:19 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 03.05.2016 19:45:18 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 200 03.05.2016 19:45:18 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 03.05.2016 19:45:17 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 200 03.05.2016 19:45:17 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 03.05.2016 19:45:16 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 200 03.05.2016 19:45:16 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 03.05.2016 19:45:15 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 200 03.05.2016 19:45:15 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 repeats… C-ICAP - Server Logs Date-Time Message 30.04.2016 16:27:50 can't attach shared memory!Sat Apr 30 16:34:55 2016 28.04.2016 21:06:32 squidclamav.c(1704) dconnect: Thu Apr 28 21:06:32 2016 28.04.2016 21:06:31 squidclamav.c(614) squidclamav_end_of_data_handler: Thu Apr 28 21:06:31 2016 25.04.2016 15:39:10 can't attach shared memory!Mon Apr 25 16:19:05 2016 25.04.2016 14:44:56 squidclamav.c(1487) generate_response_page: Mon Apr 25 14:44:56 2016 25.04.2016 14:33:05 squidclamav.c(1487) generate_response_page: Mon Apr 25 14:33:05 2016 25.04.2016 14:33:00 squidclamav.c(1487) generate_response_page: Mon Apr 25 14:33:00 2016 25.04.2016 14:32:56 squidclamav.c(1487) generate_response_page: Mon Apr 25 14:32:56 2016 25.04.2016 14:32:38 squidclamav.c(1487) generate_response_page: Mon Apr 25 14:32:38 2016 25.04.2016 14:23:50 squidclamav.c(614) squidclamav_end_of_data_handler: Mon Apr 25 14:23:50 2016 25.04.2016 14:23:50 squidclamav.c(1704) dconnect: Mon Apr 25 14:23:50 2016 25.04.2016 14:23:48 squidclamav.c(614) squidclamav_end_of_data_handler: Mon Apr 25 14:23:48 2016 25.04.2016 14:23:48 squidclamav.c(1704) dconnect: Mon Apr 25 14:23:48 2016 25.04.2016 14:23:48 squidclamav.c(614) squidclamav_end_of_data_handler: Mon Apr 25 14:23:48 2016 25.04.2016 14:23:48 squidclamav.c(1704) dconnect: Mon Apr 25 14:23:48 2016 25.04.2016 14:23:47 squidclamav.c(614) squidclamav_end_of_data_handler: Mon Apr 25 14:23:47 2016 25.04.2016 14:23:47 squidclamav.c(1704) dconnect: Mon Apr 25 14:23:47 2016 ClamAV - freshclam Logs Message bytecode.cvd is up to date (version: 277, sigs: 47, f-level: 63, builder: neo) daily.cld is up to date (version: 21514, sigs: 90868, f-level: 63, builder: neo) main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer) DON'T PANIC! Read http://www.clamav.net/support/faq WARNING: Local version: 0.99 Recommended version: 0.99.2 WARNING: Your ClamAV installation is OUTDATED! ClamAV update process started at Tue May 3 19:00:00 2016 --------------------------------------
-
Bump..
-
I would like to know this, too. Please!
-
My C-ICAP logs are currently getting spammed with this junk:
10.08.2016 19:56:35 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 10.08.2016 19:56:27 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 10.08.2016 19:56:24 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 10.08.2016 19:56:17 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 10.08.2016 19:56:17 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 10.08.2016 19:56:16 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 10.08.2016 19:56:16 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 10.08.2016 19:56:16 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 10.08.2016 19:56:16 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204 10.08.2016 19:56:16 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 10.08.2016 19:56:16 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 10.08.2016 19:56:15 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 10.08.2016 19:56:15 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 10.08.2016 19:56:15 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 10.08.2016 19:56:15 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 10.08.2016 19:56:15 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 10.08.2016 19:56:15 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 10.08.2016 19:56:15 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 10.08.2016 19:56:15 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 10.08.2016 19:56:15 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 10.08.2016 19:56:15 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 10.08.2016 19:56:15 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 10.08.2016 19:56:15 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 10.08.2016 19:56:15 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 10.08.2016 19:56:15 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
What's going on here? Access to some sites through the proxy server are also extremely slow. For example trying to load Microsoft.com takes upwards of 5 minutes for a page to load! other sites are lightning fast. Nothing disconcerting in the logs aside from this.
-
SB can help???
Date-Time Message
10.12.2017 20:31:34 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.12.2017 20:31:34 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
10.12.2017 20:31:33 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.12.2017 20:31:33 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
10.12.2017 20:31:33 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.12.2017 20:31:32 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
10.12.2017 20:31:32 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.12.2017 20:31:31 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
10.12.2017 20:31:31 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204 -
SB can help???
Date-Time Message
10.12.2017 20:31:34 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.12.2017 20:31:34 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
10.12.2017 20:31:33 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.12.2017 20:31:33 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
10.12.2017 20:31:33 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.12.2017 20:31:32 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
10.12.2017 20:31:32 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204
10.12.2017 20:31:31 127.0.0.1 127.0.0.1 RESPMOD squid_clamav 204
10.12.2017 20:31:31 127.0.0.1 127.0.0.1 REQMOD squid_clamav 204Those are normal.
If I remember correctly that is the Request's from the client being sent to the C-ICAP and ClamAV.The Response is after it has been scanned by ClamAV and if a virus is found you will see a generate
response page in the C-ICAP Server Table.