How do I install HAVP?See the INSTALL file that comes with sources.
Can I run HAVP as a standalone proxy?Yes, it's good enough to use alone at home, but that is not recommended for anything more critical. HAVP is not 100% HTTP-compliant, there isn't many access controls etc. We recommend using Squid in front, as there is no point trying to duplicate all the mature functionality it has in HAVP.
See the usage page:
http://havp.hege.li/forum/viewtopic.php?t=11Can I scan HTTPS/SSL requests?No, because they are encrypted. It is possible with a man-in-the-middle setup, but HAVP will not support it in itself.
For a possible solution: see
http://havp.hege.li/forum/viewtopic.php?t=188HAVP 0.78 and newer can simply forward HTTPS requests if compiled with --enable-ssl-tunnel option. But this is _NOT_ recommended, using Squid in front to handle this is much more efficient.
Can I scan FTP traffic?FTP is not supported directly. Only FTP through HTTP (
ftp://xxx/ URLs) is supported, when HAVP uses a parent proxy with FTP capabilities (ie. Squid).
Can I run HAVP on ****BSD?Only Linux and Solaris are supported currently. Other OS are not known to support mandatory locking, which is mandatory for HAVP.
HAVP 0.80 has experimental support for working without mandatory locking. It works on FreeBSD, but KEEPBACK settings can not be used.
Can I use multiple scanners?HAVP 0.79+ supports multiple scanners. Always running recent version is recommended, so update if you have older.
Can I filter other bad content?No, HAVP concentrates purely on virus scanning and tries to do it as secure as possible (ALL content is scanned), while being non-intrusive (no timeouts/delays, no "downloading" javascript hacks). There is other good software for general content filtering like DansGuardian, squidGuard or ufdbGuard.
Do not use any large blacklist-files with HAVP, it is not designed for it.
What do all these "Could not.." errors mean in error.log?Absolutely nothing, unless you know something is broken. They are just debug messages telling if server did not send header as it should have etc.. decrease LOGLEVEL if you don't want to see them.
Can I hide scanners/virus names from virus notification template? I don't want users to know these.Edit virus.html and remove the <message> part.
Are uploads scanned?Not currently. Is this really needed anyway?