HTTP Anti-Virus Proxy http://havp.hege.li/forum/ |
|
SCANERROR ClamAV: Zip module failure http://havp.hege.li/forum/viewtopic.php?f=3&t=184 |
Page 1 of 1 |
Author: | olaf [ 12 Nov 2006 18:35 ] |
Post subject: | SCANERROR ClamAV: Zip module failure |
Hi, have some problems on download, I've got: Code: 12/11/2006 16:22:28 127.0.0.1 GET 200 http://heanet.dl.sourceforge.net/sourceforge/monkeystudio/qt4ds-src-2006.1.0.0RC2c.zip 307+698460 SCANERROR ClamAV: Zip module failure and Code: 12/11/2006 16:22:17 (127.0.0.1) Could not send body to browser on my sandwich squid/havp/squid proxy chain. The file size is 683K. Here my havp.config: Code: USER havp GROUP havp PIDFILE /var/run/havp/havp.pid SERVERNUMBER 16 MAXSERVERS 100 ACCESSLOG /var/log/havp/access.log ERRORLOG /var/log/havp/havp.log LOG_OKS true LOGLEVEL 1 SCANTEMPFILE /var/spool/havp/havp-XXXXXX TEMPDIR /tmp DBRELOAD 60 PARENTPROXY 127.0.0.1 PARENTPORT 3128 PORT 6666 BIND_ADDRESS 127.0.0.1 TEMPLATEPATH /etc/havp/templates/de WHITELISTFIRST true WHITELIST /etc/havp/whitelist BLACKLIST /etc/havp/blacklist FAILSCANERROR true SCANIMAGES false MAXSCANSIZE 1000000 STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS ENABLECLAMLIB true CLAMDBDIR /var/lib/clamav CLAMBLOCKENCRYPTED false CLAMBLOCKMAX false ENABLECLAMD false ENABLEFPROT false ENABLEAVG false ENABLEAVESERVER false ENABLESOPHIE false ENABLETROPHIE false ENABLENOD32 false ENABLEAVAST false Dateisystem Größe Benut Verf Ben% Eingehängt auf /var/havp.img 16M 156K 16M 1% /var/spool/hav The problem should not be related to unsufficent disk space. What's happended here? I'm using HAVP Version 0.82 on debian/etch. Here my squid 3.0 config: Code: http_port 127.0.0.1:8080
http_port 127.0.0.1:3128 acl from_client myport 8080 acl from_havp myport 3128 cache_peer 127.0.0.1 parent 6666 0 no-query no-digest no-netdb-exchange default cache_peer proxy.mdcc-fun.de parent 8080 0 default icp_port 0 htcp_port 0 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl ope_network src 192.168.1.0/24 acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports cache_peer_access 127.0.0.1 deny CONNECT cache_peer_access 127.0.0.1 deny from_havp cache_peer_access 127.0.0.1 allow all cache_peer_access proxy.mdcc-fun.de allow all never_direct allow all always_direct allow CONNECT http_access allow localhost http_access allow ope_network http_access deny all http_reply_access allow all icp_access allow all always_direct allow from_havp never_direct allow all cache_dir aufs /var/cache/squid3 812 16 256 maximum_object_size 32768 KB coredump_dir /var/spool/squid3 shutdown_lifetime 5 seconds half_closed_clients off pipeline_prefetch on hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY no_cache deny localhost no_cache deny CONNECT no_cache allow all refresh_pattern -i \.(jpe?g|gif|png|ico)$ 43200 100% 43200 refresh_pattern -i \.(zip|rar|arj|cab|exe)$ 43200 100% 43200 refresh_pattern windowsupdate.com/.*\.(cab|exe)$ 43200 100% 43200 refresh_pattern download.microsoft.com/.*\.(cab|exe)$ 43200 100% 43200 refresh_pattern -i \.(cgi|asp|php|fcgi)$ 0 20% 60 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 request_header_access Via deny all request_header_access X-Forwarded-For deny all request_header_access Cache-Control deny all request_header_access Keep-Alive deny all request_header_access User-Agent deny all reply_header_access From deny all reply_header_access Referer deny all reply_header_access Server deny all reply_header_access User-Agent deny all reply_header_access WWW-Authenticate deny all reply_header_access Link deny all header_replace User-Agent Mozilla/5.0 Thanks Olaf |
Author: | hege [ 12 Nov 2006 22:23 ] |
Post subject: | |
If you download it manually and run clamscan, you will see the same error. It has some strange format, so clamav fails. You can just whitelist it or unset FAILSCANERROR. |
Author: | olaf [ 13 Nov 2006 20:54 ] |
Post subject: | |
hege wrote: If you download it manually and run clamscan, you will see the same error. It has some strange format, so clamav fails.
You can just whitelist it or unset FAILSCANERROR. Mmh: Code: $ clamscan qt4ds-src-2006.1.0.0RC2c.zip LibClamAV Warning: ******************************************************** LibClamAV Warning: *** This version of the ClamAV engine is outdated. *** LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/faq.html *** LibClamAV Warning: ******************************************************** qt4ds-src-2006.1.0.0RC2c.zip: Zip module failure ----------- SCAN SUMMARY ----------- Known viruses: 76703 Engine version: 0.88.5 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 1.58 MB Time: 4.047 sec (0 m 4 s) $ unzip -t qt4ds-src-2006.1.0.0RC2c.zip |tail -n 1 No errors detected in compressed data of qt4ds-src-2006.1.0.0RC2c.zip. and: Code: $ clamscan --unzip=unzip qt4ds-src-2006.1.0.0RC2c.zip |tail -n10
LibClamAV Warning: ******************************************************** LibClamAV Warning: *** This version of the ClamAV engine is outdated. *** LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/faq.html *** LibClamAV Warning: ******************************************************** /usr/src/qt4ds-src-2006.1.0.0RC2c.zip: OK ----------- SCAN SUMMARY ----------- Known viruses: 76703 Engine version: 0.88.5 Scanned directories: 45 Scanned files: 344 Infected files: 0 Data scanned: 2.71 MB Time: 6.706 sec (0 m 6 s) Any ideas how to use this command line option? Thanks Olaf |
Author: | hege [ 13 Nov 2006 21:00 ] |
Post subject: | |
olaf wrote: $ clamscan --unzip=unzip qt4ds-src-2006.1.0.0RC2c.zip |tail -n10
Any ideas how to use this command line option? Unfortunately no.. It wouldn't be very efficient to call unzip from HAVP. |
Page 1 of 1 | All times are UTC + 2 hours [ DST ] |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |