HTTP Anti-Virus Proxy http://havp.hege.li/forum/ |
|
HAVP + squid + debian http://havp.hege.li/forum/viewtopic.php?f=3&t=200 |
Page 1 of 1 |
Author: | ikke [ 19 Jan 2007 02:17 ] |
Post subject: | HAVP + squid + debian |
hi.... I compiled havp 0.83 on debian etch with libclamav when I run the havp comand I get this message: Code: debian:/home/zxqv/havp-0.83# havp Starting HAVP Version: 0.83 Filesystem not supporting mandatory locks! On Linux, you need to mount filesystem with "-o mand" Exiting.. I created USER havp and GROUP havp I also tried to enable squid+havp scanning if someone could point me in the right direction your help would be much appreciated my havp.config file is: Code: #
# This is the configuration file for HAVP # # All lines starting with a hash (#) or empty lines are ignored. # Uncomment parameters you want to change! # # All parameters configurable in this file are explained and their default # values are shown. If no default value is defined "NONE" is specified. # # General syntax: Parameter Value # Value can be: true/false, number, or path # # Extra spaces and tabs are ignored. # # You must remove this line for HAVP to start. # This makes sure you have (hopefully) reviewed the configuration. :) # Hint: You must enable some scanner! Find them in the end.. # # For reasons of security it is recommended to run a proxy program # without root rights. It is recommended to create user that is not # used by any other program. # # Default: USER havp GROUP havp # If this is true HAVP is running as daemon in background. # For testing you may run HAVP at your text console. # # Default: DAEMON true # # Process id (PID) of the main HAVP process is written to this file. # Be sure that it is writeable by the user under which HAVP is running. # /etc/init.d/havp script requires this to work. # # Default: # PIDFILE /var/run/havp/havp.pid # # For performance reasons several instances of HAVP have to run. # Specify how many servers (child processes) are simultaneously # listening on port PORT for a connection. Minimum value should be # the peak requests-per-second expected + 5 for headroom. # # For single user home use, 8 should be minimum. # For 500 users corporate use, start at 40. # # Value can and should be higher than recommended. Memory and # CPU usage is only affected by the number of concurrent requests. # # More childs are automatically created when needed, up to MAXSERVERS. # # Default: # SERVERNUMBER 8 # MAXSERVERS 100 # # Files where to log requests and info/errors. # Needs to have write permission for HAVP user. # # Default: # ACCESSLOG /var/log/havp/access.log # ERRORLOG /var/log/havp/havp.log # # Syslog can be used instead of logging to file. # For facilities and levels, see "man syslog". # # Default: # USESYSLOG false # SYSLOGNAME havp # SYSLOGFACILITY daemon # SYSLOGLEVEL info # # true: Log every request to access log # false: Log only viruses to access log # # Default: # LOG_OKS true # # Level of HAVP logging # 0 = Only serious errors and information # 1 = Less interesting information is included # # Default: LOGLEVEL 0 # # Temporary scan file. # This file must reside on a partition for which mandatory # locking is enabled. For Linux, use "-o mand" in mount command. # See "man mount" for details. Solaris does not need any special # steps, it works directly. # # Specify absolute path to a file which name must contain "XXXXXX". # These characters are used by system to create unique named files. # # Default: # SCANTEMPFILE /var/tmp/havp/havp-XXXXXX # # Directory for ClamAV and other scanner created tempfiles. # Needs to be writable by HAVP user. Use ramdisk for best performance. # # Default: TEMPDIR /var/tmp # # HAVP reloads scanners virus database by receiving a signal # (send SIGHUP to PID from PIDFILE, see "man kill") or after # a specified period of time. Specify here the number of # minutes to wait for reloading. # # This only affects library scanners (clamlib, trophie). # Other scanners must be updated manually. # # Default: # DBRELOAD 60 # # Run HAVP as transparent Proxy? # # If you don't know what this means read the mini-howto # TransparentProxy written by Daniel Kiracofe. # (e.g.: http://www.tldp.org/HOWTO/mini/TransparentProxy.html) # Definitely you have more to do than setting this to true. # You are warned! # # Default: # TRANSPARENT false # # Specify a parent proxy (e.g. Squid) HAVP should use. # # Default: NONE PARENTPROXY localhost PARENTPORT 3128 # # Write X-Forwarded-For: to log instead of connecters IP? # # If HAVP is used as parent proxy by some other proxy, this allows # to write the real users IP to log, instead of proxy IP. # # Default: FORWARDED_IP false # # Send X-Forwarded-For: header to servers? # # If client sent this header, FORWARDED_IP setting defines the value, # then it is passed on. You might want to keep this disabled for security # reasons. Enable this if you use your own parent proxy after HAVP, so it # will see the original client IP. # # Default: X_FORWARDED_FOR false # # Port HAVP is listening on. # # Default: PORT 8080 # # IP address that HAVP listens on. # Let it be undefined to bind all addresses. # # Default: NONE BIND_ADDRESS 127.0.0.1 # # IP address used for sending outbound packets. # Let it be undefined if you want OS to handle right address. # # Default: NONE # SOURCE_ADDRESS 1.2.3.4 # # Path to template files. # # Default: # TEMPLATEPATH /usr/local/etc/havp/templates/en # # Set to true if you want to prefer Whitelist. # If URL is Whitelisted, then Blacklist is ignored. # Otherwise Blacklist is preferred. # # Default: # WHITELISTFIRST true # # List of URLs not to scan. # # Default: # WHITELIST /usr/local/etc/havp/whitelist # # List of URLs that are denied access. # # Default: # BLACKLIST /usr/local/etc/havp/blacklist # # Is scanner error fatal? # # For example, archive types that are not supported by scanner # may return error. Also if scanner has invalid pattern files etc. # # true: User gets error page # false: No error is reported (viruses might not be detected) # # Default: # FAILSCANERROR true # # When scanning takes longer than this, it will be aborted. # Timer is started after HAVP has fully received all data. # If set too low, complex files/archives might produce timeout. # Timeout is always a fatal error regardless of FAILSCANERROR. # # Time in minutes! # # Default: # SCANNERTIMEOUT 10 # # Allow HTTP Range requests? # # false: Broken downloads can NOT be resumed # true: Broken downloads can be resumed # # Allowing Range is a security risk, because partial # HTTP requests may not be properly scanned. # # Whitelisted sites are allowed to use Range in any case. # # Default: # RANGE false # # If you really need more performance, you can disable scanning of # JPG, GIF and PNG files. These are probably the most common files # around, so it will save lots of CPU. But be warned, image exploits # exist and more could be found. Think twice if you want to disable! # # Default: # SCANIMAGES true # # Temporary file will grow only up to this size. This means scanner # will scan data until this limit is reached. # # NOTE: Setting limit is a security risk, because some archives like # ZIP need all the data to be scanned properly! Use this only if you # can't afford temporary space for big files. Also scanner settings # will affect how many files will be scanned inside an archive etc. # # VALUE IN BYTES NOT KB OR MB!!!! # 0 = No size limit # # Default: MAXSCANSIZE 0 # # Amount of data going to browser that is held back, until it # is scanned. When we know file is clean, this held back data # can be sent to browser. You can safely set bigger value, only # thing you will notice is some "delay" in beginning of download. # Virus found in files bigger than this might not produce HAVP # error page, but result in a "broken" download. # # VALUE IN BYTES NOT KB OR MB!!!! # # Default: # KEEPBACKBUFFER 200000 # # This setting complements KEEPBACKBUFFER. It tells how many Seconds to # initially receive data from server, before sending anything to client. # Even trickling is not done before this time elapses. This way files that # are received fast are more secure and user can get virus report page for # files bigger than KEEPBACKBUFFER. # # Setting to 0 will disable this, and only KEEPBACKBUFFER is used. # # Default: # KEEPBACKTIME 5 # # After Trickling Time (seconds), some bytes are sent to browser # to keep the connection alive. Trickling is not needed if timeouts # are not expected for files smaller than KEEPBACKBUFFER, but it is # recommended to set anyway. # # 0 = No Trickling # # Default: # TRICKLING 30 # # Downloads larger than MAXDOWNLOADSIZE will be blocked. # Only if not Whitelisted! # # VALUE IN BYTES NOT KB OR MB!!!! # 0 = Unlimited Downloads # # Default: MAXDOWNLOADSIZE 0 # # Space separated list of strings to partially match User-Agent: header. # These are used for streaming content, so scanning is generally not needed # and tempfiles grow unnecessary. Remember when enabled, that user could # fake header and pass some scanning. HTTP Range requests are allowed for # these, so players can seek content. # # You can uncomment here a list of most popular players. # # Default: NONE # STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS # # Bytes to scan from beginning of streams. # When set to 0, STREAMUSERAGENT scanning will be completely disabled. # It is not recommended as there are some exploits for players. # # Default: # STREAMSCANSIZE 20000 ##### ##### ClamAV Library Scanner (libclamav) ##### ENABLECLAMLIB false # HAVP uses libclamav hardcoded pattern directory, which usually is # /usr/local/share/clamav. You only need to set CLAMDBDIR, if you are # using non-default DatabaseDirectory setting in clamd.conf. # # Default: NONE # CLAMDBDIR /path/to/directory # Should we block encrypted archives? # # Default: CLAMBLOCKENCRYPTED false # Should we block files that go over maximum archive limits? # # Default: CLAMBLOCKMAX false # Scanning limits inside archives (filesize = MB): # # Default: # CLAMMAXFILES 1000 # CLAMMAXFILESIZE 10 # CLAMMAXRECURSION 8 # CLAMMAXRATIO 250 ##### ##### ClamAV Socket Scanner (clamd) ##### ##### NOTE: ClamAV Library Scanner should be preferred (less overhead) ##### ENABLECLAMD false # Path to clamd socket # # Default: # CLAMDSOCKET /tmp/clamd # ..OR if you use clamd TCP socket, uncomment to enable use # # Clamd daemon needs to run on the same server as HAVP # # Default: NONE # CLAMDSERVER 127.0.0.1 # CLAMDPORT 3310 ##### ##### F-Prot Socket Scanner ##### ENABLEFPROT false # F-Prot daemon needs to run on same server as HAVP # # Default: # FPROTSERVER 127.0.0.1 # FPROTPORT 10200 ##### ##### AVG Socket Scanner ##### ENABLEAVG false # AVG daemon needs to run on the same server as HAVP # # Default: # AVGSERVER 127.0.0.1 # AVGPORT 55555 ##### ##### Kaspersky Socket Scanner ##### ENABLEAVESERVER false # Path to aveserver socket # # Default: # AVESOCKET /var/run/aveserver ##### ##### Sophos Scanner (Sophie) ##### ENABLESOPHIE false # Path to sophie socket # # Default: # SOPHIESOCKET /var/run/sophie ##### ##### Trend Micro Library Scanner (Trophie) ##### ENABLETROPHIE false # Scanning limits inside archives (filesize = MB): # # Default: # TROPHIEMAXFILES 1000 # TROPHIEMAXFILESIZE 10 # TROPHIEMAXRATIO 250 ##### ##### NOD32 Socket Scanner ##### ENABLENOD32 false # Path to nod32d socket # # Default: # NOD32SOCKET /tmp/nod32d.sock ##### ##### Avast! Socket Scanner ##### ENABLEAVAST false # Path to avastd socket # # Default: # AVASTSOCKET /var/run/avast4/local.sock # ..OR if you use avastd TCP socket, uncomment to enable use # # Avast daemon needs to run on the same server as HAVP # # Default: NONE # AVASTSERVER 127.0.0.1 # AVASTPORT 5036 Thanks in advance ikke.... |
Author: | hege [ 19 Jan 2007 09:29 ] |
Post subject: | |
Please read the INSTALL file. I don't know how much more describing it could be. |
Author: | ikke [ 19 Jan 2007 15:56 ] |
Post subject: | |
thanks for the tip I mounted the patition and enabled the scanner Code: vi /var/log/havp/havp.log
19/01/2007 11:38:21 === Starting HAVP Version: 0.83 19/01/2007 11:38:21 Change to user havp 19/01/2007 11:38:21 Change to group havp 19/01/2007 11:38:21 Use parent proxy: localhost 3128 19/01/2007 11:38:21 --- Initializing ClamAV Library Scanner 19/01/2007 11:38:21 ClamAV: Using database directory: /var/lib/clamav/ 19/01/2007 11:38:24 ClamAV: Loaded 87257 signatures (engine 0.88.7) 19/01/2007 11:38:24 ClamAV Library Scanner passed EICAR virus test (Eicar-Test-Signature) 19/01/2007 11:38:24 --- All scanners initialized 19/01/2007 11:38:24 Can not write to PIDFILE! 19/01/2007 11:38:24 Process ID: 4509 how should I configure squid to carry HAVP squid listens on port 3128 Thanks in advance.....ikke |
Page 1 of 1 | All times are UTC + 2 hours [ DST ] |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |