HTTP Anti-Virus Proxy

I can't loose the thought, that your hardware or your system makes this problems! I compiled havp on very much different architectures/systems and never had problems!
But i make thoughts again, to find out, why your havp makes this problems.
Did you compiled your kernel by yourself (perhaps changed the timer frequency?)
If you compiled clamav whithout any prefix and is installed in /usr/local, did you changed your ld.so.conf? (But can't be the reason of this problem.)

I'm using a standard 8.04 server with its clam libraries. The only thing I've compiled is havp.



clam version:


When compiling, the following arguments are used:


Thanks for your patience.

at first, wy this version?
I thought, you made a compile of the new clamav 0.94.2!

Another question is and this is more important for me, how many nic's (network cards) are you using on your server for making the connections and how is configured squid with havp ( client->squid->havp->internet, or client->havp->squid->internet)?
I hope, you're using more then one nic!

If so, please make a backup of the clamav and freshclam init scripts, and uninstall the ubuntu-clamav. Add the user and group of clamav with group- and useradd again, because they'll be deleted by uninstalling the ubuntu clamav-package.
Download the new clamav-0.94.2 package and untar it in, e.g. /opt. Compile it with following options:


Copy back your init scripts and reconfigure the startup scripts:

Then make your options in /etc/clamd.conf and start the services.

Don't forget to recompile havp after you installed clamav!

Thanks for the highly precise instructions. I've done it on one proxy and will get back.

I have client->squid->havp->internet, with only one NIC (currently).
But I have two virtual IPs on that NIC.

Performance is not a problem, so I went back to just one NIC, and it simplifies operations.

This is the whole reason, why you get segfaults!
And believe me, this was my first thought, but i assumed your system was configured correctly

o.k.
your steps are at first to buy a second nic and then compile clamav and havp. And the problems are gone ....

Er, why are two nics important?

Can't say an exactly reason for this problem (memory leaks, kernel mismatch ...). You find an answer on very much sites. Please try at google!

If you're using only one nic, then this is a very highly secret problem for you network !!!

It's very important to know, that networks/subnets always must be seperated physically!

That's not really true.

Make a thought about your network configuration! Input and output requests are all made over one nic. This means, all traffic from internet and from locally network is running over one cable. I think that over 70 percents of your packets are martian sources(missrouted packets).
If you would have installed a firewall on your system, you would see this failures.
One security error and the attacker have full access to your locally network!!!
Please change this as fast you can do this!

The proxy is in a DMZ with two routers and two firewalls, one pointing inside, one outside.
The routing is cleary defined with static routes used to the internal network, and the default to the outside FW/router.

The proxy cannot be reached from the outside except for reply packets to a valid outgong http session. The firewall protect against spoofing too.

So I don't see the problem?

Perhaps this is secure enough, can't say it for sure! My privilege is always to seperate the subnets physically.
Once i tried to make a similar concept with a virtual network address (vlan), because a new feature called "p3scan" should be installed on a server and there was no second nic present and i wasn't on the spot.
This concept worked for a few hours. After that i got errors like "service terminated" and so on.
My expirience was, all services which are filters/proxy should be seperated (at least the local- and internet area) by nic's.
So there was no problems with two locally addresses over vlan.

Well, for the last 10 years I've not needed it

My segfaults are continuing though, so I may think of a way to use 2 nics.