HTTP Anti-Virus Proxy :: View topic - havp[23572]: segfault at 0000000000000010 rip 000000000806a7

uname -a
Linux proxy2 2.6.24-22-server #1 SMP Mon Nov 24 19:14:19 UTC 2008 i686 GNU/Linux
$ cat /etc/*release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=8.04
DISTRIB_CODENAME=hardy
DISTRIB_DESCRIPTION="Ubuntu 8.04.1"

apt-cache showpkg libclamav2
Package: libclamav2
Versions:
0.91.2-3ubuntu2.4 (/var/lib/dpkg/status)
Description Language:
File: /var/lib/dpkg/status
MD5: 4a384f91cea6765e583607a1e4a762d2
Reverse Depends:
Dependencies:
0.91.2-3ubuntu2.4 - libbz2-1.0 (0 (null)) libc6 (2 2.6-1) libgmp3c2 (0 (null)) zlib1g (2 1:1.2.3.3.dfsg-1)
Provides:
0.91.2-3ubuntu2.4 -
Reverse Provides:

cd /opt/install/havp-0.90
make clean
./configure --enable-ssl-tunnel --with-scanner=libclamav
make

Another question is and this is more important for me, how many nic's (network cards) are you using on your server for making the connections and how is configured squid with havp ( client->squid->havp->internet, or client->havp->squid->internet)?
I hope, you're using more then one nic!

with only one NIC (currently)

Author:	karesmakro [ 20 Jan 2009 10:03 ]
Post subject:	Re: havp[23572]: segfault at 0000000000000010 rip 000000000806a7
I can't loose the thought, that your hardware or your system makes this problems! I compiled havp on very much different architectures/systems and never had problems! But i make thoughts again, to find out, why your havp makes this problems. Did you compiled your kernel by yourself (perhaps changed the timer frequency?) If you compiled clamav whithout any prefix and is installed in /usr/local, did you changed your ld.so.conf? (But can't be the reason of this problem.)

Author:	boran [ 20 Jan 2009 11:50 ]
Post subject:	Re: havp[23572]: segfault at 0000000000000010 rip 000000000806a7
I'm using a standard 8.04 server with its clam libraries. The only thing I've compiled is havp. Quote: uname -a Linux proxy2 2.6.24-22-server #1 SMP Mon Nov 24 19:14:19 UTC 2008 i686 GNU/Linux $ cat /etc/release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=8.04 DISTRIB_CODENAME=hardy DISTRIB_DESCRIPTION="Ubuntu 8.04.1" clam version: Quote:* apt-cache showpkg libclamav2 Package: libclamav2 Versions: 0.91.2-3ubuntu2.4 (/var/lib/dpkg/status) Description Language: File: /var/lib/dpkg/status MD5: 4a384f91cea6765e583607a1e4a762d2 Reverse Depends: Dependencies: 0.91.2-3ubuntu2.4 - libbz2-1.0 (0 (null)) libc6 (2 2.6-1) libgmp3c2 (0 (null)) zlib1g (2 1:1.2.3.3.dfsg-1) Provides: 0.91.2-3ubuntu2.4 - Reverse Provides: When compiling, the following arguments are used: Quote: cd /opt/install/havp-0.90 make clean ./configure --enable-ssl-tunnel --with-scanner=libclamav make Thanks for your patience.

Author:	karesmakro [ 20 Jan 2009 21:29 ]
Post subject:	Re: havp[23572]: segfault at 0000000000000010 rip 000000000806a7
Quote: 0.91.2-3ubuntu2.4 at first, wy this version? I thought, you made a compile of the new clamav 0.94.2! Another question is and this is more important for me, how many nic's (network cards) are you using on your server for making the connections and how is configured squid with havp ( client->squid->havp->internet, or client->havp->squid->internet)? I hope, you're using more then one nic! If so, please make a backup of the clamav and freshclam init scripts, and uninstall the ubuntu-clamav. Add the user and group of clamav with group- and useradd again, because they'll be deleted by uninstalling the ubuntu clamav-package. Download the new clamav-0.94.2 package and untar it in, e.g. /opt. Compile it with following options: Code: ./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --libdir=/usr/lib --with-dbdir=/var/lib/clamav --with-user=clamav --with-group=clamav Code: make make install ldconfig Copy back your init scripts and reconfigure the startup scripts: Code: update-rc clamav defaults 80 Then make your options in /etc/clamd.conf and start the services. Don't forget to recompile havp after you installed clamav!

Author:	boran [ 20 Jan 2009 23:46 ]
Post subject:	Re: havp[23572]: segfault at 0000000000000010 rip 000000000806a7
Thanks for the highly precise instructions. I've done it on one proxy and will get back. Quote: Another question is and this is more important for me, how many nic's (network cards) are you using on your server for making the connections and how is configured squid with havp ( client->squid->havp->internet, or client->havp->squid->internet)? I hope, you're using more then one nic! I have client->squid->havp->internet, with only one NIC (currently). But I have two virtual IPs on that NIC. Performance is not a problem, so I went back to just one NIC, and it simplifies operations.

Author:	karesmakro [ 21 Jan 2009 00:14 ]
Post subject:	Re: havp[23572]: segfault at 0000000000000010 rip 000000000806a7
Quote: with only one NIC (currently) This is the whole reason, why you get segfaults! And believe me, this was my first thought, but i assumed your system was configured correctly o.k. your steps are at first to buy a second nic and then compile clamav and havp. And the problems are gone ....

HTTP Anti-Virus Proxy http://havp.hege.li/forum/

havp[23572]: segfault at 0000000000000010 rip 000000000806a7 http://havp.hege.li/forum/viewtopic.php?f=3&t=300	Page 2 of 2

Author:	boran [ 21 Jan 2009 00:21 ]
Post subject:	Re: havp[23572]: segfault at 0000000000000010 rip 000000000806a7
Er, why are two nics important?

Author:	karesmakro [ 21 Jan 2009 00:36 ]
Post subject:	Re: havp[23572]: segfault at 0000000000000010 rip 000000000806a7
Can't say an exactly reason for this problem (memory leaks, kernel mismatch ...). You find an answer on very much sites. Please try at google! If you're using only one nic, then this is a very highly secret problem for you network !!! It's very important to know, that networks/subnets always must be seperated physically!

Author:	karesmakro [ 21 Jan 2009 11:13 ]
Post subject:	Re: havp[23572]: segfault at 0000000000000010 rip 000000000806a7
Code: Can't say an exactly reason for this problem That's not really true. Make a thought about your network configuration! Input and output requests are all made over one nic. This means, all traffic from internet and from locally network is running over one cable. I think that over 70 percents of your packets are martian sources(missrouted packets). If you would have installed a firewall on your system, you would see this failures. One security error and the attacker have full access to your locally network!!! Please change this as fast you can do this!

Author:	boran [ 21 Jan 2009 12:52 ]
Post subject:	Re: havp[23572]: segfault at 0000000000000010 rip 000000000806a7
The proxy is in a DMZ with two routers and two firewalls, one pointing inside, one outside. The routing is cleary defined with static routes used to the internal network, and the default to the outside FW/router. The proxy cannot be reached from the outside except for reply packets to a valid outgong http session. The firewall protect against spoofing too. So I don't see the problem?

Author:	karesmakro [ 23 Jan 2009 14:34 ]
Post subject:	Re: havp[23572]: segfault at 0000000000000010 rip 000000000806a7
Perhaps this is secure enough, can't say it for sure! My privilege is always to seperate the subnets physically. Once i tried to make a similar concept with a virtual network address (vlan), because a new feature called "p3scan" should be installed on a server and there was no second nic present and i wasn't on the spot. This concept worked for a few hours. After that i got errors like "service terminated" and so on. My expirience was, all services which are filters/proxy should be seperated (at least the local- and internet area) by nic's. So there was no problems with two locally addresses over vlan.

Author:	boran [ 23 Jan 2009 14:42 ]
Post subject:	Re: havp[23572]: segfault at 0000000000000010 rip 000000000806a7
Well, for the last 10 years I've not needed it My segfaults are continuing though, so I may think of a way to use 2 nics.

Page 2 of 2	All times are UTC + 2 hours [ DST ]
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/