HTTP Anti-Virus Proxy http://havp.hege.li/forum/ |
|
more scanners failed to initialize http://havp.hege.li/forum/viewtopic.php?f=3&t=316 |
Page 1 of 1 |
Author: | Phenix_phr [ 11 Dec 2007 18:07 ] |
Post subject: | more scanners failed to initialize |
Hello, I have a problem with HAVP and Clamav. When i try to start HAVP, i have this message : Starting HAVP ... Starting HAVP Version: 0.86 One or more scanners failed to initialize! Check errorlog for errors. Exiting.. ..... i try to mount with mount -t ramfs -o mand,noatime,async /dev/ram0 /var/tmp/havp or mount -t tmpfs -o mand,noatime,async /dev/shm /var/tmp/havp and same # mkdir /var/tmp/havp # dd if=/dev/zero of=/tmp/disk30M bs=1024k count=30 30+0 enregistrements lus. 30+0 enregistrements écrits. # mke2fs /tmp/disk30M mke2fs 1.35 (28-Feb-2004) /tmp/disk30M is not a block special device. Proceed anyway? (y,n) y # mount -t ext2 -o loop,mand,noatime,async /tmp/disk30M /var/tmp/havp but always the same error..... My server is a ubuntu 7.04.... Please help me .... |
Author: | hege [ 11 Dec 2007 20:33 ] |
Post subject: | |
"Check errorlog for errors." Please output here what error.log says. |
Author: | Phenix_phr [ 12 Dec 2007 13:06 ] |
Post subject: | |
HAVP.LOG 11/12/2007 17:02:40 === Starting HAVP Version: 0.86 11/12/2007 17:02:40 Change to user root 11/12/2007 17:02:40 Change to group root 11/12/2007 17:02:40 Use parent proxy: localhost 3128 11/12/2007 17:02:40 ERROR: No scanners are enabled in config! root is my last try.... |
Author: | hege [ 12 Dec 2007 13:09 ] |
Post subject: | |
"No scanners are enabled in config!" You don't seem to have any scanners enabled in havp.config. See the file through carefully. |
Author: | Phenix_phr [ 12 Dec 2007 13:20 ] |
Post subject: | |
# # This is the configuration file for HAVP # # All lines starting with a hash (#) or empty lines are ignored. # Uncomment parameters you want to change! # # All parameters configurable in this file are explained and their default # values are shown. If no default value is defined "NONE" is specified. # # General syntax: Parameter Value # Value can be: true/false, number, or path # # Extra spaces and tabs are ignored. # # You must remove this line for HAVP to start. # This makes sure you have (hopefully) reviewed the configuration. # Hint: You must enable some scanner! Find them in the end.. #REMOVETHISLINE deleteme # # For reasons of security it is recommended to run a proxy program # without root rights. It is recommended to create user that is not # used by any other program. # # Default: USER root GROUP root # If this is true HAVP is running as daemon in background. # For testing you may run HAVP at your text console. # # Default: # DAEMON true # # Process id (PID) of the main HAVP process is written to this file. # Be sure that it is writeable by the user under which HAVP is running. # /etc/init.d/havp script requires this to work. # # Default: PIDFILE /var/run/havp.pid # # For performance reasons several instances of HAVP have to run. # Specify how many servers (child processes) are simultaneously # listening on port PORT for a connection. Minimum value should be # the peak requests-per-second expected + 5 for headroom. # # For single user home use, 8 should be minimum. # For 500 users corporate use, start at 40. # # Value can and should be higher than recommended. Memory and # CPU usage is only affected by the number of concurrent requests. # # More childs are automatically created when needed, up to MAXSERVERS. # # Default: # SERVERNUMBER 8 # MAXSERVERS 100 # # Files where to log requests and info/errors. # Needs to have write permission for HAVP user. # # Default: ACCESSLOG /var/log/havp/access.log ERRORLOG /var/log/havp/havp.log # # Syslog can be used instead of logging to file. # For facilities and levels, see "man syslog". # # Default: # USESYSLOG false # SYSLOGNAME havp # SYSLOGFACILITY daemon # SYSLOGLEVEL info # # true: Log every request to access log # false: Log only viruses to access log # # Default: # LOG_OKS true # # Level of HAVP logging # 0 = Only serious errors and information # 1 = Less interesting information is included # # Default: # LOGLEVEL 0 # # Temporary scan file. # This file must reside on a partition for which mandatory # locking is enabled. For Linux, use "-o mand" in mount command. # See "man mount" for details. Solaris does not need any special # steps, it works directly. # # Specify absolute path to a file which name must contain "XXXXXX". # These characters are used by system to create unique named files. # # Default: SCANTEMPFILE /var/tmp/havp/havp-XXXXXX #SCANTEMPFILE /home/root/havp/havp-XXXXXX # # Directory for ClamAV and other scanner created tempfiles. # Needs to be writable by HAVP user. Use ramdisk for best performance. # # Default: # TEMPDIR /var/tmp # # HAVP reloads scanners virus database by receiving a signal # (send SIGHUP to PID from PIDFILE, see "man kill") or after # a specified period of time. Specify here the number of # minutes to wait for reloading. # # This only affects library scanners (clamlib, trophie). # Other scanners must be updated manually. # # Default: DBRELOAD 60 # # Run HAVP as transparent Proxy? # # If you don't know what this means read the mini-howto # TransparentProxy written by Daniel Kiracofe. # (e.g.: http://www.tldp.org/HOWTO/mini/TransparentProxy.html) # Definitely you have more to do than setting this to true. # You are warned! # # Default: # TRANSPARENT false # # Specify a parent proxy (e.g. Squid) HAVP should use. # # Default: NONE PARENTPROXY localhost PARENTPORT 3128 # # Write X-Forwarded-For: to log instead of connecters IP? # # If HAVP is used as parent proxy by some other proxy, this allows # to write the real users IP to log, instead of proxy IP. # # Default: # FORWARDED_IP false # # Send X-Forwarded-For: header to servers? # # If client sent this header, FORWARDED_IP setting defines the value, # then it is passed on. You might want to keep this disabled for security # reasons. Enable this if you use your own parent proxy after HAVP, so it # will see the original client IP. # # Default: # X_FORWARDED_FOR false # # Port HAVP is listening on. # # Default: # PORT 8080 # # IP address that HAVP listens on. # Let it be undefined to bind all addresses. # # Default: NONE # BIND_ADDRESS 127.0.0.1 # # IP address used for sending outbound packets. # Let it be undefined if you want OS to handle right address. # # Default: NONE # SOURCE_ADDRESS 1.2.3.4 # # Path to template files. # # Default: # TEMPLATEPATH /usr/local/etc/havp/templates/en # # Set to true if you want to prefer Whitelist. # If URL is Whitelisted, then Blacklist is ignored. # Otherwise Blacklist is preferred. # # Default: # WHITELISTFIRST true # # List of URLs not to scan. # # Default: # WHITELIST /usr/local/etc/havp/whitelist # # List of URLs that are denied access. # # Default: # BLACKLIST /usr/local/etc/havp/blacklist # # Is scanner error fatal? # # For example, archive types that are not supported by scanner # may return error. Also if scanner has invalid pattern files etc. # # true: User gets error page # false: No error is reported (viruses might not be detected) # # Default: # FAILSCANERROR true # # When scanning takes longer than this, it will be aborted. # Timer is started after HAVP has fully received all data. # If set too low, complex files/archives might produce timeout. # Timeout is always a fatal error regardless of FAILSCANERROR. # # Time in minutes! # # Default: # SCANNERTIMEOUT 10 # # Allow HTTP Range requests? # # false: Broken downloads can NOT be resumed # true: Broken downloads can be resumed # # Allowing Range is a security risk, because partial # HTTP requests may not be properly scanned. # # Whitelisted sites are allowed to use Range in any case. # # Default: # RANGE false # # If you really need more performance, you can disable scanning of # JPG, GIF and PNG files. These are probably the most common files # around, so it will save lots of CPU. But be warned, image exploits # exist and more could be found. Think twice if you want to disable! # # Default: # SCANIMAGES true # # Temporary file will grow only up to this size. This means scanner # will scan data until this limit is reached. # # There are two sides to this setting. By limiting the size, you gain # performance, less waiting for big files and less needed temporary space. # But there is slightly higher chance of virus slipping through (though # scanning large archives should not be gateways function, HAVP is more # geared towards small exploit detection etc). # # VALUE IN BYTES NOT KB OR MB!!!! # 0 = No size limit # # Default: # MAXSCANSIZE 5000000 # # Amount of data going to browser that is held back, until it # is scanned. When we know file is clean, this held back data # can be sent to browser. You can safely set bigger value, only # thing you will notice is some "delay" in beginning of download. # Virus found in files bigger than this might not produce HAVP # error page, but result in a "broken" download. # # VALUE IN BYTES NOT KB OR MB!!!! # # Default: # KEEPBACKBUFFER 200000 # # This setting complements KEEPBACKBUFFER. It tells how many Seconds to # initially receive data from server, before sending anything to client. # Even trickling is not done before this time elapses. This way files that # are received fast are more secure and user can get virus report page for # files bigger than KEEPBACKBUFFER. # # Setting to 0 will disable this, and only KEEPBACKBUFFER is used. # # Default: # KEEPBACKTIME 5 # # After Trickling Time (seconds), some bytes are sent to browser # to keep the connection alive. Trickling is not needed if timeouts # are not expected for files smaller than KEEPBACKBUFFER, but it is # recommended to set anyway. # # 0 = No Trickling # # Default: # TRICKLING 30 # # Downloads larger than MAXDOWNLOADSIZE will be blocked. # Only if not Whitelisted! # # VALUE IN BYTES NOT KB OR MB!!!! # 0 = Unlimited Downloads # # Default: # MAXDOWNLOADSIZE 0 # # Space separated list of strings to partially match User-Agent: header. # These are used for streaming content, so scanning is generally not needed # and tempfiles grow unnecessary. Remember when enabled, that user could # fake header and pass some scanning. HTTP Range requests are allowed for # these, so players can seek content. # # You can uncomment here a list of most popular players. # # Default: NONE # STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS # # Bytes to scan from beginning of streams. # When set to 0, STREAMUSERAGENT scanning will be completely disabled. # It is not recommended as there are some exploits for players. # # Default: # STREAMSCANSIZE 20000 # # Whitelist specific viruses by case-insensitive substring match. # For example, "Oversized." and "Encrypted." are good candidates, # if you can't disable those checks any other way. # # Default: NONE # IGNOREVIRUS Oversized. Encrypted. Phishing. ##### ##### ClamAV Library Scanner (libclamav) ##### ENABLECLAMLIB false # HAVP uses libclamav hardcoded pattern directory, which usually is # /usr/local/share/clamav. You only need to set CLAMDBDIR, if you are # using non-default DatabaseDirectory setting in clamd.conf. # # Default: NONE # CLAMDBDIR /path/to/directory # Should we block broken executables? # # Default: # CLAMBLOCKBROKEN false # Should we block encrypted archives? # # Default: # CLAMBLOCKENCRYPTED false # Should we block files that go over maximum archive limits? # # Default: # CLAMBLOCKMAX false # Scanning limits _inside_ archives (filesize = MB): # Read clamd.conf for more info. # # Default: # CLAMMAXFILES 1000 # CLAMMAXFILESIZE 10 # CLAMMAXRECURSION 8 # CLAMMAXRATIO 250 ##### ##### ClamAV Socket Scanner (clamd) ##### ##### NOTE: ClamAV Library Scanner should be preferred (less overhead) ##### ENABLECLAMD false # Path to clamd socket # # Default: # CLAMDSOCKET /tmp/clamd # ..OR if you use clamd TCP socket, uncomment to enable use # # Clamd daemon needs to run on the same server as HAVP # # Default: NONE # CLAMDSERVER 127.0.0.1 # CLAMDPORT 3310 ##### ##### F-Prot Socket Scanner ##### ENABLEFPROT false # F-Prot daemon needs to run on same server as HAVP # # Default: # FPROTSERVER 127.0.0.1 # FPROTPORT 10200 ##### ##### AVG Socket Scanner ##### ENABLEAVG false # AVG daemon needs to run on the same server as HAVP # # Default: # AVGSERVER 127.0.0.1 # AVGPORT 55555 ##### ##### Kaspersky Socket Scanner ##### ENABLEAVESERVER false # Path to aveserver socket # # Default: # AVESOCKET /var/run/aveserver ##### ##### Sophos Scanner (Sophie) ##### ENABLESOPHIE false # Path to sophie socket # # Default: # SOPHIESOCKET /var/run/sophie ##### ##### Trend Micro Library Scanner (Trophie) ##### ENABLETROPHIE false # Scanning limits inside archives (filesize = MB): # # Default: # TROPHIEMAXFILES 1000 # TROPHIEMAXFILESIZE 10 # TROPHIEMAXRATIO 250 ##### ##### NOD32 Socket Scanner ##### ENABLENOD32 false # Path to nod32d socket # # Default: # NOD32SOCKET /tmp/nod32d.sock # Used NOD32 Version # 25 = 2.5+ # 21 = 2.x (try this if 25 doesn't work) # # Default: # NOD32VERSION 25 ##### ##### Avast! Socket Scanner ##### ENABLEAVAST false # Path to avastd socket # # Default: # AVASTSOCKET /var/run/avast4/local.sock # ..OR if you use avastd TCP socket, uncomment to enable use # # Avast daemon needs to run on the same server as HAVP # # Default: NONE # AVASTSERVER 127.0.0.1 # AVASTPORT 5036 ##### ##### Arcavir Socket Scanner ##### ENABLEARCAVIR false # Path to arcavird socket # # Default: # ARCAVIRSOCKET /var/run/arcavird.socket |
Author: | hege [ 12 Dec 2007 13:21 ] |
Post subject: | |
You don't have "ENABLECLAMLIB true" for example. |
Author: | Phenix_phr [ 12 Dec 2007 13:33 ] |
Post subject: | |
All Right !!! Thanks you for your help....... |
Author: | neosys [ 25 May 2009 17:40 ] |
Post subject: | Re: more scanners failed to initialize |
Hi, I run: IPCOP 1.4.2.21 COPFILTER 0.84beta4 HAVP 0.90 CLAMAV 0.95.1/9390 After CLAMAV update from 0.94.2 to 0.95.1 - I can see that the HAVP service would not start... I get this in the error log : 25/05/2009 10:32:41 === Starting HAVP Version: 0.90 25/05/2009 10:32:41 Running as user: havp, group: havp 25/05/2009 10:32:41 ERROR: No scanners are enabled in config! After a little search I tried this fix for the ENABLECLAMLIB. But after restarting the HAVP service I get the same error and the havp-config file is modified back to ENABLECLAMLIB false Any Ideas ? Thanks. |
Author: | karesmakro [ 25 May 2009 20:49 ] |
Post subject: | Re: more scanners failed to initialize |
http://copfilter.endlich-mail.de/viewtopic.php?t=3119 Because of a double post |
Page 1 of 1 | All times are UTC + 2 hours [ DST ] |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |