HTTP Anti-Virus Proxy http://havp.hege.li/forum/ |
|
havp don't pass eicar http://havp.hege.li/forum/viewtopic.php?f=3&t=325 |
Page 1 of 1 |
Author: | fice [ 24 Jan 2008 15:41 ] |
Post subject: | havp don't pass eicar |
Hello all. I try to make next system switching our proxy from Win to Linux: user --> squid1 --> havp --> squid2 --> our Win proxy --> Internet. But i have a problem with it When i tried this link: http://www.eicar.org/download/eicar.com.txt i have a page with Quote: HAVP - Access Denied
Access to the page has been denied because the following virus was detected ClamAV: Eicar-Test-Signature But when i try this link: http://www.eicar.org/download/eicar.com havp skiped this file as a normal file and no reporting about virus. squid.conf Code: http_port proxy:3128 http_port 127.0.0.1:8080 icp_port 0 htcp_port 0 cache_mem 50 MB cache_mgr tssv@vrnges.ru cache_dir ufs /var/cache/squid 10000 32 512 cache_peer 127.0.0.1 parent 6666 0 proxy-only no-query no-digest no-netdb-exchange default cache_peer 192.168.101.136 parent 3128 0 proxy-only login=proxy-test:test default offline_mode off maximum_object_size 102400 KB reload_into_ims off pipeline_prefetch on access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl my_network src 192.168.101.0/255.255.255.0 acl all src 0.0.0.0/0.0.0.0 acl from_havp myport 8080 http_access allow my_network http_access allow manager localhost http_access deny manager http_access allow from_havp localhost http_access deny from_havp all http_access allow localhost http_access deny all acl QUERY urlpath_regex cgi-bin \? acl CONNECT method CONNECT no_cache deny QUERY no_cache deny localhost no_cache deny CONNECT no_cache allow all http_reply_access allow all icp_access allow all never_direct allow all shutdown_lifetime 5 seconds half_closed_clients off hierarchy_stoplist cgi-bin ? cache_peer_access 127.0.0.1 deny from_havp cache_peer_access 127.0.0.1 allow all havp.config Code: USER havp GROUP havp PIDFILE /var/run/havp/havp.pid SERVERNUMBER 16 MAXSERVERS 100 ACCESSLOG /var/log/havp/access.log ERRORLOG /var/log/havp/havp.log LOG_OKS true LOGLEVEL 9 SCANTEMPFILE /var/tmp/havp/havp-XXXXXX TEMPDIR /tmp DBRELOAD 60 PARENTPROXY 127.0.0.1 PARENTPORT 8080 PORT 6666 BIND_ADDRESS 127.0.0.1 WHITELISTFIRST true WHITELIST /etc/havp/whitelist BLACKLIST /etc/havp/blacklist FAILSCANERROR true SCANIMAGES true MAXSCANSIZE 1000000 STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS ENABLECLAMLIB true CLAMDBDIR /var/lib/clamav CLAMBLOCKENCRYPTED false CLAMBLOCKMAX false ENABLECLAMD false ENABLEFPROT false ENABLEAVG false ENABLEAVESERVER false ENABLESOPHIE false ENABLETROPHIE false ENABLENOD32 false ENABLEAVAST false squid access.log on http://www.eicar.org/download/eicar.com.txt Code: 1201177286.418 233 127.0.0.1 TCP_MISS/200 567 GET http://www.eicar.org/download/eicar.com.txt - DEFAULT_PARENT/192.168.101.136 text/plain 1201177286.419 235 192.168.101.73 TCP_MISS/200 1361 GET http://www.eicar.org/download/eicar.com.txt - DEFAULT_PARENT/127.0.0.1 text/html 1201177290.346 4161 127.0.0.1 TCP_MISS/404 181 GET http://192.168.101.136:3128/squid-internal-periodic/store_digest - DEFAULT_PARENT/192.168.101.136 - havp access.log on http://www.eicar.org/download/eicar.com.txt Code: 24/01/2008 15:21:26 127.0.0.1 GET 200 http://www.eicar.org/download/eicar.com.txt 497+68 VIRUS ClamAV: Eicar-Test-Signature 24/01/2008 15:21:30 127.0.0.1 GET 404 http://192.168.101.136:3128/squid-internal-periodic/store_digest 179+0 OK squid access.log on http://www.eicar.org/download/eicar.com Code: 1201177418.869 10 192.168.101.73 TCP_HIT/200 594 GET http://www.eicar.org/download/eicar.com - NONE/- application/x-msdos-program
and havp access.log on http://www.eicar.org/download/eicar.com is empty. What's wrong in my system ? P.S. Finally our Win proxy in chain will be changed on ISP proxy. |
Author: | fice [ 30 Jan 2008 14:29 ] |
Post subject: | |
so, do you have any ideas ? |
Author: | hege [ 30 Jan 2008 19:57 ] |
Post subject: | |
TCP_HIT/200 It is coming from your first Squid cache, not through HAVP. Try emptying it, maybe it was there before your new config. |
Author: | fice [ 31 Jan 2008 08:49 ] |
Post subject: | |
thanks a lot, i'm really noob |
Page 1 of 1 | All times are UTC + 2 hours [ DST ] |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |