HTTP Anti-Virus Proxy

Official HAVP Support Forum
Registration disabled, I'm tired of spambots. E-mail havp@hege.li if you have questions.
HAVP project is pretty much frozen/abandoned at this time anyway.
It is currently 22 Jun 2014 09:52

All times are UTC + 2 hours [ DST ]




Post new topic Reply to topic  [ 32 posts ]  Go to page 1, 2, 3  Next
Author Message
PostPosted: 07 May 2008 23:34 
Offline

Joined: 07 May 2008 22:51
Posts: 17
hi

I've installed: havp_0.87-1_i386.deb, clamav und squid3 on debian etch stable,
but I'm getting in /var/log/havp/error.log the following error:
Code:
07/05/2008 22:15:01 === Starting HAVP Version: 0.87
07/05/2008 22:15:01 Running as user: havp, group: havp
07/05/2008 22:15:01 --- Initializing ClamAV Library Scanner
07/05/2008 22:15:01 ClamAV: Using database directory: /var/lib/clamav
07/05/2008 22:15:06 ClamAV: Loaded 277224 signatures (engine 0.92.1)
07/05/2008 22:15:06 ClamAV Library Scanner passed EICAR virus test (Eicar-Test-Signature)
07/05/2008 22:15:06 --- Initializing Clamd Socket Scanner
07/05/2008 22:15:06 Clamd: Could not connect to scanner! Scanner down?
07/05/2008 22:15:06 ERROR: Clamd Socket Scanner failed EICAR virus test! (Could not connect to scanner socket)

my /etc/havp/havp.config:
Code:
#
# This is the configuration file for HAVP
#
# All lines starting with a hash (#) or empty lines are ignored.
# Uncomment parameters you want to change!
#
# All parameters configurable in this file are explained and their default
# values are shown. If no default value is defined "NONE" is specified.
#
# General syntax: Parameter Value
# Value can be: true/false, number, or path
#
# Extra spaces and tabs are ignored.
#

# You must remove this line for HAVP to start.
# This makes sure you have (hopefully) reviewed the configuration. :)
# Hint: You must enable some scanner! Find them in the end..
# REMOVETHISLINE deleteme

#
# For reasons of security it is recommended to run a proxy program
# without root rights. It is recommended to create user that is not
# used by any other program.
#
# Default:
# USER havp
# GROUP havp

# If this is true HAVP is running as daemon in background.
# For testing you may run HAVP at your text console.
#
# Default:
# DAEMON true

#
# Process id (PID) of the main HAVP process is written to this file.
# Be sure that it is writeable by the user under which HAVP is running.
# /etc/init.d/havp script requires this to work.
#
# Default:
# PIDFILE /var/run/havp/havp.pid

#
# For performance reasons several instances of HAVP have to run.
# Specify how many servers (child processes) are simultaneously
# listening on port PORT for a connection. Minimum value should be
# the peak requests-per-second expected + 5 for headroom.
#
# For single user home use, 8 should be minimum.
# For 500 users corporate use, start at 40.
#
# Value can and should be higher than recommended. Memory and
# CPU usage is only affected by the number of concurrent requests.
#
# More childs are automatically created when needed, up to MAXSERVERS.
#
# Default:
# SERVERNUMBER 8
# MAXSERVERS 100

#
# Files where to log requests and info/errors.
# Needs to have write permission for HAVP user.
#
# Default:
# ACCESSLOG /var/log/havp/access.log
# ERRORLOG /var/log/havp/havp.log

#
# Syslog can be used instead of logging to file.
# For facilities and levels, see "man syslog".
#
# Default:
# USESYSLOG false
# SYSLOGNAME havp
# SYSLOGFACILITY daemon
# SYSLOGLEVEL info

#
# true: Log every request to access log
# false: Log only viruses to access log
#
# Default:
# LOG_OKS true

#
# Level of HAVP logging
#  0 = Only serious errors and information
#  1 = Less interesting information is included
#
# Default:
# LOGLEVEL 0

#
# Temporary scan file.
# This file must reside on a partition for which mandatory
# locking is enabled. For Linux, use "-o mand" in mount command.
# See "man mount" for details. Solaris does not need any special
# steps, it works directly.
#
# Specify absolute path to a file which name must contain "XXXXXX".
# These characters are used by system to create unique named files.
#
# Default:
# SCANTEMPFILE /var/spool/havp/havp-XXXXXX

#
# Directory for ClamAV and other scanner created tempfiles.
# Needs to be writable by HAVP user. Use ramdisk for best performance.
#
# Default:
# TEMPDIR /var/tmp

#
# HAVP reloads scanners virus database by receiving a signal
# (send SIGHUP to PID from PIDFILE, see "man kill") or after
# a specified period of time. Specify here the number of
# minutes to wait for reloading.
#
# This only affects library scanners (clamlib, trophie).
# Other scanners must be updated manually.
#
# Default:
# DBRELOAD 60

#
# Run HAVP as transparent Proxy?
#
# If you don't know what this means read the mini-howto
# TransparentProxy written by Daniel Kiracofe.
# (e.g.: http://www.tldp.org/HOWTO/mini/TransparentProxy.html)
# Definitely you have more to do than setting this to true.
# You are warned!
#
# Default:
# TRANSPARENT false

#
# Specify a parent proxy (e.g. Squid) HAVP should use.
#
# Default: NONE
# PARENTPROXY localhost
# PARENTPORT 3128

#
# Write X-Forwarded-For: to log instead of connecters IP?
#
# If HAVP is used as parent proxy by some other proxy, this allows
# to write the real users IP to log, instead of proxy IP.
#
# Default:
# FORWARDED_IP false

#
# Send X-Forwarded-For: header to servers?
#
# If client sent this header, FORWARDED_IP setting defines the value,
# then it is passed on. You might want to keep this disabled for security
# reasons. Enable this if you use your own parent proxy after HAVP, so it
# will see the original client IP.
#
# Disabling this also disables Via: header generation.
#
# Default:
# X_FORWARDED_FOR false

#
# Port HAVP is listening on.
#
# Default:
# PORT 8080

#
# IP address that HAVP listens on.
# Let it be undefined to bind all addresses.
#
# Default: NONE
# BIND_ADDRESS 127.0.0.1

#
# IP address used for sending outbound packets.
# Let it be undefined if you want OS to handle right address.
#
# Default: NONE
# SOURCE_ADDRESS 1.2.3.4

#
# Path to template files.
#
# Default:
# TEMPLATEPATH /etc/havp/templates/en

#
# Set to true if you want to prefer Whitelist.
# If URL is Whitelisted, then Blacklist is ignored.
# Otherwise Blacklist is preferred.
#
# Default:
# WHITELISTFIRST true

#
# List of URLs not to scan.
#
# Default:
# WHITELIST /etc/havp/whitelist

#
# List of URLs that are denied access.
#
# Default:
# BLACKLIST /etc/havp/blacklist

#
# Is scanner error fatal?
#
# For example, archive types that are not supported by scanner
# may return error. Also if scanner has invalid pattern files etc.
#
# true: User gets error page
# false: No error is reported (viruses might not be detected)
#
# Default:
# FAILSCANERROR true

#
# When scanning takes longer than this, it will be aborted.
# Timer is started after HAVP has fully received all data.
# If set too low, complex files/archives might produce timeout.
# Timeout is always a fatal error regardless of FAILSCANERROR.
#
# Time in minutes!
#
# Default:
# SCANNERTIMEOUT 10

#
# Allow HTTP Range requests?
#
# false: Broken downloads can NOT be resumed
# true: Broken downloads can be resumed
#
# Allowing Range is a security risk, because partial
# HTTP requests may not be properly scanned.
#
# Whitelisted sites are allowed to use Range in any case.
#
# Default:
# RANGE false

#
# If you really need more performance, you can disable scanning of
# JPG, GIF and PNG files. These are probably the most common files
# around, so it will save lots of CPU. But be warned, image exploits
# exist and more could be found. Think twice if you want to disable!
#
# Default:
# SCANIMAGES true

#
# Temporary file will grow only up to this size. This means scanner
# will scan data until this limit is reached.
#
# There are two sides to this setting. By limiting the size, you gain
# performance, less waiting for big files and less needed temporary space.
# But there is slightly higher chance of virus slipping through (though
# scanning large archives should not be gateways function, HAVP is more
# geared towards small exploit detection etc).
#
# VALUE IN BYTES NOT KB OR MB!!!!
#  0 = No size limit
#
# Default:
# MAXSCANSIZE 5000000

#
# Amount of data going to browser that is held back, until it
# is scanned. When we know file is clean, this held back data
# can be sent to browser. You can safely set bigger value, only
# thing you will notice is some "delay" in beginning of download.
# Virus found in files bigger than this might not produce HAVP
# error page, but result in a "broken" download.
#
# VALUE IN BYTES NOT KB OR MB!!!!
#
# Default:
# KEEPBACKBUFFER 200000

#
# This setting complements KEEPBACKBUFFER. It tells how many Seconds to
# initially receive data from server, before sending anything to client.
# Even trickling is not done before this time elapses. This way files that
# are received fast are more secure and user can get virus report page for
# files bigger than KEEPBACKBUFFER.
#
# Setting to 0 will disable this, and only KEEPBACKBUFFER is used.
#
# Default:
# KEEPBACKTIME 5

#
# After Trickling Time (seconds), some bytes are sent to browser
# to keep the connection alive. Trickling is not needed if timeouts
# are not expected for files smaller than KEEPBACKBUFFER, but it is
# recommended to set anyway.
#
# 0 = No Trickling
#
# Default:
# TRICKLING 30

#
# Send this many bytes to browser every TRICKLING seconds, see above
#
# Default:
# TRICKLINGBYTES 1

#
# Downloads larger than MAXDOWNLOADSIZE will be blocked.
# Only if not Whitelisted!
#
# VALUE IN BYTES NOT KB OR MB!!!!
#  0 = Unlimited Downloads
#
# Default:
# MAXDOWNLOADSIZE 0

#
# Space separated list of strings to partially match User-Agent: header.
# These are used for streaming content, so scanning is generally not needed
# and tempfiles grow unnecessary. Remember when enabled, that user could
# fake header and pass some scanning. HTTP Range requests are allowed for
# these, so players can seek content.
#
# You can uncomment here a list of most popular players.
#
# Default: NONE
# STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS

#
# Bytes to scan from beginning of streams.
# When set to 0, STREAMUSERAGENT scanning will be completely disabled.
# It is not recommended as there are some exploits for players.
#
# Default:
# STREAMSCANSIZE 20000

#
# Whitelist specific viruses by case-insensitive substring match.
# For example, "Oversized." and "Encrypted." are good candidates,
# if you can't disable those checks any other way.
#
# Default: NONE
# IGNOREVIRUS Oversized. Encrypted. Phishing.


#####
##### ClamAV Library Scanner (libclamav)
#####

ENABLECLAMLIB true

# HAVP uses libclamav hardcoded pattern directory, which usually is
# /usr/share/clamav. You only need to set CLAMDBDIR, if you are
# using non-default DatabaseDirectory setting in clamd.conf.
#
# Default: NONE
# CLAMDBDIR /var/lib/clamav


CLAMDBDIR /var/lib/clamav


# Should we block broken executables?
#
# Default:
# CLAMBLOCKBROKEN false

# Should we block encrypted archives?
#
# Default:
# CLAMBLOCKENCRYPTED false

# Should we block files that go over maximum archive limits?
#
# Default:
# CLAMBLOCKMAX false

# Scanning limits _inside_ archives (filesize = MB):
# Read clamd.conf for more info. Maxfiles is good performance
# setting, by default only first 50 files are scanned.
#
# Default:
# CLAMMAXFILES 50
# CLAMMAXFILESIZE 10
# CLAMMAXRECURSION 8
# CLAMMAXRATIO 250


#####
##### ClamAV Socket Scanner (clamd)
#####
##### NOTE: ClamAV Library Scanner should be preferred (less overhead)
#####

ENABLECLAMD true

# Path to clamd socket
#
# Default:
# CLAMDSOCKET /tmp/clamd


CLAMDSOCKET /tmp/clamd


# ..OR if you use clamd TCP socket, uncomment to enable use
#
# Clamd daemon needs to run on the same server as HAVP
#
# Default: NONE
# CLAMDSERVER 127.0.0.1
# CLAMDPORT 3310


CLAMDSERVER 127.0.0.1
CLAMDPORT 3310


#####
##### F-Prot Socket Scanner
#####

ENABLEFPROT false

# F-Prot daemon needs to run on same server as HAVP
#
# Default:
# FPROTSERVER 127.0.0.1
# FPROTPORT 10200

# F-Prot options (only for version 6+ !)
#
# See "fpscand-client.sh --help" for possible options.
#
# At the moment:
#  --scanlevel=<n>  Which scanlevel to use, 0-4 (2).
#  --heurlevel=<n>  How aggressive heuristics should be used, 0-4 (2).
#  --archive=<n>    Scan inside supported archives n levels deep 1-99 (5).
#  --adware         Instructs the daemon to flag adware.
#  --applications   Instructs the daemon to flag potentially unwanted applications.
#
# Default: NONE
# FPROTOPTIONS --scanlevel=2 --heurlevel=2


#####
##### AVG Socket Scanner
#####

ENABLEAVG false

# AVG daemon needs to run on the same server as HAVP
#
# Default:
# AVGSERVER 127.0.0.1
# AVGPORT 55555


#####
##### Kaspersky Socket Scanner
#####

ENABLEAVESERVER false

# Path to aveserver socket
#
# Default:
# AVESOCKET /var/run/aveserver


#####
##### Sophos Scanner (Sophie)
#####

ENABLESOPHIE false

# Path to sophie socket
#
# Default:
# SOPHIESOCKET /var/run/sophie


#####
##### Trend Micro Library Scanner (Trophie)
#####

ENABLETROPHIE false

# Scanning limits inside archives (filesize = MB):
#
# Default:
# TROPHIEMAXFILES 50
# TROPHIEMAXFILESIZE 10
# TROPHIEMAXRATIO 250


#####
##### NOD32 Socket Scanner
#####

ENABLENOD32 false

# Path to nod32d socket
#
# Default:
# NOD32SOCKET /tmp/nod32d.sock

# Used NOD32 Version
#  25 = 2.5+
#  21 = 2.x (try this if 25 doesn't work)
#
# Default:
# NOD32VERSION 25


#####
##### Avast! Socket Scanner
#####

ENABLEAVAST false

# Path to avastd socket
#
# Default:
# AVASTSOCKET /var/run/avast4/local.sock

# ..OR if you use avastd TCP socket, uncomment to enable use
#
# Avast daemon needs to run on the same server as HAVP
#
# Default: NONE
# AVASTSERVER 127.0.0.1
# AVASTPORT 5036


#####
##### Arcavir Socket Scanner
#####

ENABLEARCAVIR false

# Path to arcavird socket
#
# Default:
# ARCAVIRSOCKET /var/run/arcavird.socket


#####
##### DrWeb Socket Scanner
#####

ENABLEDRWEB false

# Enable heuristic scanning?
#
# Default:
# DRWEBHEURISTIC true

# Enable malware detection?
# (Adware, Dialer, Joke, Riskware, Hacktool)
#
# Default:
# DRWEBMALWARE true

# Path to drwebd socket
#
# Default:
# DRWEBSOCKET /var/drweb/run/.daemon

# ..OR if you use drwebd TCP socket, uncomment to enable use
#
# DrWeb daemon needs to run on the same server as HAVP
#
# Default: NONE
# DRWEBSERVER 127.0.0.1
# DRWEBPORT 3000

what's wrong and howto solve this problem ?


Last edited by ccc on 08 May 2008 19:34, edited 1 time in total.

Top
 Profile  
 
PostPosted: 08 May 2008 00:54 
Offline

Joined: 02 Feb 2008 22:24
Posts: 28
Hi ccc,

you are trying to use two different clamav scanner. This will not work.
As the library scanner looks to work well
ccc wrote:
07/05/2008 22:15:01 --- Initializing ClamAV Library Scanner
07/05/2008 22:15:01 ClamAV: Using database directory: /var/lib/clamav
07/05/2008 22:15:06 ClamAV: Loaded 277224 signatures (engine 0.92.1)
07/05/2008 22:15:06 ClamAV Library Scanner passed EICAR virus test (Eicar-Test-Signature)

you should disable the socket scanner by
Code:
#####
##### ClamAV Socket Scanner (clamd)
#####
##### NOTE: ClamAV Library Scanner should be preferred (less overhead)
#####

#ENABLECLAMD true

# Path to clamd socket
#
# Default:
# CLAMDSOCKET /tmp/clamd


#CLAMDSOCKET /tmp/clamd


# ..OR if you use clamd TCP socket, uncomment to enable use
#
# Clamd daemon needs to run on the same server as HAVP
#
# Default: NONE
# CLAMDSERVER 127.0.0.1
# CLAMDPORT 3310


#CLAMDSERVER 127.0.0.1
#CLAMDPORT 3310


Regards Severus


Top
 Profile  
 
PostPosted: 08 May 2008 19:42 
Offline

Joined: 07 May 2008 22:51
Posts: 17
thanks, I've corrected the config file and now get in /var/log/havp/error.log:
Code:
08/05/2008 18:00:05 === Starting HAVP Version: 0.87
08/05/2008 18:00:05 Running as user: havp, group: havp
08/05/2008 18:00:05 --- Initializing ClamAV Library Scanner
08/05/2008 18:00:05 ClamAV: Using database directory: /var/lib/clamav
08/05/2008 18:00:09 ClamAV: Loaded 277842 signatures (engine 0.92.1)
08/05/2008 18:00:09 ClamAV Library Scanner passed EICAR virus test (Eicar-Test-Signature)
08/05/2008 18:00:09 --- All scanners initialized
08/05/2008 18:00:09 Process ID: 4623

but the download of eicar test file using squid+havp+clamav will be not blocked.
normally havp should stop it.
what's wrong ?


Top
 Profile  
 
PostPosted: 08 May 2008 20:17 
Offline

Joined: 02 Feb 2008 22:24
Posts: 28
Hi ccc,

what testfile did you try to download? Clamav blocks all but the CAB file. That is a known issue. But all other testfiles should be blocked,and the code you posted shows that the test during startup was successful. Are you shure that the testfile is not even in the proxy. Clear the cache and try again.

Regards Severus


Top
 Profile  
 
PostPosted: 08 May 2008 20:23 
Offline

Joined: 07 May 2008 22:51
Posts: 17
Severus wrote:
Hi ccc,

what testfile did you try to download? Clamav blocks all but the CAB file. That is a known issue. But all other testfiles should be blocked,and the code you posted shows that the test during startup was successful. Are you shure that the testfile is not even in the proxy. Clear the cache and try again.

Regards Severus


I try to download: eicar_com.zip and eicar.com.
both are not blocked and I can download.


Top
 Profile  
 
PostPosted: 08 May 2008 20:26 
Offline

Joined: 02 Feb 2008 22:24
Posts: 28
Hi ccc,

what's in the havp_access.log and the havp_error.log?

Regards Severus


Top
 Profile  
 
PostPosted: 08 May 2008 20:38 
Offline

Joined: 07 May 2008 22:51
Posts: 17
/var/log/havp/access.log:
Code:
08/05/2008 19:35:17 127.0.0.1 GET 302 http://www.google.com/ 364+218 OK
08/05/2008 19:35:17 127.0.0.1 GET 200 http://www.google.ch/ 301+6928 OK
08/05/2008 19:35:17 127.0.0.1 GET 304 http://www.google.ch/intl/en_com/images/logo_plain.png 142+0 OK
08/05/2008 19:35:18 127.0.0.1 GET 304 http://www.google.ch/images/nav_logo3.png 142+0 OK
08/05/2008 19:40:29 127.0.0.1 GET 302 http://www.google.com/ 364+218 OK
08/05/2008 19:40:29 127.0.0.1 GET 200 http://www.google.ch/ 301+6928 OK
08/05/2008 19:40:29 127.0.0.1 GET 304 http://www.google.ch/intl/en_com/images/logo_plain.png 142+0 OK
08/05/2008 19:40:29 127.0.0.1 GET 304 http://www.google.ch/images/nav_logo3.png 142+0 OK
08/05/2008 19:40:40 127.0.0.1 GET 304 http://www.google.ch/images/nav_logo3.png 142+0 OK
08/05/2008 19:40:43 127.0.0.1 GET 304 http://www.eicar.org/anti_virus_test_file.htm 256+0 OK
08/05/2008 19:40:43 127.0.0.1 GET 304 http://www.eicar.org/eicar_nav.css 256+0 OK
08/05/2008 19:40:43 127.0.0.1 GET 304 http://www.eicar.org/print.css 256+0 OK
08/05/2008 19:40:43 127.0.0.1 GET 304 http://www.eicar.org/calendar.css 255+0 OK
08/05/2008 19:40:43 127.0.0.1 GET 304 http://www.eicar.org/eicar_css.css 256+0 OK
08/05/2008 19:40:43 127.0.0.1 GET 304 http://www.eicar.org/image/all/1top_eicar.gif 257+0 OK
08/05/2008 19:40:43 127.0.0.1 GET 304 http://www.eicar.org/image/all/2top_eicar_logo.gif 256+0 OK
08/05/2008 19:40:43 127.0.0.1 GET 304 http://www.eicar.org/image/about_us/hgk_about_us.jpg 257+0 OK
08/05/2008 19:40:43 127.0.0.1 GET 304 http://www.eicar.org/image/nav/nav_grey.gif 255+0 OK

/var/log/havp/error.log:
Code:
08/05/2008 19:33:26 === Starting HAVP Version: 0.87
08/05/2008 19:33:26 Running as user: havp, group: havp
08/05/2008 19:33:26 --- Initializing ClamAV Library Scanner
08/05/2008 19:33:26 ClamAV: Using database directory: /var/lib/clamav
08/05/2008 19:33:30 ClamAV: Loaded 277843 signatures (engine 0.92.1)
08/05/2008 19:33:30 ClamAV Library Scanner passed EICAR virus test (Eicar-Test-Signature)
08/05/2008 19:33:30 --- All scanners initialized
08/05/2008 19:33:30 Process ID: 2642



Top
 Profile  
 
PostPosted: 08 May 2008 20:48 
Offline

Joined: 02 Feb 2008 22:24
Posts: 28
Hi ccc,

seems clamav does not scan your http traffic at all.
I'm using havp with copfilter addon on ipcop, but this should not have any effect to the results.

An entry in my access.log looks like
Code:
07/05/2008 08:17:38 127.0.0.1 GET 200 http://www.trendmicro.com/ftp/products/eicar-file/eicar.com 264+68 VIRUS ClamAV: Eicar-Test-Signature, F-Prot: EICAR_Test_File, AVG: EICAR_Test
07/05/2008 08:17:43 127.0.0.1 GET 200 http://meineipadresse.de/testvirus/eicar.cab 252+150 VIRUS F-Prot: EICAR_Test_File, AVG: EICAR_Test
07/05/2008 08:17:49 127.0.0.1 GET 200 http://meineipadresse.de/testvirus/eicar.tar 261+1536 VIRUS ClamAV: Eicar-Test-Signature, F-Prot: EICAR_Test_File


Because I'm on holidays an have no machine with havp present I lack to help you more.

Sorry and regards
Severus


Top
 Profile  
 
PostPosted: 08 May 2008 21:19 
Offline

Joined: 07 May 2008 22:51
Posts: 17
thanks again,
but knows soemone howto configure squid+havp+clamav to scan HTTP traffic ?


Top
 Profile  
 
PostPosted: 08 May 2008 21:23 
Offline

Joined: 02 Feb 2008 22:24
Posts: 28
Hi ccc,

are you shure your havp <-> squid - configuration is ok?

Regards Severus


Top
 Profile  
 
PostPosted: 08 May 2008 21:40 
Offline

Joined: 07 May 2008 22:51
Posts: 17
Severus wrote:
Hi ccc,

are you shure your havp <-> squid - configuration is ok?

Regards Severus


I'm not sure, I have in my squid.conf following entries for havp:
Code:
..............
icp_port 0
..............
cache_peer localhost parent 8080 0 no-query no-digest no-netdb-exchange default
................................................................................
cache_peer_access 127.0.0.1 allow all


Top
 Profile  
 
PostPosted: 08 May 2008 22:26 
Offline

Joined: 28 Mar 2008 10:50
Posts: 18
Hi!

It seems to me that your HAVP and Squid are not really "talking to each other"...

My 'havp.config':
Quote:
#
# Port HAVP is listening on.
#
# Default:
# PORT 8080
PORT 10080

The corresponding 'squid.conf'-line:
Quote:
cache_peer 127.0.0.1 parent 10080 0 no-query no-digest no-netdb-exchange default

That means, Squid uses HAVP as parent...

Your 'havp.conf' shows:
Quote:
#
# Port HAVP is listening on.
#
# Default:
# PORT 8080


I don't think they know of each other... :-(

HTH

Matthias


Top
 Profile  
 
PostPosted: 08 May 2008 23:25 
Offline

Joined: 07 May 2008 22:51
Posts: 17
hi Matthias

I changed, but still doesn't work !
could you post pls your havp.config and clamd.conf ?


Top
 Profile  
 
PostPosted: 08 May 2008 23:40 
Offline

Joined: 28 Mar 2008 10:50
Posts: 18
Hi!

Ok, here we go... - but beware! - these are the config-files for an IPCop 1.4.18, HAVP 0.88 and ClamAV 0.93 - mostly handmade...you'll have to adjust the files paths, etc.!

This is working on an IPCop 1.4.18 (Debian Linux) with Copfilter 0.84beta3a and Squid 2.6.STABLE20, I really don't know how to set this up for
Quote:
squid3 on debian etch stable


'havp.config'
Quote:
#
# This is the configuration file for HAVP
#
# All lines starting with a hash (#) or empty lines are ignored.
# Uncomment parameters you want to change!
#
# All parameters configurable in this file are explained and their default
# values are shown. If no default value is defined "NONE" is specified.
#
# General syntax: Parameter Value
# Value can be: true/false, number, or path
#
# Extra spaces and tabs are ignored.
#

# You must remove this line for HAVP to start.
# This makes sure you have (hopefully) reviewed the configuration. :)
# Hint: You must enable some scanner! Find them in the end..
#REMOVETHISLINE deleteme

#
# For reasons of security it is recommended to run a proxy program
# without root rights. It is recommended to create user that is not
# used by any other program.
#
# Default:
USER havp
GROUP havp

# If this is true HAVP is running as daemon in background.
# For testing you may run HAVP at your text console.
#
# Default:
DAEMON true

#
# Process id (PID) of the main HAVP process is written to this file.
# Be sure that it is writeable by the user under which HAVP is running.
# /etc/init.d/havp script requires this to work.
#
# Default:
# PIDFILE /var/run/havp/havp.pid
PIDFILE /var/log/copfilter/default/opt/havp/var/run/havp_daemon.pid


#
# For performance reasons several instances of HAVP have to run.
# Specify how many servers (child processes) are simultaneously
# listening on port PORT for a connection. Minimum value should be
# the peak requests-per-second expected + 5 for headroom.
#
# For single user home use, 8 should be minimum.
# For 500 users corporate use, start at 40.
#
# Value can and should be higher than recommended. Memory and
# CPU usage is only affected by the number of concurrent requests.
#
# More childs are automatically created when needed, up to MAXSERVERS.
#
# Default:
# SERVERNUMBER 8
# MAXSERVERS 100
SERVERNUMBER 25

#
# Files where to log requests and info/errors.
# Needs to have write permission for HAVP user.
#
# Default:
# ACCESSLOG /var/log/havp/access.log
# ERRORLOG /var/log/havp/havp.log
ACCESSLOG /var/log/copfilter/default/opt/havp/var/log/access.log
ERRORLOG /var/log/copfilter/default/opt/havp/var/log/error.log


#
# Syslog can be used instead of logging to file.
# For facilities and levels, see "man syslog".
#
# Default:
# USESYSLOG false
# SYSLOGNAME havp
# SYSLOGFACILITY daemon
# SYSLOGLEVEL info

#
# true: Log every request to access log
# false: Log only viruses to access log
#
# Default:
# LOG_OKS true
LOG_OKS false

#
# Level of HAVP logging
# 0 = Only serious errors and information
# 1 = Less interesting information is included
#
# Default:
# LOGLEVEL 0

#
# Temporary scan file.
# This file must reside on a partition for which mandatory
# locking is enabled. For Linux, use "-o mand" in mount command.
# See "man mount" for details. Solaris does not need any special
# steps, it works directly.
#
# Specify absolute path to a file which name must contain "XXXXXX".
# These characters are used by system to create unique named files.
#
# Default:
# SCANTEMPFILE /var/tmp/havp/havp-XXXXXX
SCANTEMPFILE /var/log/copfilter/default/opt/havp/tmp/havp-XXXXXX


#
# Directory for ClamAV and other scanner created tempfiles.
# Needs to be writable by HAVP user. Use ramdisk for best performance.
#
# Default:
# TEMPDIR /var/tmp

#
# HAVP reloads scanners virus database by receiving a signal
# (send SIGHUP to PID from PIDFILE, see "man kill") or after
# a specified period of time. Specify here the number of
# minutes to wait for reloading.
#
# This only affects library scanners (clamlib, trophie).
# Other scanners must be updated manually.
#
# Default:
DBRELOAD 60

#
# Run HAVP as transparent Proxy?
#
# If you don't know what this means read the mini-howto
# TransparentProxy written by Daniel Kiracofe.
# (e.g.: http://www.tldp.org/HOWTO/mini/TransparentProxy.html)
# Definitely you have more to do than setting this to true.
# You are warned!
#
# Default:
# TRANSPARENT false

#
# Specify a parent proxy (e.g. Squid) HAVP should use.
#
# Default: NONE
# PARENTPROXY localhost
# PARENTPORT 3128

#
# Write X-Forwarded-For: to log instead of connecters IP?
#
# If HAVP is used as parent proxy by some other proxy, this allows
# to write the real users IP to log, instead of proxy IP.
#
# Default:
# FORWARDED_IP false

#
# Send X-Forwarded-For: header to servers?
#
# If client sent this header, FORWARDED_IP setting defines the value,
# then it is passed on. You might want to keep this disabled for security
# reasons. Enable this if you use your own parent proxy after HAVP, so it
# will see the original client IP.
#
# Default:
# X_FORWARDED_FOR false

#
# Port HAVP is listening on.
#
# Default:
# PORT 8080
PORT 10080

#
# IP address that HAVP listens on.
# Let it be undefined to bind all addresses.
#
# Default: NONE
# BIND_ADDRESS 127.0.0.1

#
# IP address used for sending outbound packets.
# Let it be undefined if you want OS to handle right address.
#
# Default: NONE
# SOURCE_ADDRESS 1.2.3.4

#
# Path to template files.
#
# Default:
# TEMPLATEPATH /usr/local/etc/havp/templates/en
TEMPLATEPATH /var/log/copfilter/default/opt/havp/etc/templates/en


#
# Set to true if you want to prefer Whitelist.
# If URL is Whitelisted, then Blacklist is ignored.
# Otherwise Blacklist is preferred.
#
# Default:
# WHITELISTFIRST true

#
# List of URLs not to scan.
#
# Default:
# WHITELIST /usr/local/etc/havp/whitelist
WHITELIST /var/log/copfilter/default/opt/havp/etc/whitelist


#
# List of URLs that are denied access.
#
# Default:
# BLACKLIST /usr/local/etc/havp/blacklist
BLACKLIST /var/log/copfilter/default/opt/havp/etc/blacklist


#
# Is scanner error fatal?
#
# For example, archive types that are not supported by scanner
# may return error. Also if scanner has invalid pattern files etc.
#
# true: User gets error page
# false: No error is reported (viruses might not be detected)
#
# Default:
# FAILSCANERROR true

#
# When scanning takes longer than this, it will be aborted.
# Timer is started after HAVP has fully received all data.
# If set too low, complex files/archives might produce timeout.
# Timeout is always a fatal error regardless of FAILSCANERROR.
#
# Time in minutes!
#
# Default:
# SCANNERTIMEOUT 10

#
# Allow HTTP Range requests?
#
# false: Broken downloads can NOT be resumed
# true: Broken downloads can be resumed
#
# Allowing Range is a security risk, because partial
# HTTP requests may not be properly scanned.
#
# Whitelisted sites are allowed to use Range in any case.
#
# Default:
# RANGE false

#
# If you really need more performance, you can disable scanning of
# JPG, GIF and PNG files. These are probably the most common files
# around, so it will save lots of CPU. But be warned, image exploits
# exist and more could be found. Think twice if you want to disable!
#
# Default:
# SCANIMAGES true

#
# Temporary file will grow only up to this size. This means scanner
# will scan data until this limit is reached.
#
# There are two sides to this setting. By limiting the size, you gain
# performance, less waiting for big files and less needed temporary space.
# But there is slightly higher chance of virus slipping through (though
# scanning large archives should not be gateways function, HAVP is more
# geared towards small exploit detection etc).
#
# VALUE IN BYTES NOT KB OR MB!!!!
# 0 = No size limit
#
# Default:
# MAXSCANSIZE 10000000
MAXSCANSIZE 5000000


#
# Amount of data going to browser that is held back, until it
# is scanned. When we know file is clean, this held back data
# can be sent to browser. You can safely set bigger value, only
# thing you will notice is some "delay" in beginning of download.
# Virus found in files bigger than this might not produce HAVP
# error page, but result in a "broken" download.
#
# VALUE IN BYTES NOT KB OR MB!!!!
#
# Default:
# KEEPBACKBUFFER 200000
# KEEPBACKBUFFER 1000000
KEEPBACKBUFFER 200000


#
# This setting complements KEEPBACKBUFFER. It tells how many Seconds to
# initially receive data from server, before sending anything to client.
# Even trickling is not done before this time elapses. This way files that
# are received fast are more secure and user can get virus report page for
# files bigger than KEEPBACKBUFFER.
#
# Setting to 0 will disable this, and only KEEPBACKBUFFER is used.
#
# Default:
# KEEPBACKTIME 5

#
# After Trickling Time (seconds), some bytes are sent to browser
# to keep the connection alive. Trickling is not needed if timeouts
# are not expected for files smaller than KEEPBACKBUFFER, but it is
# recommended to set anyway.
#
# 0 = No Trickling
#
# Default:
# TRICKLING 30
TRICKLING 10

#
# Send this many bytes to browser every TRICKLING seconds, see above
#
# Default:
# TRICKLINGBYTES 1

#
# Downloads larger than MAXDOWNLOADSIZE will be blocked.
# Only if not Whitelisted!
#
# VALUE IN BYTES NOT KB OR MB!!!!
# 0 = Unlimited Downloads
#
# Default:
# MAXDOWNLOADSIZE 0

#
# Space separated list of strings to partially match User-Agent: header.
# These are used for streaming content, so scanning is generally not needed
# and tempfiles grow unnecessary. Remember when enabled, that user could
# fake header and pass some scanning. HTTP Range requests are allowed for
# these, so players can seek content.
#
# You can uncomment here a list of most popular players.
#
# Default: NONE
STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS

#
# Bytes to scan from beginning of streams.
# When set to 0, STREAMUSERAGENT scanning will be completely disabled.
# It is not recommended as there are some exploits for players.
#
# Default:
# STREAMSCANSIZE 20000

#
# Disable mandatory locking (dynamic scanning) for certain file types.
# This is intended for fixing cases where a scanner forces use of mmap()
# call. Mandatory locking might not allow this, so you could get errors
# regarding memory allocation or I/O. You can test the "None" option
# anyway, as it might even work depending on your OS (some Linux seems
# to allow mand+mmap).
#
# Allowed values:
# None
# ClamAV:BinHex (mmap forced in all versions, no ETA for fix)
# ClamAV:PDF (mmap forced in all versions, no ETA for fix)
# ClamAV:ZIP (mmap forced in 0.93.x, should work in 0.94)
#
# Default:
DISABLELOCKINGFOR ClamAV:BinHex ClamAV:PDF ClamAV:ZIP

#####
##### ClamAV Library Scanner (libclamav)
#####

ENABLECLAMLIB true

# HAVP uses libclamav hardcoded pattern directory, which usually is
# /usr/local/share/clamav. You only need to set CLAMDBDIR, if you are
# using non-default DatabaseDirectory setting in clamd.conf.
#
# Default: NONE
# CLAMDBDIR /path/to/directory

# Should we block broken executables?
#
# Default:
# CLAMBLOCKBROKEN false

# Should we block encrypted archives?
#
# Default:
# CLAMBLOCKENCRYPTED false

# Should we block files that go over maximum archive limits?
#
# Default:
# CLAMBLOCKMAX false

# Scanning limits?
# You can find some additional info from documentation or clamd.conf
#
# Stop when this many total bytes scanned (MB) (only for 0.93+ !)
# CLAMMAXSCANSIZE 20
#
# Stop when this many files have been scanned
# CLAMMAXFILES 50
#
# Don't scan files over this size (MB)
# CLAMMAXFILESIZE 100
#
# Maximum archive recursion
# CLAMMAXRECURSION 8
#
# Maximum compression ratio for a file (setting deprecated in 0.93+ !)
# CLAMMAXRATIO 250

#####
##### ClamAV Socket Scanner (clamd)
#####
##### NOTE: ClamAV Library Scanner should be preferred (less overhead)
#####

ENABLECLAMD false

# Path to clamd socket
#
# Default:
# CLAMDSOCKET /tmp/clamd
#CLAMDSOCKET /var/log/copfilter/default/opt/clamav/var/run/clamd.socket


# ..OR if you use clamd TCP socket, uncomment to enable use
#
# Clamd daemon needs to run on the same server as HAVP
#
# Default: NONE
# CLAMDSERVER 127.0.0.1
# CLAMDPORT 3310


#####
##### F-Prot Socket Scanner
#####

ENABLEFPROT false

# F-Prot daemon needs to run on same server as HAVP
#
# Default:
# FPROTSERVER 127.0.0.1
# FPROTPORT 10200


#####
##### AVG Socket Scanner
#####

ENABLEAVG false

# AVG daemon needs to run on the same server as HAVP
#
# Default:
# AVGSERVER 127.0.0.1
# AVGPORT 55555


#####
##### Kaspersky Socket Scanner
#####

ENABLEAVESERVER false

# Path to aveserver socket
#
# Default:
# AVESOCKET /var/run/aveserver


#####
##### Sophos Scanner (Sophie)
#####

ENABLESOPHIE false

# Path to sophie socket
#
# Default:
# SOPHIESOCKET /var/run/sophie


#####
##### Trend Micro Library Scanner (Trophie)
#####

ENABLETROPHIE false

# Scanning limits inside archives (filesize = MB):
#
# Default:
# TROPHIEMAXFILES 50
# TROPHIEMAXFILESIZE 10
# TROPHIEMAXRATIO 250


#####
##### NOD32 Socket Scanner
#####

ENABLENOD32 false

# Path to nod32d socket
#
# Default:
# NOD32SOCKET /tmp/nod32d.sock

# Used NOD32 Version
# 25 = 2.5+
# 21 = 2.x (try this if 25 doesn't work)
#
# Default:
# NOD32VERSION 25


#####
##### Avast! Socket Scanner
#####

ENABLEAVAST false

# Path to avastd socket
#
# Default:
# AVASTSOCKET /var/run/avast4/local.sock

# ..OR if you use avastd TCP socket, uncomment to enable use
#
# Avast daemon needs to run on the same server as HAVP
#
# Default: NONE
# AVASTSERVER 127.0.0.1
# AVASTPORT 5036


#####
##### Arcavir Socket Scanner
#####

ENABLEARCAVIR false

# Path to arcavird socket
#
# Default:
# ARCAVIRSOCKET /var/run/arcavird.socket

# Used Arcavir version
# 2007 = Version 2007 and earlier
# 2008 = Version 2008 and later
#
# Default:
# ARCAVIRVERSION 2007


#####
##### DrWeb Socket Scanner
#####

ENABLEDRWEB false

# Enable heuristic scanning?
#
# Default:
# DRWEBHEURISTIC true

# Enable malware detection?
# (Adware, Dialer, Joke, Riskware, Hacktool)
#
# Default:
# DRWEBMALWARE true

# Path to drwebd socket
#
# Default:
# DRWEBSOCKET /var/drweb/run/.daemon

# ..OR if you use drwebd TCP socket, uncomment to enable use
#
# DrWeb daemon needs to run on the same server as HAVP
#
# Default: NONE
# DRWEBSERVER 127.0.0.1
# DRWEBPORT 3000

'clamd.conf'
Quote:
##
## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##


# Comment or remove the line below.
#Example

# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
LogFile /var/log/copfilter/default/opt/clamav/var/log/clamd.log

# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option).
# This option disables log file locking.
# Default: no
#LogFileUnlock yes

# Maximum size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.
# Default: 1M
LogFileMaxSize 10M

# Log time with each message.
# Default: no
LogTime yes

# Also log clean files. Useful in debugging but drastically increases the
# log size.
# Default: no
#LogClean yes

# Use system logger (can work together with LogFile).
# Default: no
LogSyslog yes

# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL

# Enable verbose logging.
# Default: no
#LogVerbose yes

# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
#PidFile /var/run/clamd.pid

# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
#TemporaryDirectory /var/tmp

# Path to the database directory.
# Default: hardcoded (depends on installation options)
#DatabaseDirectory /var/lib/clamav

# The daemon works in a local OR a network mode. Due to security reasons we
# recommend the local mode.

# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /var/log/copfilter/default/opt/clamav/var/run/clamd.socket

# Remove stale socket after unclean shutdown.
# Default: no
FixStaleSocket yes

# TCP port address.
# Default: no
#TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: no
TCPAddr 127.0.0.1

# Maximum length the queue of pending connections may grow to.
# Default: 15
#MaxConnectionQueueLength 30

# Clamd uses FTP-like protocol to receive data from remote clients.
# If you are using clamav-milter to balance load between remote clamd daemons
# on firewall servers you may need to tune the options below.

# Close the connection when the data size limit is exceeded.
# The value should match your MTA's limit for a maximum attachment size.
# Default: 10M
#StreamMaxLength 20M

# Limit port range.
# Default: 1024
#StreamMinPort 30000
# Default: 2048
#StreamMaxPort 32000

# Maximum number of threads running at the same time.
# Default: 10
MaxThreads 25

# Waiting for data from a client socket will timeout after this time (seconds).
# Value of 0 disables the timeout.
# Default: 120
#ReadTimeout 300

# Waiting for a new job will timeout after this time (seconds).
# Default: 30
#IdleTimeout 60

# Maximum depth directories are scanned at.
# Default: 15
MaxDirectoryRecursion 20

# Follow directory symlinks.
# Default: no
#FollowDirectorySymlinks yes

# Follow regular file symlinks.
# Default: no
#FollowFileSymlinks yes

# Perform a database check.
# Default: 1800 (30 min)
SelfCheck 600

# Execute a command when virus is found. In the command string %v will
# be replaced with the virus name.
# Default: no
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"

# Run as another user (clamd must be started by root to make this option
# working).
# Default: don't drop privileges
#User clamav

# Initialize supplementary group access (clamd must be started by root).
# Default: no
#AllowSupplementaryGroups no

# Stop daemon when libclamav reports out of memory condition.
#ExitOnOOM yes

# Don't fork into background.
# Default: no
#Foreground yes

# Enable debug messages in libclamav.
# Default: no
#Debug yes

# Do not remove temporary files (for debug purposes).
# Default: no
#LeaveTemporaryFiles yes

# Detect Possibly Unwanted Applications.
# Default: no
DetectPUA yes

# In some cases (eg. complex malware, exploits in graphic files, and others),
# ClamAV uses special algorithms to provide accurate detection. This option
# controls the algorithmic detection.
# Default: yes
#AlgorithmicDetection yes

##
## Executable files
##

# PE stands for Portable Executable - it's an executable file format used
# in all 32 and 64-bit versions of Windows operating systems. This option allows
# ClamAV to perform a deeper analysis of executable files and it's also
# required for decompression of popular executable packers such as UPX, FSG,
# and Petite.
# Default: yes
ScanPE yes

# Executable and Linking Format is a standard format for UN*X executables.
# This option allows you to control the scanning of ELF files.
# Default: yes
#ScanELF yes

# With this option clamav will try to detect broken executables (both PE and
# ELF) and mark them as Broken.Executable.
# Default: no
#DetectBrokenExecutables yes


##
## Documents
##

# This option enables scanning of OLE2 files, such as Microsoft Office
# documents and .msi files.
# Default: yes
ScanOLE2 yes

# This option enables scanning within PDF files.
# Default: no
ScanPDF yes

##
## Mail files
##

# Enable internal e-mail scanner.
# Default: yes
ScanMail yes

# If an email contains URLs ClamAV can download and scan them.
# WARNING: This option may open your system to a DoS attack.
# Never use it on loaded servers.
# Default: no
#MailFollowURLs no

# With this option enabled ClamAV will try to detect phishing attempts by using
# signatures.
# Default: yes
PhishingSignatures yes


# Scan urls found in mails for phishing attempts.
# (available in experimental builds only)
# Default: yes
#PhishingScanURLs yes

# Use phishing detection only for domains listed in the .pdb database. It is
# not recommended to have this option turned off, because scanning of all
# domains may lead to many false positives!
# (available in experimental builds only)
# Default: yes
#PhishingRestrictedScan yes

# Always block SSL mismatches in URLs, even if the URL isn't in the database.
# This can lead to false positives.
# (available in experimental builds only)
#
# Default: no
#PhishingAlwaysBlockSSLMismatch no

# Always block cloaked URLs, even if URL isn't in database.
# This can lead to false positives.
# (available in experimental builds only)
#
# Default: no
#PhishingAlwaysBlockCloak no

##
## HTML
##

# Perform HTML normalisation and decryption of MS Script Encoder code.
# Default: yes
ScanHTML yes


##
## Archives
##

# ClamAV can scan within archives and compressed files.
# Default: yes
ScanArchive yes

# Use slower but memory efficient decompression algorithm.
# only affects the bzip2 decompressor.
# Default: no
#ArchiveLimitMemoryUsage yes

# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
# Default: no
#ArchiveBlockEncrypted no

# Enable support for Sensory Networks' NodalCore hardware accelerator.
# Default: no
#NodalCoreAcceleration yes


##
## Limits
##

# The options below protect your system against Denial of Service attacks
# using archive bombs.

# This option sets the maximum amount of data to be scanned for each input file.
# Archives and other containers are recursively extracted and scanned up to this
# value.
# Value of 0 disables the limit
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 100M
#MaxScanSize 150M

# Files larger than this limit won't be scanned. Affects the input file itself
# as well as files contained inside it (when the input file is an archive, a
# document or some other kind of container).
# Value of 0 disables the limit.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 25M
#MaxFileSize 30M

# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
# file, all files within it will also be scanned. This options specifies how
# deeply the process should be continued.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Value of 0 disables the limit.
# Default: 16
#MaxRecursion 10

# Number of files to be scanned within an archive, a document, or any other
# container file.
# Value of 0 disables the limit.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 10000
#MaxFiles 15000

##
## Clamuko settings
## WARNING: This is experimental software. It is very likely it will hang
## up your system!!!
##

# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
# Default: no
#ClamukoScanOnAccess yes

# Set access mask for Clamuko.
# Default: no
#ClamukoScanOnOpen yes
#ClamukoScanOnClose yes
#ClamukoScanOnExec yes

# Set the include paths (all files inside them will be scanned). You can have
# multiple ClamukoIncludePath directives but each directory must be added
# in a seperate line.
# Default: disabled
#ClamukoIncludePath /home
#ClamukoIncludePath /students

# Set the exclude paths. All subdirectories are also excluded.
# Default: disabled
#ClamukoExcludePath /home/bofh

# Don't scan files larger than ClamukoMaxFileSize
# Value of 0 disables the limit.
# Default: 5M
#ClamukoMaxFileSize 10M


HTH

Matthias


Top
 Profile  
 
PostPosted: 09 May 2008 02:55 
Offline

Joined: 07 May 2008 22:51
Posts: 17
thanks, but still doesn't work !


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 32 posts ]  Go to page 1, 2, 3  Next

All times are UTC + 2 hours [ DST ]


Who is online

Users browsing this forum: Google [Bot] and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group