| HTTP Anti-Virus Proxy http://havp.hege.li/forum/ |
|
| Two havp problems http://havp.hege.li/forum/viewtopic.php?f=3&t=365 |
Page 1 of 1 |
| Author: | Grrruk [ 07 Jun 2008 15:06 ] |
| Post subject: | Two havp problems |
Yesterday I installed havp in front of my squid system (i.e. users -> squid -> havp -> internet), about 300 users in LAN. Everything was ok during the testing, but as soon as I pushed this configuration into production, two problems emerged: 1. Rapidshare access. After adding havp download from rapidshare doesn't work anymore. When users press "download" button they see Zero size reply error from squid. But when I look into logs I see: squid's access.log: 1212838104.617 288 10.1.1.111 TCP_MISS/200 6045 POST http://rs315.rapidshare.com/files/12072 ... nd_Ref.pdf - DEFAULT_PARENT/127.0.0.1 text/html havp's access.log: 7/06/2008 15:38:14 10.1.1.111 POST 200 http://rs269.rapidshare.com/files/12047 ... rdv302.rar 284+9431 OK Huh? This file is 13mb. Yes, I do understand that rapidshare is a sleazy site that normal people should not visit, but it's close to impossible to explain this to some customers who prefer to share their files this way. It looks like havp did not fetch this file (did not pass referer? or what?) Now how to debug this further? 2. Havp complains about the memory while fetchnig nod32 updates: 07/06/2008 15:41:32 Scanner errors: ClamAV: Unable to allocate memory (lasturl: http://89.202.157.136/nod_eval/update.ver) 07/06/2008 15:41:34 Scanner errors: ClamAV: Unable to allocate memory (lasturl: http://u41.eset.com/nod_eval/update.ver) 07/06/2008 15:41:36 Scanner errors: ClamAV: Unable to allocate memory (lasturl: http://u44.eset.com/nod_eval/update.ver) 07/06/2008 15:41:38 Scanner errors: ClamAV: Unable to allocate memory (lasturl: http://u30.eset.com/nod_eval/update.ver) 07/06/2008 15:41:40 Scanner errors: ClamAV: Unable to allocate memory (lasturl: http://u42.eset.com/nod_eval/update.ver) 07/06/2008 15:41:41 Scanner errors: ClamAV: Unable to allocate memory (lasturl: http://www.nod32.com/nod_upd/update.ver) Jun 7 15:43:32 xxx kernel: pid 81430 (havp), uid 1021: exited on signal 6 Jun 7 15:43:34 xxx kernel: pid 81520 (havp), uid 1021: exited on signal 6 Jun 7 15:43:37 xxx kernel: pid 81053 (havp), uid 1021: exited on signal 6 Jun 7 15:43:42 xxx kernel: pid 81788 (havp), uid 1021: exited on signal 6 Jun 7 15:43:45 xxx kernel: pid 81747 (havp), uid 1021: exited on signal 6 Jun 7 15:43:49 xxx kernel: pid 81787 (havp), uid 1021: exited on signal 6 Jun 7 15:43:52 xxx kernel: pid 81496 (havp), uid 1021: exited on signal 6 And the user receives receives error based on scanner.html template. Sometimes I see signal 11 instead, but rarely. Operating system is heavily patched freebsd 5.4 (smp), quite stable workhorse that had no problem for years. Usually havp dies on nod32 files, but sometimes other urls like http://pocketz.dl1.vipserver.ru/2006/07 ... g_incl.rar cause it to crash too. Any ideas? |
|
| Author: | hege [ 08 Jun 2008 00:57 ] |
| Post subject: | Re: Two havp problems |
Are you running a 64-bit system? If you download the files without HAVP and run clamscan on them, any errors? |
|
| Author: | hydrapolic [ 13 Jun 2008 12:10 ] |
| Post subject: | Re: Two havp problems |
Maybe a stupid question, why don't you use "users -> havp -> squid -> internet" instead ? |
|
| Page 1 of 1 | All times are UTC + 2 hours [ DST ] |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|