Good day!
I have a Squid3+ClamAv+HAVP installed on my Ubuntu 10.04 server with 4Gb RAM. There are about 400 users in our company and an internet channel of 100Mbit/s. The S+C+H group do not load system even at half, but internet connections is terribly slow - web pages like google.com loads about 10-15 seconds. When I turn off HAVP and make S+C working - any web page loads in a moments.
-----------------------------------------------
Squid configuration:Code:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain="****.RU"
auth_param ntlm children 100
auth_param ntlm keep_alive on
acl CONNECT method CONNECT
acl localnet src 10.105.6.0/24
acl localnet src 172.16.0.0/16
acl localnet src 192.168.0.0/16
acl _sams_4ea7cad44302c proxy_auth "/etc/squid/4ea7cad44302c.sams"
acl _sams_4ea7cad44302c_time time MTWHFAS 00:00-23:59
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
http_access allow _sams_4ea7cad44302c _sams_4ea7cad44302c_time
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_port 192.168.2.3:3128
cache_peer 127.0.0.1 parent 3127 0 default no-query
logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
coredump_dir /var/cache
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
memory_pools off
forwarded_for on
HAVP configuration:Code:
ACCESSLOG=/var/log/havp/access.log
ARCAVIRSOCKET=/var/run/arcavird.socket
ARCAVIRVERSION=2007
AVASTPORT=5036
AVASTSERVER=
AVASTSOCKET=/var/run/avast4/local.sock
AVESOCKET=/var/run/aveserver
AVGPORT=55555
AVGSERVER=127.0.0.1
BIND_ADDRESS=127.0.0.1
BLACKLIST=/etc/havp/blacklist
CLAMBLOCKBROKEN=FALSE
CLAMBLOCKENCRYPTED=FALSE
CLAMBLOCKMAX=FALSE
CLAMDBDIR=/var/lib/clamav
CLAMDPORT=3310
CLAMDSERVER=
CLAMDSOCKET=/tmp/clamd
CLAMMAXFILES=50
CLAMMAXFILESIZE=10
CLAMMAXRECURSION=2
CLAMMAXSCANSIZE=20
DAEMON=TRUE
DBRELOAD=60
DISABLELOCKINGFOR=ClamAV:BinHex ClamAV:PDF ClamAV:ZIP AVG:ALL
DISPLAYINITIALMESSAGES=TRUE
DRWEBHEURISTIC=TRUE
DRWEBMALWARE=TRUE
DRWEBPORT=3000
DRWEBSERVER=
DRWEBSOCKET=/var/drweb/run/.daemon
ENABLEARCAVIR=FALSE
ENABLEAVAST=FALSE
ENABLEAVESERVER=FALSE
ENABLEAVG=FALSE
ENABLECLAMD=FALSE
ENABLECLAMLIB=TRUE
ENABLEDRWEB=FALSE
ENABLEFPROT=FALSE
ENABLENOD32=FALSE
ENABLESOPHIE=FALSE
ENABLETROPHIE=FALSE
ERRORLOG=/var/log/havp/error.log
FAILSCANERROR=FALSE
FORWARDED_IP=TRUE
FPROTOPTIONS=
FPROTPORT=10200
FPROTSERVER=127.0.0.1
GROUP=havp
IGNOREVIRUS=
KEEPBACKBUFFER=200000
KEEPBACKTIME=5
LOGLEVEL=1
LOG_OKS=FALSE
MAXDOWNLOADSIZE=0
MAXSCANSIZE=5000000
MAXSERVERS=80
NOD32SOCKET=/tmp/nod32d.sock
NOD32VERSION=25
PARENTPORT=0
PARENTPROXY=
PIDFILE=/var/run/havp/havp.pid
PORT=3127
PRELOADZIPHEADER=TRUE
RANGE=TRUE
SCANIMAGES=TRUE
SCANNERTIMEOUT=5
SCANTEMPFILE=/var/spool/havp/havp-XXXXXX
SERVERNUMBER=60
SOPHIESOCKET=/var/run/sophie
SOURCE_ADDRESS=
STREAMSCANSIZE=20000
STREAMUSERAGENT=
SYSLOGFACILITY=daemon
SYSLOGLEVEL=info
SYSLOGNAME=havp
SYSLOGVIRUSLEVEL=warning
TEMPDIR=/var/spool/havp
TEMPLATEPATH=/etc/havp/templates/ru
TRANSPARENT=FALSE
TRICKLING=30
TRICKLINGBYTES=1
TROPHIEMAXFILES=50
TROPHIEMAXFILESIZE=10
TROPHIEMAXRATIO=250
USER=havp
USESYSLOG=FALSE
WHITELIST=/etc/havp/whitelist
WHITELISTFIRST=TRUE
X_FORWARDED_FOR=FALSE
HAVP error.log:Code:
...
30/12/2011 12:28:01 (192.168.2.206) Could not send body to browser
30/12/2011 12:28:02 (81.19.85.116) Could not read server header (192.168.2.162/lenta.ru:80)
30/12/2011 12:28:02 (192.168.4.102) Could not send body to browser
30/12/2011 12:28:03 (192.168.4.171) Could not send body to browser
30/12/2011 12:28:03 (192.168.6.217) Could not send body to browser
30/12/2011 12:28:05 (94.100.187.197) Could not read server header (192.168.4.150/rs.mail.ru:80)
30/12/2011 12:28:10 (192.168.4.98) Could not send body to browser
30/12/2011 12:28:10 (81.19.85.116) Could not read server header (192.168.2.162/lenta.ru:80)
30/12/2011 12:28:11 (192.168.2.205) Could not send body to browser
30/12/2011 12:28:14 (127.0.0.1) Invalid request from browser
30/12/2011 12:28:14 (192.168.4.171) Could not send body to browser
30/12/2011 12:28:15 (192.168.6.217) Could not send body to browser
30/12/2011 12:28:15 (94.100.187.197) Could not read server header (10.105.6.119/rs.mail.ru:80)
30/12/2011 12:28:16 (192.168.2.205) Could not send body to browser
30/12/2011 12:28:19 (81.19.85.116) Could not read server header (192.168.2.162/lenta.ru:80)
30/12/2011 12:28:23 (87.248.207.253) Could not read server header (192.168.6.209/cdn.eyewonder.com:80)
30/12/2011 12:28:24 (192.168.4.102) Could not send body to browser
30/12/2011 12:28:25 (94.100.187.167) Could not read server header (192.168.2.205/img.imgsmail.ru:80)
30/12/2011 12:28:26 (192.168.4.158) Could not send body to browser
30/12/2011 12:28:27 (81.19.85.116) Could not read server header (192.168.2.162/lenta.ru:80)
30/12/2011 12:28:27 (78.140.152.30) Could not read server header (10.105.6.138/im1-tub.com:80)
30/12/2011 12:28:28 (192.168.4.171) Could not send body to browser
30/12/2011 12:28:30 (192.168.6.217) Could not send body to browser
30/12/2011 12:28:30 (192.168.4.102) Could not send body to browser
30/12/2011 12:28:30 (10.105.6.86) Could not send body to browser
30/12/2011 12:28:30 (10.105.6.86) Could not send body to browser
30/12/2011 12:28:31 (192.168.2.205) Could not send body to browser
30/12/2011 12:28:35 (81.19.85.116) Could not read server header (192.168.2.162/lenta.ru:80)
30/12/2011 12:28:41 (192.168.4.171) Could not send body to browser
30/12/2011 12:28:41 (10.105.6.138) Could not send body to browser
30/12/2011 12:28:43 (192.168.6.217) Could not send body to browser
30/12/2011 12:28:43 (192.168.2.205) Could not send body to browser
30/12/2011 12:28:46 (192.168.14.29) Could not send body to browser
30/12/2011 12:28:51 (192.168.4.144) Could not send body to browser
30/12/2011 12:28:51 (192.168.2.205) Could not send body to browser
30/12/2011 12:28:51 (192.168.4.171) Could not send body to browser
30/12/2011 12:28:52 (192.168.6.217) Could not send body to browser
30/12/2011 12:28:55 (192.168.4.98) Could not send body to browser
30/12/2011 12:29:34 (10.105.6.140) Could not send body to browser
...