HTTP Anti-Virus Proxy
http://havp.hege.li/forum/

Why my HAVP is so slow
http://havp.hege.li/forum/viewtopic.php?f=3&t=666
Page 1 of 1

Author:  iskaldvind [ 30 Dec 2011 12:25 ]
Post subject:  Why my HAVP is so slow

Good day!

I have a Squid3+ClamAv+HAVP installed on my Ubuntu 10.04 server with 4Gb RAM. There are about 400 users in our company and an internet channel of 100Mbit/s. The S+C+H group do not load system even at half, but internet connections is terribly slow - web pages like google.com loads about 10-15 seconds. When I turn off HAVP and make S+C working - any web page loads in a moments.

-----------------------------------------------
Squid configuration:
Code:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain="****.RU"
auth_param ntlm children 100
auth_param ntlm keep_alive on

acl CONNECT method CONNECT
acl localnet src 10.105.6.0/24
acl localnet src 172.16.0.0/16
acl localnet src 192.168.0.0/16

acl _sams_4ea7cad44302c proxy_auth "/etc/squid/4ea7cad44302c.sams"
acl _sams_4ea7cad44302c_time time MTWHFAS 00:00-23:59
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

acl SSL_ports port 443
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443      # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210      # wais
acl Safe_ports port 1025-65535   # unregistered ports
acl Safe_ports port 280      # http-mgmt
acl Safe_ports port 488      # gss-http
acl Safe_ports port 591      # filemaker
acl Safe_ports port 777      # multiling http

http_access allow _sams_4ea7cad44302c  _sams_4ea7cad44302c_time 
 
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all

http_port 192.168.2.3:3128
cache_peer 127.0.0.1 parent 3127 0 default no-query

logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
coredump_dir /var/cache

refresh_pattern ^ftp:      1440   20%   10080
refresh_pattern ^gopher:   1440   0%   1440
refresh_pattern -i (/cgi-bin/|\?) 0   0%   0
refresh_pattern .      0   20%   4320

memory_pools off
forwarded_for on


HAVP configuration:
Code:
ACCESSLOG=/var/log/havp/access.log
ARCAVIRSOCKET=/var/run/arcavird.socket
ARCAVIRVERSION=2007
AVASTPORT=5036
AVASTSERVER=
AVASTSOCKET=/var/run/avast4/local.sock
AVESOCKET=/var/run/aveserver
AVGPORT=55555
AVGSERVER=127.0.0.1
BIND_ADDRESS=127.0.0.1
BLACKLIST=/etc/havp/blacklist
CLAMBLOCKBROKEN=FALSE
CLAMBLOCKENCRYPTED=FALSE
CLAMBLOCKMAX=FALSE
CLAMDBDIR=/var/lib/clamav
CLAMDPORT=3310
CLAMDSERVER=
CLAMDSOCKET=/tmp/clamd
CLAMMAXFILES=50
CLAMMAXFILESIZE=10
CLAMMAXRECURSION=2
CLAMMAXSCANSIZE=20
DAEMON=TRUE
DBRELOAD=60
DISABLELOCKINGFOR=ClamAV:BinHex ClamAV:PDF ClamAV:ZIP AVG:ALL
DISPLAYINITIALMESSAGES=TRUE
DRWEBHEURISTIC=TRUE
DRWEBMALWARE=TRUE
DRWEBPORT=3000
DRWEBSERVER=
DRWEBSOCKET=/var/drweb/run/.daemon
ENABLEARCAVIR=FALSE
ENABLEAVAST=FALSE
ENABLEAVESERVER=FALSE
ENABLEAVG=FALSE
ENABLECLAMD=FALSE
ENABLECLAMLIB=TRUE
ENABLEDRWEB=FALSE
ENABLEFPROT=FALSE
ENABLENOD32=FALSE
ENABLESOPHIE=FALSE
ENABLETROPHIE=FALSE
ERRORLOG=/var/log/havp/error.log
FAILSCANERROR=FALSE
FORWARDED_IP=TRUE
FPROTOPTIONS=
FPROTPORT=10200
FPROTSERVER=127.0.0.1
GROUP=havp
IGNOREVIRUS=
KEEPBACKBUFFER=200000
KEEPBACKTIME=5
LOGLEVEL=1
LOG_OKS=FALSE
MAXDOWNLOADSIZE=0
MAXSCANSIZE=5000000
MAXSERVERS=80
NOD32SOCKET=/tmp/nod32d.sock
NOD32VERSION=25
PARENTPORT=0
PARENTPROXY=
PIDFILE=/var/run/havp/havp.pid
PORT=3127
PRELOADZIPHEADER=TRUE
RANGE=TRUE
SCANIMAGES=TRUE
SCANNERTIMEOUT=5
SCANTEMPFILE=/var/spool/havp/havp-XXXXXX
SERVERNUMBER=60
SOPHIESOCKET=/var/run/sophie
SOURCE_ADDRESS=
STREAMSCANSIZE=20000
STREAMUSERAGENT=
SYSLOGFACILITY=daemon
SYSLOGLEVEL=info
SYSLOGNAME=havp
SYSLOGVIRUSLEVEL=warning
TEMPDIR=/var/spool/havp
TEMPLATEPATH=/etc/havp/templates/ru
TRANSPARENT=FALSE
TRICKLING=30
TRICKLINGBYTES=1
TROPHIEMAXFILES=50
TROPHIEMAXFILESIZE=10
TROPHIEMAXRATIO=250
USER=havp
USESYSLOG=FALSE
WHITELIST=/etc/havp/whitelist
WHITELISTFIRST=TRUE
X_FORWARDED_FOR=FALSE


HAVP error.log:
Code:
...
30/12/2011 12:28:01 (192.168.2.206) Could not send body to browser
30/12/2011 12:28:02 (81.19.85.116) Could not read server header (192.168.2.162/lenta.ru:80)
30/12/2011 12:28:02 (192.168.4.102) Could not send body to browser
30/12/2011 12:28:03 (192.168.4.171) Could not send body to browser
30/12/2011 12:28:03 (192.168.6.217) Could not send body to browser
30/12/2011 12:28:05 (94.100.187.197) Could not read server header (192.168.4.150/rs.mail.ru:80)
30/12/2011 12:28:10 (192.168.4.98) Could not send body to browser
30/12/2011 12:28:10 (81.19.85.116) Could not read server header (192.168.2.162/lenta.ru:80)
30/12/2011 12:28:11 (192.168.2.205) Could not send body to browser
30/12/2011 12:28:14 (127.0.0.1) Invalid request from browser
30/12/2011 12:28:14 (192.168.4.171) Could not send body to browser
30/12/2011 12:28:15 (192.168.6.217) Could not send body to browser
30/12/2011 12:28:15 (94.100.187.197) Could not read server header (10.105.6.119/rs.mail.ru:80)
30/12/2011 12:28:16 (192.168.2.205) Could not send body to browser
30/12/2011 12:28:19 (81.19.85.116) Could not read server header (192.168.2.162/lenta.ru:80)
30/12/2011 12:28:23 (87.248.207.253) Could not read server header (192.168.6.209/cdn.eyewonder.com:80)
30/12/2011 12:28:24 (192.168.4.102) Could not send body to browser
30/12/2011 12:28:25 (94.100.187.167) Could not read server header (192.168.2.205/img.imgsmail.ru:80)
30/12/2011 12:28:26 (192.168.4.158) Could not send body to browser
30/12/2011 12:28:27 (81.19.85.116) Could not read server header (192.168.2.162/lenta.ru:80)
30/12/2011 12:28:27 (78.140.152.30) Could not read server header (10.105.6.138/im1-tub.com:80)
30/12/2011 12:28:28 (192.168.4.171) Could not send body to browser
30/12/2011 12:28:30 (192.168.6.217) Could not send body to browser
30/12/2011 12:28:30 (192.168.4.102) Could not send body to browser
30/12/2011 12:28:30 (10.105.6.86) Could not send body to browser
30/12/2011 12:28:30 (10.105.6.86) Could not send body to browser
30/12/2011 12:28:31 (192.168.2.205) Could not send body to browser
30/12/2011 12:28:35 (81.19.85.116) Could not read server header (192.168.2.162/lenta.ru:80)
30/12/2011 12:28:41 (192.168.4.171) Could not send body to browser
30/12/2011 12:28:41 (10.105.6.138) Could not send body to browser
30/12/2011 12:28:43 (192.168.6.217) Could not send body to browser
30/12/2011 12:28:43 (192.168.2.205) Could not send body to browser
30/12/2011 12:28:46 (192.168.14.29) Could not send body to browser
30/12/2011 12:28:51 (192.168.4.144) Could not send body to browser
30/12/2011 12:28:51 (192.168.2.205) Could not send body to browser
30/12/2011 12:28:51 (192.168.4.171) Could not send body to browser
30/12/2011 12:28:52 (192.168.6.217) Could not send body to browser
30/12/2011 12:28:55 (192.168.4.98) Could not send body to browser
30/12/2011 12:29:34 (10.105.6.140) Could not send body to browser
...

Page 1 of 1 All times are UTC + 2 hours [ DST ]
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/