HTTP Anti-Virus Proxy http://havp.hege.li/forum/ |
|
Firefox and Eicar test, where is the problem ??? http://havp.hege.li/forum/viewtopic.php?f=3&t=90 |
Page 1 of 1 |
Author: | Syn_ack [ 14 May 2006 10:03 ] |
Post subject: | Firefox and Eicar test, where is the problem ??? |
Hi, I use Firefox and it work very fine with HAVP and ClamAV like scanner. I have tried if it detect some virus on (http://testvirus.de/de/liste.html) and it work very fine and all virus are rightly detected. But if I try it on(www.eicar.org) it detect only the zipped file but not the *.com and the *.txt, firefox let me download them without any problem! If I try to make it with Internet Explorer HAVP identfy the virus in all types of file(*.com, *.txt, *.zip, ecc.). Where I wrong ? |
Author: | hege [ 14 May 2006 11:13 ] |
Post subject: | |
Are you sure your IE cache is cleaned? I can't think of another reason.. Cheers, Henrik |
Author: | Guest [ 29 May 2006 17:56 ] |
Post subject: | |
Same problem here, reproductible. havp detects virus and eicars (can see virus names in logfiles) but they still pass. Tested browser/os: mozilla/win32 => squid + havp parent: eicar and virus goes throught firefox/linux => squid + havp parent: eicar and virus goes throught IE/win32 => squid + havp parent: eicar and virus blocked If you switch havp and squid: it works mozilla/win32 => havp + squid parent: eicar and virus blocked firefox/linux => havp + squid parent: eicar and virus blocked IE/win32 => havp + squid parent: eicar and virus blocked. All caches are cleaned before testing, squid is running with no cache also (cache_dir null and so on). |
Author: | hege [ 29 May 2006 20:11 ] |
Post subject: | |
Can you try this version, perhaps it's because of a certain bug that slipped through in 0.79.. http://havp.hege.li/download/havp-0.80.tar.gz Cheers, Henrik |
Author: | m33 [ 30 May 2006 10:46 ] |
Post subject: | |
The issue is only with clam... I switched to f-prot (zero configuration changes except disabeling clamd en enabeling fprotd in havp.conf) and it works with all browsers. I'll try your 0.80 release soon. Bye, Mat. |
Author: | m33 [ 30 May 2006 11:12 ] |
Post subject: | |
Bug still there with 0.80 release. |
Author: | hege [ 30 May 2006 11:17 ] |
Post subject: | |
I can't reproduce it either way. Could you send me HAVP config, squid config/version and ClamAV version with PM or havp@hege.li. Then I might have better luck. Cheers, Henrik |
Author: | m33 [ 31 May 2006 00:22 ] |
Post subject: | Solved |
Use latest stable squid and it works. It's not a havp bug /usr/local/squid/sbin/squid -v Squid Cache: Version 2.5.STABLE14 configure options: --prefix=/usr/local/squid --enable-async-io=128 --with-pthreads --with-aio --enable-storeio=ufs,aufs,diskd,null --enable-linux-netfilter --enable-removal-policies=lru,heap --enable-snmp --enable-delay-pools --enable-poll --enable-cache-digests --enable-underscores --enable-referer-log --enable-useragent-log --with-maxfd=15000 --with-large-files --enable-large-cache-files all browsers/all av engines (clam/f-prot tested) do works. Bye, Mat. |
Author: | Paul Kosinski [ 03 Jun 2006 01:40 ] |
Post subject: | Firefox and Eicar test, where is the problem ??? |
I tried it today with HAVP 0.79 and libclamav 0.88.2 -- no squid -- and recent daily.cvd and it blocked all the Eicar viruses over HTTP, as it did the day I installed HAVP (a few days ago). Perhaps your problem is the "clamav-like" scanner? (Or maybe your Firefox proxy config is funny?) P.S. I also have Privoxy between browsers and HAVP, but I doubt that matters. |
Page 1 of 1 | All times are UTC + 2 hours [ DST ] |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |