HTTP Anti-Virus Proxy :: View topic - Firefox and Eicar test, where is the problem ???

HTTP Anti-Virus Proxy http://havp.hege.li/forum/

Firefox and Eicar test, where is the problem ??? http://havp.hege.li/forum/viewtopic.php?f=3&t=90	Page 1 of 1

Author:	Syn_ack [ 14 May 2006 10:03 ]
Post subject:	Firefox and Eicar test, where is the problem ???
Hi, I use Firefox and it work very fine with HAVP and ClamAV like scanner. I have tried if it detect some virus on (http://testvirus.de/de/liste.html) and it work very fine and all virus are rightly detected. But if I try it on(www.eicar.org) it detect only the zipped file but not the .com and the .txt, firefox let me download them without any problem! If I try to make it with Internet Explorer HAVP identfy the virus in all types of file(.com, .txt, *.zip, ecc.). Where I wrong ?

Author:	hege [ 14 May 2006 11:13 ]
Post subject:
Are you sure your IE cache is cleaned? I can't think of another reason.. Cheers, Henrik

Author:	Guest [ 29 May 2006 17:56 ]
Post subject:
Same problem here, reproductible. havp detects virus and eicars (can see virus names in logfiles) but they still pass. Tested browser/os: mozilla/win32 => squid + havp parent: eicar and virus goes throught firefox/linux => squid + havp parent: eicar and virus goes throught IE/win32 => squid + havp parent: eicar and virus blocked If you switch havp and squid: it works mozilla/win32 => havp + squid parent: eicar and virus blocked firefox/linux => havp + squid parent: eicar and virus blocked IE/win32 => havp + squid parent: eicar and virus blocked. All caches are cleaned before testing, squid is running with no cache also (cache_dir null and so on).

Author:	hege [ 29 May 2006 20:11 ]
Post subject:
Can you try this version, perhaps it's because of a certain bug that slipped through in 0.79.. http://havp.hege.li/download/havp-0.80.tar.gz Cheers, Henrik

Author:	m33 [ 30 May 2006 10:46 ]
Post subject:
The issue is only with clam... I switched to f-prot (zero configuration changes except disabeling clamd en enabeling fprotd in havp.conf) and it works with all browsers. I'll try your 0.80 release soon. Bye, Mat.

Author:	m33 [ 30 May 2006 11:12 ]
Post subject:
Bug still there with 0.80 release.

Author:	hege [ 30 May 2006 11:17 ]
Post subject:
I can't reproduce it either way. Could you send me HAVP config, squid config/version and ClamAV version with PM or havp@hege.li. Then I might have better luck. Cheers, Henrik

Author:	m33 [ 31 May 2006 00:22 ]
Post subject:	Solved
Use latest stable squid and it works. It's not a havp bug /usr/local/squid/sbin/squid -v Squid Cache: Version 2.5.STABLE14 configure options: --prefix=/usr/local/squid --enable-async-io=128 --with-pthreads --with-aio --enable-storeio=ufs,aufs,diskd,null --enable-linux-netfilter --enable-removal-policies=lru,heap --enable-snmp --enable-delay-pools --enable-poll --enable-cache-digests --enable-underscores --enable-referer-log --enable-useragent-log --with-maxfd=15000 --with-large-files --enable-large-cache-files all browsers/all av engines (clam/f-prot tested) do works. Bye, Mat.

Author:	Paul Kosinski [ 03 Jun 2006 01:40 ]
Post subject:	Firefox and Eicar test, where is the problem ???
I tried it today with HAVP 0.79 and libclamav 0.88.2 -- no squid -- and recent daily.cvd and it blocked all the Eicar viruses over HTTP, as it did the day I installed HAVP (a few days ago). Perhaps your problem is the "clamav-like" scanner? (Or maybe your Firefox proxy config is funny?) P.S. I also have Privoxy between browsers and HAVP, but I doubt that matters.

Page 1 of 1	All times are UTC + 2 hours [ DST ]
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/