- Squid+Squidclamav+Clamav
+ Responder ao Tópico
-
Squid+Squidclamav+Clamav
Pessoal aparentemente esta combinação está funcionando. Aparentemente, pq nos logs do squidclamav, quando efetuo um download de extensões listadas no regexi, como por exemplo:
regexi ^.*\.exe$
é informado o seguinte erro:
regex matched: http://www.trellian.com/bin/mwolf105pt.exe
Thu Jul 19 12:26:20 2007 [2063] DEBUG Getting header for url http://www.trellian.com/bin/mwolf105pt.exe
Thu Jul 19 12:26:20 2007 [2063] DEBUG File size is 1655051.00
Thu Jul 19 12:26:20 2007 [2063] DEBUG Sending STREAM to clamd.
Thu Jul 19 12:26:20 2007 [2063] DEBUG Received port 2036 from clamd.
Thu Jul 19 12:26:20 2007 [2063] DEBUG Trying to connect to clamd [port: 2036].
Thu Jul 19 12:27:10 2007 [2049] ERROR fail downloading url http://www3.trellian.com/bin/mwolf105pt.exe
Thu Jul 19 12:27:10 2007 [2049] ERROR CURLOPT_ERRORBUFFER: Operation timed out with 0 out of -1 bytes received
Thu Jul 19 12:27:10 2007 [2049] DEBUG Connection to clamd on port: 1396 closed.
-
E aí pessoal... qq ajuda é bem vinda (rs rs)
Grande abraço a todos!
mtec
-
Pessoal continuo com o problema...
Segue novamente logs de novos testes:
File size is 121.00
Fri Jul 20 08:30:08 2007 [10705] DEBUG Sending STREAM to clamd.
Fri Jul 20 08:30:08 2007 [10705] DEBUG Received port 1393 from clamd.
Fri Jul 20 08:30:08 2007 [10705] DEBUG Trying to connect to clamd [port: 1393].
Fri Jul 20 08:30:08 2007 [10705] ERROR fail downloading url http://download.softpedia.com/dl/cdb..._1_2_setup.exe
Fri Jul 20 08:30:08 2007 [10705] ERROR CURLOPT_ERRORBUFFER: couldn't connect to host
Fri Jul 20 08:30:08 2007 [10705] DEBUG Connection to clamd on port: 1393 closed.
Alguem já teve experiência parecida??
Att,
mtec
-
re:
Seu firewall está com politica restritiva, altere a politica para ACCEPT e faça um teste, me parece que o squidclamav não está conseguindo conectar com o clamav.
estou com um problema parecido, já fiz funcionar via arquivo sock, com politica ACCEPT, tb fiz funcionar via lo porta 3310, mas tb com politica de firewall ACCEPT.
o squidclamav usa uma porta qualquer para estabelecer conexão com o clamd e ai qdo ponho politica drop ele para.
Fri Jul 6 21:48:59 2007 [5601] DEBUG regex matched: http://www.mcmilk.de/projects/squidw.../eicarcom2.zip
Fri Jul 6 21:48:59 2007 [5601] DEBUG Getting header for url http://www.mcmilk.de/projects/squidw.../eicarcom2.zip
Fri Jul 6 21:48:59 2007 [5601] DEBUG File size is 308.00
Fri Jul 6 21:48:59 2007 [5601] DEBUG Sending STREAM to clamd.
Fri Jul 6 21:48:59 2007 [5601] DEBUG Received port 1523 from clamd.
Fri Jul 6 21:48:59 2007 [5601] DEBUG Trying to connect to clamd [port: 1523].
Fri Jul 6 21:52:08 2007 [5601] ERROR Can't connect to clamd [port: 1523].
Fri Jul 6 21:54:43 2007 [5601] DEBUG Request:http://www.mcmilk.de/projects/squidw.../eicarcom2.zip 192.168.2.7/- - GET
Segue as configurações para
squidclamav.conf
proxy http://127.0.0.1:3128
logfile /var/log/squidclamav.log
redirect http://127.0.0.1/cgi-bin/clwarn.cgi
# squidguard /usr/local/squidGuard/bin/squidGuard
debug 1
force 1
stat 1
#clamd_local /var/run/clamav/clamd.ctl
clamd_ip 127.0.0.1
clamd_port 3310 (agora estou usando pelo ip e porta, caso
timeout 60 queira comente estas e descomente clamd_local)
regexi ^.*\.exe$
regexi ^.*\.com$
regexi ^.*\.zip$
regexi ^.*\.bz2$
abort ^.*\/cgi-bin\/.*$
abort ^.*\..gz$
abort ^.*\..pdf$
abort ^.*\..html$
abort ^.*\..htm$
abort ^.*\..css$
abort ^.*\..xml$
abort ^.*\..xsl$
abort ^.*\..js$
abort ^.*\..ico$
aborti ^.*\..gif$
aborti ^.*\..png$
aborti ^.*\..jpg$
aborti ^.*\..tif$
aborti ^.*\..swf$
no clamd.conf
#LocalSocket /var/run/clamav/clamd.ctl
TCPSocket 3310 (tem que utilizar a mesma conf utilizada em
TCPAddr 127.0.0.1 squidclamav.conf)
FixStaleSocket true
User clamav
segue o log dele funcionando:
Fri Jul 6 21:54:43 2007 [5601] DEBUG regex matched: http://www.mcmilk.de/projects/squidw.../eicarcom2.zip
Fri Jul 6 21:54:43 2007 [5601] DEBUG Getting header for url http://www.mcmilk.de/projects/squidw.../eicarcom2.zip
Fri Jul 6 21:54:43 2007 [5601] DEBUG File size is 308.00
Fri Jul 6 21:54:43 2007 [5601] DEBUG Sending STREAM to clamd.
Fri Jul 6 21:54:43 2007 [5601] DEBUG Received port 1936 from clamd.
Fri Jul 6 21:54:43 2007 [5601] DEBUG Trying to connect to clamd [port: 1936].
Fri Jul 6 21:54:49 2007 [5601] DEBUG Scanning data received against clamd stream
Fri Jul 6 21:54:49 2007 [5601] DEBUG Sending data to clamd
Fri Jul 6 21:54:49 2007 [5601] DEBUG Write 308 bytes on 308 to socket
Fri Jul 6 21:54:49 2007 [5601] DEBUG Connection to clamd on port: 1936 closed.
Fri Jul 6 21:54:49 2007 [5601] DEBUG Reading clamd scan result.
Fri Jul 6 21:54:49 2007 [5601] DEBUG received from Clamd: stream: Eicar-Test-Signature FOUND
Fri Jul 6 21:54:49 2007 [5601] LOG Redirecting URL to: http://127.0.0.1/cgi-bin/clwarn.cgi?...&virus=stream: Eicar-Test-Signature FOUND
Fri Jul 6 21:54:49 2007 [5601] DEBUG End reading clamd scan result.
Fri Jul 6 21:54:49 2007 [5601] STAT Virus Scanning process time 1183769689.277 second(s)
Fri Jul 6 21:54:49 2007 [5601] DEBUG Virus found send redirection to Squid.
Fri Jul 6 21:54:49 2007 [5601] STAT Total process time 1183769689.277 second(s)
Espero ter ajudado.
att,
Marcelo B. De zan