OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • [SOLVED] Looking for help re squidclamav redirect problem
« previous next »
  • Print
Pages: [1]

Author Topic: [SOLVED] Looking for help re squidclamav redirect problem  (Read 2500 times)

cwynd

  • Newbie
  • *
  • Posts: 21
  • Karma: 4
    • View Profile
[SOLVED] Looking for help re squidclamav redirect problem
« on: April 11, 2017, 04:28:10 pm »
Hi All, I am trying to get squidclamav working with OPNsense 17.1. My problem is I cannot get the redirect to work for eicar test virus files. I have everything working fine for clean urls, and with squidclamav debug enabled I see it receiving and processing the request::
Code: [Select]
DEBUG initializing request data handler.
DEBUG processing preview header.
DEBUG X-Client-IP: 192.168.1.150
DEBUG method GET
DEBUG url http://no.viruses.here
DEBUG URL requested:  http://no.viruses.here

DEBUG Content-Length: -1
DEBUG No body data, allow 204
DEBUG Releasing request data.
DEBUG initializing request data handler.
DEBUG processing preview header.
DEBUG preview data size is 1024
DEBUG X-Client-IP: 192.168.1.150
DEBUG method GET
DEBUG url  http://no.viruses.here
DEBUG URL requested:  http://no.viruses.here

DEBUG Content-Length: 3699
DEBUG Content-Type: text/html
DEBUG End of method squidclamav_check_preview_handler
DEBUG ending request data handler.

Sending zINSTREAM command to clamd.
DEBUG Ok connected to clamd.
DEBUG: Scanning data now
DEBUG Write 3703 bytes on 3699 to socket
DEBUG received from Clamd: stream: OK
DEBUG Closing Clamd connection.
DEBUG Responding with allow 204

But for an eicar test virus url, it seems like the request get's released by squidclamav (if I am reading the below correctly), but a response is never received, and never forwarded to clamd for scanning, and no response or redirect ever goes back to the client browser, which eventually reports a '504 Gateway Error'. This is the complete squidclamav debug log:
Code: [Select]
DEBUG initializing request data handler.
DEBUG processing preview header.
DEBUG X-Client-IP: 192.168.1.150
DEBUG method GET
DEBUG url http://www.eicar.org/download/eicar.com
DEBUG URL requested: http://www.eicar.org/download/eicar.com
DEBUG Content-Length: -1
DEBUG No body data, allow 204
DEBUG Releasing request data.

I have duplicated this problem on two completely separate c-icap/squiidclamav/clamd setups now, most recently with latest c-icap (0.5.2) and squidclamav (6.16)  compiled from sources, so I'm sure it's something I am doing wrong. But after 3 days of poring over logs I cannot see it.

Any help or hints greatly appreciated!!

PS: clwarn.cgi is in the right place, and is visible to the client browser if I load it directly) According to the apache logs it never gets hit unless I load it explicitly.

PPS: This is all HTTP (no HTTPS...  yet)


Edit: Marked solved.
« Last Edit: April 11, 2017, 08:48:14 pm by cwynd »
Logged

cwynd

  • Newbie
  • *
  • Posts: 21
  • Karma: 4
    • View Profile
[SOLVED] Re: Looking for help re squidclamav redirect problem
« Reply #1 on: April 11, 2017, 08:46:57 pm »
ok figured it out. The problem was that suricata was blocking the eicar response before it even got to the proxy+squidclamav. Obvious with hindsight, but not at all in the heat of the moment. Once I unblocked that, everything works as intended. At least I understand ICAP protocol a little better from reading the RFP :)
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • [SOLVED] Looking for help re squidclamav redirect problem
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2