Author Topic: [SOLVED] C-icap seems to be inoperable in 17.7.5 (Read 1970 times)

Tigger · « **on:** October 17, 2017, 09:40:27 pm »

Installed 2 opn 17.7.5 boxes in HA config. The problem came up when i tried to attach ClamAV to Squid. Well, i installed Web Proxy, C-icap and ClamAV plugins, enabled c-icap, told Squid to use c-icap... And got an error:

------------------------------------------------------------------------
The following error was encountered while trying to retrieve the URL: http://www.ya.ru/

ICAP protocol error.

The system returned: [No Error]

This means that some aspect of the ICAP communication failed.

Some possible problems are:

•The ICAP server is not reachable.

•An Illegal response was received from the ICAP server.
------------------------------------------------------------------------

Well, i entered the OPN console, launched netstat... And, as i thought, there was nobody listening at icap port. The web GUI is showing the c-icap service running though, that is strange.

What should i do to get the thing running ?

mimugmail · « **Reply #1 on:** October 17, 2017, 09:43:08 pm »

Please check the logfiles in /var/log/c-icap ... have you tried without HA?

Tigger · « **Reply #2 on:** October 17, 2017, 10:39:34 pm »

Server.log:

Tue Oct 17 22:00:10 2017, main proc, Possibly a term signal received. Monitor process going to term all children
Tue Oct 17 22:00:12 2017, main proc, Error converting ipv6 address to the network byte order
Tue Oct 17 22:00:12 2017, main proc, WARNING! Error binding to an ipv6 address. Trying ipv4...
Tue Oct 17 22:00:13 2017, 14669/348217344, recomputing istag ...
Tue Oct 17 22:00:13 2017, 15001/348217344, recomputing istag ...
Tue Oct 17 22:00:13 2017, 15222/348217344, recomputing istag ...
Tue Oct 17 22:05:53 2017, main proc, Possibly a term signal received. Monitor process going to term all children
Tue Oct 17 22:10:14 2017, main proc, Error converting ipv6 address to the network byte order
Tue Oct 17 22:10:14 2017, main proc, WARNING! Error binding to an ipv6 address. Trying ipv4...
Tue Oct 17 22:10:49 2017, 68377/687955968, recomputing istag ...
Tue Oct 17 22:10:49 2017, 68409/687955968, recomputing istag ...
Tue Oct 17 22:10:49 2017, 68251/687955968, recomputing istag ...

Access.log:

17/Oct/2017:22:00:55 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:04:55 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:16:28 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:20:44 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:23:44 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:26:44 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:29:44 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:33:49 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:36:49 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:40:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:44:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:48:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:52:47 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:55:47 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:00:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:04:47 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:10:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:15:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:20:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:25:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:30:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:33:55 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:36:55 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404

mimugmail · « **Reply #3 on:** October 18, 2017, 06:16:56 am »

Can you post pictures from the two c-icap tabs and clamav?
What's the ICAP URL in Web Proxy?

Tigger · « **Reply #4 on:** October 18, 2017, 02:49:28 pm »

Here they are:

fabian · « **Reply #5 on:** October 18, 2017, 05:05:22 pm »

the service of clamav is "avscan" - not respmod/reqmod - please correct the URL.

Tigger · « **Reply #6 on:** October 18, 2017, 05:27:21 pm »

Request and response string is now "icap://127.0.0.1:1344/avscan/".

access.log:
--------------------------------------------------------
18/Oct/2017:18:21:48 +0300, 127.0.0.1 127.0.0.1 OPTIONS avscan/ 404
18/Oct/2017:18:24:29 +0300, 127.0.0.1 127.0.0.1 OPTIONS avscan/ 404
--------------------------------------------------------

Looks like it is still not working.

mimugmail · « **Reply #7 on:** October 18, 2017, 06:21:25 pm »

Remove the last slash

Tigger · « **Reply #8 on:** October 18, 2017, 08:26:19 pm »

Looks like this does the trick.

Also, while i was waiting for the answer, i looked into c-icap configs and found string "virus_scan?allow204=on&mode=simple", that also worked.

Author Topic: [SOLVED] C-icap seems to be inoperable in 17.7.5 (Read 1970 times)

Tigger

[SOLVED] C-icap seems to be inoperable in 17.7.5

mimugmail

Re: C-icap seems to be inoperable in 17.7.5

Tigger

Re: C-icap seems to be inoperable in 17.7.5

mimugmail

Re: C-icap seems to be inoperable in 17.7.5

Tigger

Re: C-icap seems to be inoperable in 17.7.5

fabian

Re: C-icap seems to be inoperable in 17.7.5

Tigger

Re: C-icap seems to be inoperable in 17.7.5

mimugmail

Re: C-icap seems to be inoperable in 17.7.5

Tigger

Re: C-icap seems to be inoperable in 17.7.5