Hi there,
Just saw the following on my firewall at home (OPNsense 17.7.3-amd64):
I have enabled c-icap, clamav and transparent squid (for SSL too) like detailed in the online manual.
What happened is that a large download (XCode update on my Mac) was not bypassed but written to /var/tmp/CI_TMP_XXXX and filled up the disk completely. (the download in question is >5G in size).
Should the configured size-limits for both c-icap and clamav not prevent this sort of thing?
Do you have some additional errors in your logs you can provide?
I think I found the bug:
https://github.com/opnsense/plugins/blob/master/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/virus_scan.conf#L22
There's a typo so this value wont be set, I'll fix this!
Commit: https://github.com/opnsense/plugins/commit/90deaa6
Patch:
# opnsense-patch -c plugins 90deaa6
Wow, that was quick.
Thanks everyone!
:)
All shipped in 17.7.4, yes. 8)
Cheers,
Franco
Hi,
I think we need to reopen this... just ran into the same issue - testfile download of 10gb and it was stored locally to /var/tmp/CI_TMPxxx... though the max file size was set to 5mb in cicap
any help appreciated!
Cheers, Stephan
Edit:
Tue Oct 3 16:56:59 2017, 37144/3376520192, Cannot write to file: No space left on device
Ok, after some diggin I found this in the /usr/local/etc/c-icap/virus_scan.conf
ServiceAlias avscan virus_scan?allow204=on&sizelimit=off&mode=simple
According to http://c-icap.sourceforge.net/install.html
(http://c-icap.sourceforge.net/install.html) sizelimit=off means:
sizelimit=off to ignore srv_clamav.MaxObjectSize directive in c-icap.conf file
...
Is this the Problem?
Cheers, Stephan
EDIT: Just tested it by removing &sizelimit=off and the big file download started correctly by the browser (used http://speed.hetzner.de/ (http://speed.hetzner.de/) )
Ok, 17.7.5 this time... :)