OPNsense Forum

English Forums => Web Proxy Filtering and Caching => Topic started by: sjjh on December 21, 2019, 10:04:39 pm

Title: virus filtering (clamav, c-icap, web proxy) is not working
Post by: sjjh on December 21, 2019, 10:04:39 pm

Hi! Running OPNsense 19.7.8-amd64. I tried to set up virus filtering using clamav, c-icap and (transparent, both HTTP and HTTPS) web proxy following the how-to in the manual: https://docs.opnsense.org/manual/how-tos/proxyicapantivirusinternal.html (except transparent SSL proxy was confiured using SNI). Unfortunately, it doesn't work, I can download the eicar test virus. For config see screenshots below (I left out deactivated parts). Feel free to ask for any additional information if needed. I appreciate any help, what did I do wrong? Thanks in advance! Simon

Web Proxy
(http://www.muenster.de/~simonh/opnsense/antivirus/web_proxy_config_0.png)
(http://www.muenster.de/~simonh/opnsense/antivirus/web_proxy_config_1.png)
(http://www.muenster.de/~simonh/opnsense/antivirus/web_proxy_config_2.png)
(http://www.muenster.de/~simonh/opnsense/antivirus/web_proxy_config_3.png)
(http://www.muenster.de/~simonh/opnsense/antivirus/web_proxy_config_4.png)
(http://www.muenster.de/~simonh/opnsense/antivirus/web_proxy_config_5.png)

C-ICAP
(http://www.muenster.de/~simonh/opnsense/antivirus/c-icap_config_0.png)
(http://www.muenster.de/~simonh/opnsense/antivirus/c-icap_config_1.png)
(http://www.muenster.de/~simonh/opnsense/antivirus/c-icap_log.png)

clamAV
(http://www.muenster.de/~simonh/opnsense/antivirus/clamav_config_0.png)
(http://www.muenster.de/~simonh/opnsense/antivirus/clamav_config_1.png)
(http://www.muenster.de/~simonh/opnsense/antivirus/clamav_log_0.png)
(http://www.muenster.de/~simonh/opnsense/antivirus/clamav_log_1.png)

Title: Re: virus filtering (clamav, c-icap, web proxy) is not working
Post by: sjjh on January 21, 2020, 09:10:38 pm

Am I the only person using this feature? ;) Does nobody have an idea, what I did wrong?
Simon

Title: Re: virus filtering (clamav, c-icap, web proxy) is not working
Post by: fabian on January 21, 2020, 10:06:59 pm

Can you check if the proxy preview settings  in the ICAP server are matching your ICAP server settings?

Title: Re: virus filtering (clamav, c-icap, web proxy) is not working
Post by: sjjh on January 21, 2020, 10:23:37 pm

Quote from: fabian on January 21, 2020, 10:06:59 pm

Can you check if the proxy preview settings  in the ICAP server are matching your ICAP server settings?

Thanks for your reply. I'm sorry, but I don't understand which settings I shall compare. :-/ Could you please elaborate. :) thx!

Under (translated from German) Services -> Web-Proxy -> Maintenance -> Forwarding proxy I do find the settings
activate preview -> checked
preview size -> 1024
Under Services -> C-ICAP -> configuration I cannot find any preview settings.

Title: Re: virus filtering (clamav, c-icap, web proxy) is not working
Post by: fabian on January 21, 2020, 10:43:58 pm

A preview in ICAP are the first xxxx bits of a response which the client (squid) sends to the service (avscan module of C-ICAP). If the module supports previews as well, it can increase the performance when you do not need to pipe the whole file through the ICAP server so the server can respond with a special response (204) which means that the file can be directly streamed to the requester.

Title: Re: virus filtering (clamav, c-icap, web proxy) is not working
Post by: sjjh on January 21, 2020, 11:48:51 pm

Sorry for being too unspecific. I believe I do understand the preview feature.
I was just wondering which settings should I compare? Which config parameter and value of the C-ICAP settings need to match witch parameter/value of the proxy settings?
Could you point that out to me once again (e.g. value of field X in I-CAP settings must be equal of value in field Y in forwarding proxy settings)? Sorry for not getting it...