Messages

Ok I narrowed down the problem to Intrusion Detection set to enabled. When I disabled the service everything started working fine.

2017-10-10T07:52:47.754432+0200   blocked   213.211.198.62 OPNsense test eicar virus
It's on port 80 and it's dropping all communication.

Can I make it display alert ?

edit. I disabled Intrusion Detection, downloaded rule sets, enabled service again and it's working fine now. The eicar virus test is working. Seems like something went wrong with initial config.

This log doesn't say anything about the failed connections.
In access log I get:
For blocked:
192.168.100.2 TCP_MISS/403 839 GET http://rexswain.com/eicar2.zip - ORIGINAL_DST/206.130.113.68 text/html

For the one that doesn't get loaded even
192.168.100.2 TCP_MISS_ABORTED/000 0 GET http://rexswain.com/eicar.zip - ORIGINAL_DST/206.130.113.68 -

I just did that and the problem remains, no idea what it is. I'll try to check all the options again

I'm lost
https://support.kaspersky.com/downloads/eicar/eicar.zip BLOCKED AND MESSAGE DISPLAYED
https://secure.eicar.org/eicar.com.txt BLOCKED AND MESSAGE DISPLAYED
http://rexswain.com/eicar.html first com and zip GETS forever loading, last eicar2.zip BLOCKED AND MESSAGE DISPLAYED

no idea what is going on. Could you check if you get same results ? :)

Ok, I noticed how it works. For some reason the message is displayed:
HTTPS: YES
HTTP: nothing is going on besides firefox trying to load a page (forever)

Ok, I'm clueless. http://rexswain.com/eicar.html
First zip gets forever loading
the second one gets blocked
:)

I'm testing it on firefox version 56. I noticed it's always on when i donwnload txt, while weird stuff happenening when its zipped.

Hello,
I've managed to setup a proxy with virus check. When I do Eicar test, I get:

VIRUS FOUND
You tried to upload/download a file that contains the virus: Eicar-Test-Signature
The Http location is: https://secure.eicar.org/eicar.com.txt

For more information contact your system administrator

This message generated by C-ICAP service: avscan?allow204=on&mode=simple
Antivirus engine: clamd-0992/23911

Which is fine. I was wondering though, whether once blocked address is stored somewhere. Because when I try to enter it again, I do not get warning about the virus. The webpage simply doesn't load. Is that normal behaviour or something is missing ?

Thanks

There is an option under Web Proxy -> Forward Proxy -> Access control Lists to Specify Unrestricted IP addresses

well, after all, it turned out the problem is that I'm an idiot.
Thank you for help.

Whole day clicking to turn out I didn't press ENTER after adding IP hence the config didn't save. I thought it was a problem because I didnt add destination address.

Now it's working lol

Yes, I have tried that. It only works on DESTINATION IPs.
I'm trying to bypass proxy base on LAN IPs
My current configuration on Dansguardian is that I specify adresses whichi bypass squid/dansguardian, so they do not get stuck on web filtering (for instalnce my address).
I just cant find that option in OPNsense

Example my LAN ip is 192.168.0.5. I do not want it to go through proxy

Hello,
I've been looking for option to bypass proxy for certain LAN IP's. However I cannot find this option anywhere. Is it missing ?
I would like all LAN to pass through Proxy and let few LAN IP's bypass it completely (for admins)
Thanks
JK