Messages

That does not answer the question if you are indeed seeing the signatures under "Services: ClamAV: Configuration -> Versions" and is the exact opposite of what the documentation states. You probably would have to download the signatures again after a reboot, not reboot the firewall after you did it.

What I meant was to restart squid after you made sure that you see the downloaded versions.

I did, it doesn't work.

Thank you!

[s]

Maybe a too obvious question to ask, but did you notice the the blue note here?

To be more specific: What signatures did you download that include the EICAR test signature? You can check under "Services: ClamAV: Configuration".

After I made sure that signatures were loaded, Squid was restarted after having applied all settings and specifically enabled inspecting SSL traffic as well (because the test file is on https://pkg.opnsense.org/test/eicar.com.txt), I got this (I used no transparent proxy, but explicit client settings and no additional web filters):

Yes I do. I restarted the firewall after I downloaded the signatures. 

I assume:

1. Your anti-virus is not running or installed correctly. Validate your setup and be sure CLamAV for example is running: https://docs.opnsense.org/manual/how-tos/clamav.html
2. You configured ICAP incorrectly. Maybe using the wrong port number or something like that.

I just checked and everything was fine, configuration are correct. But I was able to download EICAR file like normal?

Hi, both c-icap and clamd service are running, but when I execute netstat -n I can't see port 1344 or 3310 opened, on Linux I can see the process name in netstat but I can't do it on *BSD so it is impossible to know what the real ports they bind on. If the configuration is wrong, I assume the service won't start.

The country code was not belong to any real country in the world, but the certificate wizard forced the country code to Netherlands. I  have to choose a real country from the drop list, I don't want that, I want to input the country code manually.

Those subnets are not on the firewall Vlan.

Is there possible in the future to add the function?

Hi all, I want to use customized country code for the certificate but I can only choose from current countries for my imported self-signed certificates. Can we allow users to define their own country code for the certificates? Thank you

Hi all,
Can I setup IPS to make it only work for certain subnets behind a specific interface?
This is my setup diagram:
A L3 switch with vlan 10, 11, 12 connect to the LAN port on OPNsense. 
L3 switch IP address: 192.168.(10)(11)(12).1/24
LAN OPNsense address: 192.168.10.100/24
The L3 switch handles the east-west bound traffic, the OPNsense firewall handles the north-south bound traffic.
I want the IPS system on OPNsense only filter the north-south bound traffic(in and out) from 192.168.12.0/24 and 192.168.10.0/24 and ignore the 192.168.11.0/24 subnet.
Please tell me how to do that on OPNsense!
Thank you! 

Now I can't even start Squid service. Here's the error message:

Starting squid.
CPU Usage: 5.075 seconds = 4.996 user + 0.079 sys
Maximum Resident Size: 1308160 KB
Page faults with physical i/o: 0
2024/12/10 13:27:02| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2024/12/10 13:27:02| Starting Authentication on port 127.0.0.1:3128
2024/12/10 13:27:02| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
2024/12/10 13:27:02| Starting Authentication on port [::1]:3128
2024/12/10 13:27:02| Disabling Authentication on port [::1]:3128 (interception enabled)
2024/12/10 13:27:02| Starting Authentication on port 127.0.0.1:3129
2024/12/10 13:27:02| Disabling Authentication on port 127.0.0.1:3129 (interception enabled)
2024/12/10 13:27:02| Starting Authentication on port [::1]:3129
2024/12/10 13:27:02| Disabling Authentication on port [::1]:3129 (interception enabled)
2024/12/10 13:27:02| WARNING: empty ACL: acl bump_nobumpsites ssl::server_name "/usr/local/etc/squid/nobumpsites.acl"
2024/12/10 13:27:02| Starting Authentication on port 127.0.0.1:2121
2024/12/10 13:27:02| Disabling Authentication on port 127.0.0.1:2121 (interception enabled)
2024/12/10 13:27:02| Starting Authentication on port [::1]:2121
2024/12/10 13:27:02| Disabling Authentication on port [::1]:2121 (interception enabled)
2024/12/10 13:27:07| ERROR: '.ai-nude.adult' is a subdomain of '.adult'
2024/12/10 13:27:07| ERROR: You need to remove '.ai-nude.adult' from the ACL named 'remoteblacklist_ut1'
2024/12/10 13:27:07| Not currently OK to rewrite swap log.
2024/12/10 13:27:07| storeDirWriteCleanLogs: Operation aborted.
2024/12/10 13:27:07| FATAL: Bungled /usr/local/etc/squid/squid.conf line 72: acl remoteblacklist_ut1 dstdomain "/usr/local/etc/squid/acl/ut1"
2024/12/10 13:27:07| Squid Cache (Version 6.10): Terminated abnormally.
/usr/local/etc/rc.d/squid: WARNING: failed to start squid

Hi all,
I am setting up the antivirus by following this tutorial: https://docs.opnsense.org/manual/how-tos/proxyicapantivirusinternal.html
But after I setup everything, I can still download the EICAR test file from http and https like normal. How do I troubleshoot?
I am pretty sure the transparent proxy is working fine, because the webfilter was working normal, it blocks URLs that  should be blocked.
Thank you

Hi all,
I am following this tutorial to set up web filtering on my OPNsense instance: https://docs.opnsense.org/manual/how-tos/proxywebfilter.html
But UT1 blacklist is not showing any category after I successfully download and apply the list.
Please help!