"
Hi,
I have been trying to resolve why the setup isn't working (all latest on versions).
I am receiving two pid segs but I think this a know issue and not part of this problem?
squid 2025/02/24 22:40:12| Set Current Directory to /var/squid/cache
Segmentation fault
When I request a known eicar via web or below command, it passes through.
I pulled it down eicar locally and checked with -f vs -req.
c-icap_client detects signature but when I use a the http request, it passes as nothing found.
Thoughts, what am I missing?
see below:
c-icap-client -s avscan -f eicar.com.txt -v
ICAP server:localhost, ip:::1, port:1344
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>MALWARE FOUND</title>
.....
ICAP HEADERS:
ICAP/1.0 200 OK
Server: C-ICAP/0.6.3
Connection: keep-alive
ISTag: "CI0001-r79KkQ7h+M5vZJKo2DBG+AAA"
X-Infection-Found: Type=0; Resolution=2; Threat=winnow.malware.test.eicar.com.UNOFFICIAL;
X-Violations-Found: 1
-
winnow.malware.test.eicar.com.UNOFFICIAL
0
0
Encapsulated: res-hdr=0, res-body=174
RESPMOD HEADERS:
HTTP/1.0 403 Forbidden
Server: C-ICAP
Connection: close
Content-Type: text/html
Content-Language: en
Via: ICAP/1.0 (C-ICAP/0.6.3 Antivirus service )
works.
c-icap-client -s avscan -req "http://pkg.opnsense.org/test/eicar.com.txt" -v
ICAP server:localhost, ip:::1, port:1344
No modification needed (Allow 204 response)
ICAP HEADERS:
ICAP/1.0 204 No Content
Server: C-ICAP/0.6.3
Connection: keep-alive
ISTag: "CI0001-r79KkQ7h+M5vZJKo2DBG+AAA"
REQMOD HEADERS:
GET http://pkg.opnsense.org/test/eicar.com.txt HTTP/1.0
Date: Tue, 25 Feb 2025 05:54:29 GMT
User-Agent: C-ICAP-Client/x.xx
does not detect.
Thank you for your help!
I have been trying to resolve why the setup isn't working (all latest on versions).
I am receiving two pid segs but I think this a know issue and not part of this problem?
squid 2025/02/24 22:40:12| Set Current Directory to /var/squid/cache
Segmentation fault
When I request a known eicar via web or below command, it passes through.
I pulled it down eicar locally and checked with -f vs -req.
c-icap_client detects signature but when I use a the http request, it passes as nothing found.
Thoughts, what am I missing?
see below:
c-icap-client -s avscan -f eicar.com.txt -v
ICAP server:localhost, ip:::1, port:1344
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>MALWARE FOUND</title>
.....
ICAP HEADERS:
ICAP/1.0 200 OK
Server: C-ICAP/0.6.3
Connection: keep-alive
ISTag: "CI0001-r79KkQ7h+M5vZJKo2DBG+AAA"
X-Infection-Found: Type=0; Resolution=2; Threat=winnow.malware.test.eicar.com.UNOFFICIAL;
X-Violations-Found: 1
-
winnow.malware.test.eicar.com.UNOFFICIAL
0
0
Encapsulated: res-hdr=0, res-body=174
RESPMOD HEADERS:
HTTP/1.0 403 Forbidden
Server: C-ICAP
Connection: close
Content-Type: text/html
Content-Language: en
Via: ICAP/1.0 (C-ICAP/0.6.3 Antivirus service )
works.
c-icap-client -s avscan -req "http://pkg.opnsense.org/test/eicar.com.txt" -v
ICAP server:localhost, ip:::1, port:1344
No modification needed (Allow 204 response)
ICAP HEADERS:
ICAP/1.0 204 No Content
Server: C-ICAP/0.6.3
Connection: keep-alive
ISTag: "CI0001-r79KkQ7h+M5vZJKo2DBG+AAA"
REQMOD HEADERS:
GET http://pkg.opnsense.org/test/eicar.com.txt HTTP/1.0
Date: Tue, 25 Feb 2025 05:54:29 GMT
User-Agent: C-ICAP-Client/x.xx
does not detect.
Thank you for your help!
