Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
[SOLVED] c-icap, clamav & size limit
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] c-icap, clamav & size limit (Read 7701 times)
Waschbuesch
Newbie
Posts: 27
Karma: 4
[SOLVED] c-icap, clamav & size limit
«
on:
September 19, 2017, 11:52:46 pm »
Hi there,
Just saw the following on my firewall at home (OPNsense 17.7.3-amd64):
I have enabled c-icap, clamav and transparent squid (for SSL too) like detailed in the online manual.
What happened is that a large download (XCode update on my Mac) was not bypassed but written to /var/tmp/CI_TMP_XXXX and filled up the disk completely. (the download in question is >5G in size).
Should the configured size-limits for both c-icap and clamav not prevent this sort of thing?
«
Last Edit: September 27, 2017, 03:14:14 pm by franco
»
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: c-icap, clamav & size limit
«
Reply #1 on:
September 20, 2017, 06:09:00 am »
Do you have some additional errors in your logs you can provide?
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: c-icap, clamav & size limit
«
Reply #2 on:
September 20, 2017, 10:20:06 am »
I think I found the bug:
https://github.com/opnsense/plugins/blob/master/www/c-icap/src/opnsense/service/templates/OPNsense/CICAP/virus_scan.conf#L22
There's a typo so this value wont be set, I'll fix this!
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: c-icap, clamav & size limit
«
Reply #3 on:
September 20, 2017, 10:31:28 am »
Commit:
https://github.com/opnsense/plugins/commit/90deaa6
Patch:
# opnsense-patch -c plugins 90deaa6
Logged
Waschbuesch
Newbie
Posts: 27
Karma: 4
Re: c-icap, clamav & size limit
«
Reply #4 on:
September 27, 2017, 03:05:45 pm »
Wow, that was quick.
Thanks everyone!
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: [SOLVED] c-icap, clamav & size limit
«
Reply #5 on:
September 27, 2017, 03:14:53 pm »
All shipped in 17.7.4, yes.
Cheers,
Franco
Logged
Stephan
Jr. Member
Posts: 60
Karma: 3
Re: [SOLVED] c-icap, clamav & size limit
«
Reply #6 on:
October 03, 2017, 04:55:59 pm »
Hi,
I think we need to reopen this... just ran into the same issue - testfile download of 10gb and it was stored locally to /var/tmp/CI_TMPxxx... though the max file size was set to 5mb in cicap
any help appreciated!
Cheers, Stephan
Edit:
Tue Oct 3 16:56:59 2017, 37144/3376520192, Cannot write to file: No space left on device
«
Last Edit: October 03, 2017, 04:59:57 pm by Stephan
»
Logged
Stephan
Jr. Member
Posts: 60
Karma: 3
Re: [SOLVED] c-icap, clamav & size limit
«
Reply #7 on:
October 03, 2017, 06:20:33 pm »
Ok, after some diggin I found this in the
/usr/local/etc/c-icap/virus_scan.conf
Code:
[Select]
ServiceAlias avscan virus_scan?allow204=on&sizelimit=off&mode=simple
According to
http://c-icap.sourceforge.net/install.html
sizelimit=off means:
sizelimit=off to ignore srv_clamav.MaxObjectSize directive in c-icap.conf file
...
Is this the Problem?
Cheers, Stephan
EDIT: Just tested it by removing &sizelimit=off and the big file download started correctly by the browser (used
http://speed.hetzner.de/
)
«
Last Edit: October 03, 2017, 06:33:26 pm by Stephan
»
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: [SOLVED] c-icap, clamav & size limit
«
Reply #8 on:
October 04, 2017, 06:51:15 pm »
Ok, 17.7.5 this time...
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
[SOLVED] c-icap, clamav & size limit