Pfsense icap protocol error

Hi There I'm running pfSense since very long time, and now the subjected issue started since a month. I've tried multiple options, but no luck, the following is my configuration: pfSense Version 2.3.4-RELEASE-p1 Intel Core i5 - 3 GHz 4 GB RAM (and it's no...

This topic has been deleted. Only users with topic management privileges can see it.

  • Hi There
    I’m running pfSense since very long time, and now the subjected issue started since a month.

    I’ve tried multiple options, but no luck, the following is my configuration:

    pfSense Version 2.3.4-RELEASE-p1
    Intel Core i5 — 3 GHz
    4 GB RAM (and it’s not even crossing 50%)
    500 GB HDD

    Squid 0.4.37 with C-ICAP and CalmAV enabled

    • Transparent Proxy (only on HTTP)
    • No Remote Cache

    Kindly help me in this regard.
    Thanx in Advance.

  • Same problem here, the issue started since a month as well.

    Nothing to find in the logs, it just happens at random times.

    2.3.4-RELEASE-p1 (amd64)
    built on Fri Jul 14 14:52:43 CDT 2017
    FreeBSD 10.3-RELEASE-p19

    Squid Version 3.5.26, ClamAV 0.99.2_3, C-ICAP 0.4.4,2 +  SquidClamav 6.16

    2x Intel(R) Xeon(R) CPU X5570 @ 2.93GHz
    32 GB ECC RAM
    600 GB HDD Raid 10

    Temporary workaround is to set bypass=on, so at least the users don’t get annoyed by the «ICAP Protocol Error» message.

  • Same here, randomly happened to me tonight.  Updating SquidAV seemed to have resolved the issue.  From some quick Googling, it looks like a number of people have experienced this issue but there isn’t a real solution nor a reason why this occurs.

  • Here’s a «me too».

    However, I can sort of duplicate the problem or pinpoint at least one cause of it. I recently changed the proxy configuration of our email security gateway from our previous proxy to squid on PfSense, and since then the issue happens at least every second day, and apparently when the email gateway updates it’s AV definition files via the proxy.

    Interestingly, restarting clamav or ICAP doesn’t help solving the issue, the only way to get it up again is to restart squid as a whole.

  • @ccdmas:

    and apparently when the email gateway updates it’s AV definition files via the proxy.

    Ugh. You should NOT download antivirus defs via the proxy with ClamAV in the first place. It will trigger false positives and cause other issues.

  • Quite seriously: You need to see more of the real world out there. LOading AV defs through a http proxy is absolutely normal every day business everywhere. Are you saying to die until restart is acceptable behaviour? ::)

  • I also have the same issue, where do you turn on ByPass?

  • Same issue here, squid at random times can no longer connect to ICAP. Any ideas what could it be?

  • Same here, re-appearing in 2.4.3-RELEASE-p1 on a Netgate SG-3100. Looks to me too high i/o(???)

    • PFSense installed on ‘thrid party’ pc hardware works normally.
    • Restarting ClamAV works for some hours and then protocol errors appear again.
    • Updating ClamAV once a day lowered to once a week -> no difference
    • Bypassing will prevent this ICAP protocol error but is not really a solution.

    Thanks,
    Imp

Server.log:

Tue Oct 17 22:00:10 2017, main proc, Possibly a term signal received. Monitor process going to term all children
Tue Oct 17 22:00:12 2017, main proc, Error converting ipv6 address to the network byte order
Tue Oct 17 22:00:12 2017, main proc, WARNING! Error binding to an ipv6 address. Trying ipv4…
Tue Oct 17 22:00:13 2017, 14669/348217344, recomputing istag …
Tue Oct 17 22:00:13 2017, 15001/348217344, recomputing istag …
Tue Oct 17 22:00:13 2017, 15222/348217344, recomputing istag …
Tue Oct 17 22:05:53 2017, main proc, Possibly a term signal received. Monitor process going to term all children
Tue Oct 17 22:10:14 2017, main proc, Error converting ipv6 address to the network byte order
Tue Oct 17 22:10:14 2017, main proc, WARNING! Error binding to an ipv6 address. Trying ipv4…
Tue Oct 17 22:10:49 2017, 68377/687955968, recomputing istag …
Tue Oct 17 22:10:49 2017, 68409/687955968, recomputing istag …
Tue Oct 17 22:10:49 2017, 68251/687955968, recomputing istag …

Access.log:

17/Oct/2017:22:00:55 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:04:55 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:16:28 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:20:44 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:23:44 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:26:44 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:29:44 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:33:49 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:36:49 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:40:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:44:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:48:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:52:47 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:55:47 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:00:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:04:47 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:10:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:15:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:20:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:25:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:30:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:33:55 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:36:55 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404

brig77
Новичок

Зарегистрирован: 11.12.2006
Пользователь #: 48,071
Сообщения: 23

Источник

squid+drweb icapd отваливается

#1 parel77

  • Posters
  • 111 Сообщений:
  • Имеется squid 3.1 + drweb icapd

    Все крутиться на одном хосте

    Запускаю , некотрое время все работает хорошо , но спустя вообще отваливается drweb-icapd и с ошибками в логе messages

    Oct 1 12:03:01 proxy drweb-icapd [20657]: INFO Start Dr.Web ® icapd ver 6.0.2.2
    Oct 1 12:34:51 proxy drweb-icapd [20657]: INFO Received SIGHUP signal
    Oct 1 12:34:53 proxy drweb-icapd [20657]: INFO Connected to unix socket: unix(«/var/drweb/run/.daemon»)
    Oct 1 12:44:23 proxy drweb-icapd [20657]: ERROR pselect: Нет дочерних процессов

    и squid вообще уже не работает и появляется ошибка icap сервер недоступен

    С саппортом общался , но так и не смогли решить вопрос

    если закомментить строки в squid.conf

    #Drweb-icap
    #————————————————————————————
    # icap_enable on
    # icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/request
    # adaptation_access service_req allow all
    # icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344/response
    # adaptation_access service_resp allow all
    #———————————————————————————

    #2 Igorn

  • Dr.Web Staff
  • 473 Сообщений:
  • Источник

    Ошибка протокола icap система вернула no error

    Hi There
    I’m running pfSense since very long time, and now the subjected issue started since a month.

    I’ve tried multiple options, but no luck, the following is my configuration:

    pfSense Version 2.3.4-RELEASE-p1
    Intel Core i5 — 3 GHz
    4 GB RAM (and it’s not even crossing 50%)
    500 GB HDD

    Squid 0.4.37 with C-ICAP and CalmAV enabled

    • Transparent Proxy (only on HTTP)
    • No Remote Cache

    Kindly help me in this regard.
    Thanx in Advance.

    Same problem here, the issue started since a month as well.

    Nothing to find in the logs, it just happens at random times.

    2.3.4-RELEASE-p1 (amd64)
    built on Fri Jul 14 14:52:43 CDT 2017
    FreeBSD 10.3-RELEASE-p19

    Squid Version 3.5.26, ClamAV 0.99.2_3, C-ICAP 0.4.4,2 + SquidClamav 6.16

    2x Intel(R) Xeon(R) CPU X5570 @ 2.93GHz
    32 GB ECC RAM
    600 GB HDD Raid 10

    Temporary workaround is to set bypass=on, so at least the users don’t get annoyed by the «ICAP Protocol Error» message.

    Same here, randomly happened to me tonight. Updating SquidAV seemed to have resolved the issue. From some quick Googling, it looks like a number of people have experienced this issue but there isn’t a real solution nor a reason why this occurs.

    However, I can sort of duplicate the problem or pinpoint at least one cause of it. I recently changed the proxy configuration of our email security gateway from our previous proxy to squid on PfSense, and since then the issue happens at least every second day, and apparently when the email gateway updates it’s AV definition files via the proxy.

    Interestingly, restarting clamav or ICAP doesn’t help solving the issue, the only way to get it up again is to restart squid as a whole.

    and apparently when the email gateway updates it’s AV definition files via the proxy.

    Ugh. You should NOT download antivirus defs via the proxy with ClamAV in the first place. It will trigger false positives and cause other issues.

    Quite seriously: You need to see more of the real world out there. LOading AV defs through a http proxy is absolutely normal every day business everywhere. Are you saying to die until restart is acceptable behaviour? ::)

    I also have the same issue, where do you turn on ByPass?

    Same issue here, squid at random times can no longer connect to ICAP. Any ideas what could it be?

    Same here, re-appearing in 2.4.3-RELEASE-p1 on a Netgate SG-3100. Looks to me too high i/o(. )

    • PFSense installed on ‘thrid party’ pc hardware works normally.
    • Restarting ClamAV works for some hours and then protocol errors appear again.
    • Updating ClamAV once a day lowered to once a week -> no difference
    • Bypassing will prevent this ICAP protocol error but is not really a solution.

    Источник

    Adblock
    detector

    Здравствуйте, уважаемые!
    Необходимо настроить проверку трафика http и ftp шлюза squid на вирусы. Выбрал протокол ICAP. Настроил по руководствам разработчиков ICAP и описаниям на нескольких сайтах. В результате браузер пишет следующее:
    * ICAP protocol error.
    Some aspect of the ICAP communication failed. Possible problems:
    * ICAP server is not reachable.
    * Illegal response from ICAP server.
    Your cache administrator is root.
    Generated Wed, 15 Aug 2007 13:58:15 GMT by adminserver (squid/2.6.STABLE1)

    Далее привожу все мои настройки. Посмотрите, пожалуйста, в чем может крыться ошибка.

    Версия c_icap: c_icap-030606rc1
    Конфигурировал с параметрами: —prefix=/usr/local/c_icap —with=/usr/lib (так как читал, что icap не может существовать без библиотек clamav).

    Squid поддерживает ICAP

    Это конфмгурация squid:
    http_port 3128
    hierarchy_stoplist cgi-bin ?
    acl QUERY urlpath_regex cgi-bin ?
    cache deny QUERY
    acl Apache rep_header Server ^Apache
    broken_vary_encoding allow apache
    cache_mem 64 MB
    cache_swap_low 90
    cache_swap_high 95
    maximum_object_size 4096 KB
    minimum_object_size 0 KB
    maximum_object_size_in_memory 8 KB
    ipcache_size 1024
    ipcache_low 90
    ipcache_high 95
    cache_dir ufs /var/spool/squid 1000 32 512
    access_log /var/log/squid/access.log squid
    cache_log /var/log/squid/cache.log
    cache_store_log /var/log/squid/store.log
    debug_options ALL,1
    auth_param basic children 5
    auth_param basic realm Squid proxy-caching web server
    auth_param basic casesensitive off
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern . 0 20% 4320
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl to_localhost dst 127.0.0.0/8
    acl SSL_ports port 443 563
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT
    acl mynet src 192.168.0.0/24
    http_access allow mynet
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localhost
    http_access deny all
    http_reply_access allow all
    icp_access allow all
    cache_effective_user squid
    cache_effective_group squid
    visible_hostname adminserver
    icap_enable on
    icap_preview_enable on
    icap_preview_size 128
    icap_send_client_ip on
    icap_service service_1 reqmod_precache 0 icap://localhost:1344/reqmod
    icap_service service_2 respmod_precache 0 icap://localhost:1344/respmod
    icap_class class_1 service_1 service_2
    icap_access class_1 allow all
    logfile_rotate 12
    error_directory /usr/lib/squid/errors/English
    coredump_dir /var/spool/squid

    Запуск icap в нормальном режиме:
    [root@shluz bin]# ./c-icap
    Initialization of echo module……
    Initialization of url_check module……
    LibClamAV Warning: ********************************************************
    LibClamAV Warning: * This version of the ClamAV engine is outdated. *
    LibClamAV Warning: * DON’T PANIC! Read http://www.clamav.net/faq.html *
    LibClamAV Warning: ********************************************************
    LibClamAV Warning: **************************************************
    LibClamAV Warning: * The virus database is older than 7 days. *
    LibClamAV Warning: * Please update it IMMEDIATELY! *
    LibClamAV Warning: **************************************************
    LibClamAV Warning: ********************************************************
    LibClamAV Warning: * This version of the ClamAV engine is outdated. *
    LibClamAV Warning: * DON’T PANIC! Read http://www.clamav.net/faq.html *
    LibClamAV Warning: ********************************************************
    LibClamAV Warning: Signature for Trojan.Small-3108 requires new ClamAV version. Please update!
    LibClamAV Warning: Signature for W32.Cervan requires new ClamAV version. Please update!
    LibClamAV Warning: Signature for Trojan.Small-3169 requires new ClamAV version. Please update!
    LibClamAV Warning: Signature for Trojan.Small-3171 requires new ClamAV version. Please update!
    LibClamAV Warning: Signature for W32.Dwee-1 requires new ClamAV version. Please update!
    LibClamAV Warning: Signature for Trojan.Small-3184 requires new ClamAV version. Please update!
    LibClamAV Warning: Signature for Trojan.Small-3204 requires new ClamAV version. Please update!
    LibClamAV Warning: Signature for Trojan.Crypted-4 requires new ClamAV version. Please update!
    LibClamAV Warning: Signature for Trojan.Packed-75 requires new ClamAV version. Please update!

    Проверка результатов запуска:
    [root@shluz bin]# netstat -apn | grep 1344
    tcp 0 0 0.0.0.0:1344 0.0.0.0:* LISTEN 6315/c-icap

    [root@shluz bin]# netstat -apn | grep 1344
    tcp 0 0 0.0.0.0:1344 0.0.0.0:* LISTEN 6315/c-icap
    tcp 0 0 127.0.0.1:42004 127.0.0.1:1344 TIME_WAIT —
    tcp 0 0 127.0.0.1:34943 127.0.0.1:1344 TIME_WAIT —
    tcp 0 1 59.109.39.117:51640 69.25.27.173:1344 SYN_SENT 6482/(squid).

    [root@shluz bin]# netstat -apn | grep c-icap
    tcp 0 0 0.0.0.0:1344 0.0.0.0:* LISTEN 11381/c-icap
    unix 2 [ ] DGRAM 85200 11381/c-icap

    Это файл конфигурации c_icap:
    PidFile /var/run/c-icap.pid
    Timeout 300
    KeepAlive On
    MaxKeepAliveRequests 100
    KeepAliveTimeout 600
    StartServers 3
    MaxServers 10
    MinSpareThreads 10
    MaxSpareThreads 20
    ThreadsPerChild 10
    MaxRequestsPerChild 0
    Port 1344
    User squid
    Group squid
    TmpDir /var/tmp
    MaxMemObject 131072
    ServerLog /usr/local/c_icap/var/log/server.log
    AccessLog /usr/local/c_icap/var/log/access.log
    ModulesDir /usr/local/c_icap/lib/c_icap
    Module logger sys_logger.so
    Module perl_handler perl_handler.so
    sys_logger.Prefix «C-ICAP:»
    sys_logger.Facility local1
    Logger /usr/local/c_icap/var/log
    acl localnet_respmod src 127.0.0.1 type respmod
    acl localnet src 127.0.0.1
    acl externalnet src 0.0.0.0/0.0.0.0
    icap_access allow localnet_respmod
    icap_access allow localnet
    icap_access deny externalnet
    ServicesDir /usr/local/c_icap/lib/c_icap
    Service echo_module srv_echo.so
    Service url_check_module srv_url_check.so
    Service antivirus_module srv_clamav.so
    srv_clamav.ScanFileTypes TEXT DATA EXECUTABLE ARCHIVE GIF JPEG MSOFFICE
    srv_clamav.SendPercentData 5
    srv_clamav.StartSendPercentDataAfter 2M
    srv_clamav.MaxObjectSize 5M
    srv_clamav.ClamAvTmpDir /var/tmp
    srv_clamav.ClamAvMaxFilesInArchive 0
    srv_clamav.ClamAvMaxFileSizeInArchive 100M
    srv_clamav.ClamAvMaxRecLevel 5
    srv_clamav.VirSaveDir /tmp/virusstor/
    srv_clamav.VirHTTPServer «http://fortune/cgi-bin/get_file.pl?usename=%f­&remove=1­&file=­»­;
    srv_clamav.VirUpdateTime 15
    srv_clamav.VirScanFileTypes ARCHIVE EXECUTABLE

    Что пишет лог c_icap (фрагмент):
    /usr/local/c_icap/var/log/server.log:
    Fri Aug 17 10:41:01 2007, general, Service not found
    Fri Aug 17 10:41:01 2007, general, Service not found
    Fri Aug 17 10:41:06 2007, general, Service not found
    Fri Aug 17 10:41:06 2007, general, Service not found

    /usr/local/c_icap/var/log/access.log- пустой

    С правами доступа кажется все нормально, хотя…
    Возможно что-то упустил в описании проблемы. Может быть у кого-то успешно работает сервис ICAP, посмотрите, пожалуйста, в чем моя ошибка.
    Буду очень признателен за посильную помощь!
    Спасибо!

    Не хочет с-icap почему-то принимать соединения.

    сквид 3.1.10 и c-icap-060708_2,1 из портов

    конфиги

    Код: Выделить всё

     cat squid.conf
    acl manager proto cache_object
    acl localhost src 127.0.0.1/32
    acl to_localhost dst 127.0.0.0/8
    acl localnet src 192.168.84.0/24
    acl localnet src 192.168.85.0/24
    acl SSL_ports port 443
    acl SSL_ports port 8443
    acl Safe_ports port 80          # http
    acl Safe_ports port 21          # ftp
    acl Safe_ports port 443         # https
    acl Safe_ports port 70          # gopher
    acl Safe_ports port 210         # wais
    acl Safe_ports port 1025-65535  # unregistered ports
    acl Safe_ports port 280         # http-mgmt
    acl Safe_ports port 488         # gss-http
    acl Safe_ports port 591         # filemaker
    acl Safe_ports port 777         # multiling http
    acl CONNECT method CONNECT
    http_access allow manager localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localnet
    http_access deny all
    icp_access allow localnet
    icp_access deny all
    htcp_access allow localnet
    htcp_access deny all
    http_port 3128 transparent
    hierarchy_stoplist cgi-bin ?
    
    cache_dir ufs /storage/squidcache 4096 64 256
    maximum_object_size 512 KB
    
    access_log /var/log/squid/access.log squid
    cache_log /var/log/squid/cache.log
    icap_log /var/log/squid/icap.log
    cache_store_log none
    logfile_rotate 10
    
    url_rewrite_program /usr/local/rejik/redirector /usr/local/etc/redirector.conf
    url_rewrite_children 8
    refresh_pattern ^ftp:           1440    20%     10080
    refresh_pattern ^gopher:        1440    0%      1440
    refresh_pattern (cgi-bin|?)    0       0%      0
    refresh_pattern .               0       20%     4320
    visible_hostname server.local
    
    icp_port 3130
    icap_enable on
    icap_preview_enable on
    icap_preview_size 128
    icap_send_client_ip on
    icap_service service_avi_req reqmod_precache 0 icap://192.168.84.253/srv_clamav
    icap_service service_avi respmod_precache 1 icap://192.168.84.253/srv_clamav
    adaptation_service_set service_avi service_avi_req
    adaptation_access  service_avi allow all
    adaptation_access  service_avi_req allow all
    

    икап, разрешено всем намеренно, в процессе поиска

    Код: Выделить всё

     cat c-icap.conf | grep -v '^#' | sed '/^$/d'
    cat: c-icap.conf: No such file or directory
    niko-gw# cd /usr/local/etc
    niko-gw# cat c-icap.conf | grep -v '^#' | sed '/^$/d'
    PidFile /var/run/c-icap.pid
    CommandsSocket /var/run/c-icap/c-icap.ctl
    Timeout 300
    KeepAlive On
    MaxKeepAliveRequests 600
    KeepAliveTimeout 600
    StartServers 3
    MaxServers 10
    MinSpareThreads     10
    MaxSpareThreads     20
    ThreadsPerChild     10
    MaxRequestsPerChild  0
    Port 1344
    User cicap
    Group cicap
    TmpDir /tmp/
    MaxMemObject 131072
    ServerLog /var/log/c_icap/server.log
    AccessLog /var/log/c_icap/access.log
    DebugLevel 1
    ModulesDir /usr/local/lib/c_icap
    Module logger sys_logger.so
    sys_logger.Prefix "C-ICAP:"
    sys_logger.Facility local1
    Logger sys_logger
    acl squid_respmod src 192.168.84.0/255.255.255.0 type respmod
    acl squid_options src 192.168.84.0/255.255.255.0 type options
    acl any src 0.0.0.0/0.0.0.0
    icap_access allow squid_respmod
    icap_access allow squid_options
    icap_access allow any
    ServicesDir /usr/local/lib/c_icap
    Service echo_module srv_echo.so
    Service url_check_module srv_url_check.so
    Service antivirus_module srv_clamav.so
    ServiceAlias  avscan srv_clamav?allow204=on&sizelimit=off&mode=simple
    srv_clamav.ScanFileTypes TEXT DATA EXECUTABLE ARCHIVE GIF JPEG MSOFFICE
    srv_clamav.SendPercentData 5
    srv_clamav.StartSendPercentDataAfter 2M
    srv_clamav.MaxObjectSize  5M
    srv_clamav.ClamAvTmpDir /tmp/
    srv_clamav.ClamAvMaxFilesInArchive 0
    srv_clamav.ClamAvMaxFileSizeInArchive 100M
    srv_clamav.ClamAvMaxRecLevel 5
    srv_clamav.VirSaveDir /var/infected
    srv_clamav.VirHTTPServer  "DUMMY"
    srv_clamav.VirUpdateTime   15
    srv_clamav.VirScanFileTypes ARCHIVE EXECUTABLE
    

    tcpdump обмена прокси и с-icap

    Код: Выделить всё

     tcpdump -npi tap0 port 1344
    tcpdump: WARNING: tap0: no IPv4 address assigned
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on tap0, link-type EN10MB (Ethernet), capture size 96 bytes
    12:32:31.157214 IP 192.168.84.254.34482 > 192.168.84.253.1344: Flags [S], seq 1466692851, win 65535, options [mss 1337,nop,wscale 3,sackOK,TS val 136294970 ecr 0], length 0
    12:32:31.157389 IP 192.168.84.253.1344 > 192.168.84.254.34482: Flags [S.], seq 187600070, ack 1466692852, win 65535, options [mss 1337,nop,wscale 3,sackOK,TS val 2911239331 ecr 136294970], length 0
    12:32:31.161123 IP 192.168.84.254.34482 > 192.168.84.253.1344: Flags [.], ack 1, win 8281, options [nop,nop,TS val 136294972 ecr 2911239331], length 0
    12:32:31.161536 IP 192.168.84.254.34482 > 192.168.84.253.1344: Flags [F.], seq 1, ack 1, win 8281, options [nop,nop,TS val 136294972 ecr 2911239331], length 0
    12:32:31.161681 IP 192.168.84.253.1344 > 192.168.84.254.34482: Flags [.], ack 2, win 8281, options [nop,nop,TS val 2911239336 ecr 136294972], length 0
    12:32:31.162434 IP 192.168.84.253.1344 > 192.168.84.254.34482: Flags [F.], seq 1, ack 2, win 8281, options [nop,nop,TS val 2911239336 ecr 136294972], length 0
    12:32:31.163591 IP 192.168.84.254.34482 > 192.168.84.253.1344: Flags [.], ack 2, win 8281, options [nop,nop,TS val 136294977 ecr 2911239336], length 0
    

    Сквид в браузер пишет:

    Код: Выделить всё

    При получении URL http://dealextreme.com/ произошла следующая ошибка
    
    Ошибка протокола ICAP.
    
    Система вернула: [No Error]
    
    Это означает, что какой-то этап связи по протоколу ICAP не удался.
    
    Возможные проблемы:
    
    Сервер ICAP недоступен
    
    Получен недопустимый ответ от сервера ICAP.

    Запуска c-icap в отладке:

    Код: Выделить всё

     c-icap -D -N -d 10
    Enabling parameter -D
    Disabling parameter -N
    Setting parameter :-d=10
    Searching 0x805d02c for default value
    Setting parameter :PidFile=/var/run/c-icap.pid
    Searching 0x805d030 for default value
    Setting parameter :CommandsSocket=/var/run/c-icap/c-icap.ctl
    Searching 0x805d050 for default value
    Setting parameter :Timeout=300
    Searching 0x805d058 for default value
    Setting parameter :MaxKeepAliveRequests=600
    Searching 0x805d054 for default value
    Setting parameter :KeepAliveTimeout=600
    Searching 0x805d060 for default value
    Setting parameter :StartServers=3
    Searching 0x805d064 for default value
    Setting parameter :MaxServers=10
    Searching 0x805d06c for default value
    Setting parameter :MinSpareThreads=10
    Searching 0x805d070 for default value
    Setting parameter :MaxSpareThreads=20
    Searching 0x805d068 for default value
    Setting parameter :ThreadsPerChild=10
    Searching 0x805d864 for default value
    Setting parameter :MaxRequestsPerChild=0
    Searching 0x805d020 for default value
    Setting parameter :Port=1344
    Searching 0x805d034 for default value
    Setting parameter :User=cicap
    Searching 0x805d038 for default value
    Setting parameter :Group=cicap
    Searching 0x805d028 for default value
    Setting parameter :TmpDir=/tmp/
    Searching 0x805d844 for default value
    Setting parameter :MaxMemObject=131072
    Searching 0x805d3d0 for default value
    Setting parameter :ServerLog=/var/log/c_icap/server.log
    Searching 0x805d3d4 for default value
    Setting parameter :AccessLog=/var/log/c_icap/access.log
    Searching 0x805d85c for default value
    Setting parameter :DebugLevel=1
    Setting parameter :ModulesDir=/usr/local/lib/c_icap
    Loading service :logger path sys_logger.so
    Going to search variable Prefix in table sys_logger
    Setting parameter :Prefix=C-ICAP:
    Going to search variable Facility in table sys_logger
    Setting parameter :Logger=sys_logger
    Setting parameter :ServicesDir=/usr/local/lib/c_icap
    Loading service :echo_module path srv_echo.so
    Found handler C_handler for service with extension:.so
    Loading service :url_check_module path srv_url_check.so
    Found handler C_handler for service with extension:.so
    Initialization of url_check module......
    Loading service :antivirus_module path srv_clamav.so
    Found handler C_handler for service with extension:.so
    Alias:avscan of service srv_clamav
    Going to search variable ScanFileTypes in table srv_clamav
    Iam going to scan data for simple scanning of type:,GIF,JPEG,MSOFFICE,TEXT,DATA,EXECUTABLE,ARCHIVE
    Going to search variable SendPercentData in table srv_clamav
    Setting parameter :SendPercentData=5
    Going to search variable StartSendPercentDataAfter in table srv_clamav
    Setting parameter :StartSendPercentDataAfter=2097152
    Going to search variable MaxObjectSize in table srv_clamav
    Setting parameter :MaxObjectSize=5242880
    Going to search variable ClamAvTmpDir in table srv_clamav
    Setting parameter :ClamAvTmpDir=/tmp/
    Going to search variable ClamAvMaxFilesInArchive in table srv_clamav
    Setting parameter :ClamAvMaxFilesInArchive=0
    Going to search variable ClamAvMaxFileSizeInArchive in table srv_clamav
    Setting parameter :ClamAvMaxFileSizeInArchive=104857600
    Going to search variable ClamAvMaxRecLevel in table srv_clamav
    Setting parameter :ClamAvMaxRecLevel=5
    Going to search variable VirSaveDir in table srv_clamav
    Setting parameter :VirSaveDir=/var/infected
    Going to search variable VirHTTPServer in table srv_clamav
    Setting parameter :VirHTTPServer=DUMMY
    Going to search variable VirUpdateTime in table srv_clamav
    Setting parameter :VirUpdateTime=15
    Going to search variable VirScanFileTypes in table srv_clamav
    Iam going to scan data for vir_mode scanning of type:,EXECUTABLE,ARCHIVE
    My hostname is:niko-gw.o56.ru
    

    Вс это вываливается при запуске, в момент обращения к сквиду — ничо больше не пишет

    Хотя си-икап виси и слушает порт:

    Код: Выделить всё

    cicap    c-icap     95318 3  tcp4   *:1344                *:*
    cicap    c-icap     95318 4  dgram  -> /var/run/logpriv
    cicap    c-icap     95317 3  tcp4   *:1344                *:*
    cicap    c-icap     95317 4  dgram  -> /var/run/logpriv
    cicap    c-icap     95316 3  tcp4   *:1344                *:*
    cicap    c-icap     95316 4  dgram  -> /var/run/logpriv
    cicap    c-icap     95315 3  tcp4   *:1344                *:*
    cicap    c-icap     95315 4  dgram  -> /var/run/logpriv
    
    
    
    Proto Recv-Q Send-Q  Local Address          Foreign Address       (state)
    tcp4       0      0 *.1344                 *.*                    LISTEN
    
    

    Понравилась статья? Поделить с друзьями:

    Читайте также:

  • Pfro error что это
  • Pfro error delete operation
  • Pfe ошибка стиральная машина daewoo
  • Phoenix sct flash error 233
  • Phoenix sct flash error 222

  • 0 0 голоса
    Рейтинг статьи
    Подписаться
    Уведомить о
    guest

    0 комментариев
    Старые
    Новые Популярные
    Межтекстовые Отзывы
    Посмотреть все комментарии