darold
commented
11 years ago Hi,
Those two lines indicate that the eicar file is already in your squid cache:
Wed Jan 23 16:34:17 2013, 7450/1437308672, DEBUG squidclamav_check_preview_handler: Content-Length: 0
Wed Jan 23 16:34:17 2013, 7450/1437308672, DEBUG squidclamav_check_preview_handler: No body data, allow 204this is why no preview data were sent to squidclamav.
You have to clear your cache or make a test with an other eicar file. Here is a useful site to test your antivir solution:
http://www.rosu.fr/tav.htmlRegards,
Mang0uste
Hi,
I have installed a squid proxy (3.2.6) using clamav (0.97.6) for virus detection. I obviously installed squidclamav (6.10) and c-icap (0.2.5) and they were just all running like a charm.
During my tests I have noticed that the eicar archive weren't detected as a virus, my browser have just downloaded the file normally.
I'm pretty sure my clamav daemon is working OK, as a manual scan detect archive as a virus : /tmp/eicar.zip: Eicar-Test-Signature FOUND
I've set verbose to 10 on c-icap to figure out the problem daemon is doing lot of stuff but never raised any alert. Here is logs :
Wed Jan 23 16:34:16 2013, main proc, Server stats: Children: 2 Free servers: 18 Used servers:2 Requests served:492 Wed Jan 23 16:34:17 2013, 7450/1437308672, Server 7450 going to serve new request from client (keep-alive) Wed Jan 23 16:34:17 2013, 7450/1437308672, Get entity from trash.... Wed Jan 23 16:34:17 2013, 7450/1437308672, Get entity from trash.... Wed Jan 23 16:34:17 2013, 7450/1437308672, Going to check request for access control restrictions Wed Jan 23 16:34:17 2013, 7450/1437308672, Access control: ALLOW Wed Jan 23 16:34:17 2013, 7450/1437308672, DEBUG squidclamav_init_request_data: initializing request data handler. Wed Jan 23 16:34:17 2013, 7450/1437308672, pool hits:238 allocations: 4 Wed Jan 23 16:34:17 2013, 7450/1437308672, Allocating from objects pool object 6 Wed Jan 23 16:34:17 2013, 7450/1437308672, Requested service: squidclamav Wed Jan 23 16:34:17 2013, 7450/1437308672, Read preview data if there are and process request Wed Jan 23 16:34:17 2013, 7450/1437308672, DEBUG squidclamav_check_preview_handler: processing preview header. Wed Jan 23 16:34:17 2013, 7450/1437308672, DEBUG squidclamav_check_preview_handler: X-Client-IP: 172.16.182.82 Wed Jan 23 16:34:17 2013, 7450/1437308672, DEBUG extract_http_info: method GET Wed Jan 23 16:34:17 2013, 7450/1437308672, DEBUG extract_http_info: url http://securite-informatique.info/virus/eicar/download/eicar_niveau1.zip Wed Jan 23 16:34:17 2013, 7450/1437308672, DEBUG squidclamav_check_preview_handler: URL requested: http://securite-informatique.info/virus/eicar/download/eicar_niveau1.zip Wed Jan 23 16:34:17 2013, 7450/1437308672, DEBUG squidclamav_check_preview_handler: Content-Length: 0 Wed Jan 23 16:34:17 2013, 7450/1437308672, DEBUG squidclamav_check_preview_handler: No body data, allow 204 Wed Jan 23 16:34:17 2013, 7450/1437308672, Preview handler return allow 204 response Wed Jan 23 16:34:17 2013, 7450/1437308672, DEBUG squidclamav_release_request_data: Releasing request data. Wed Jan 23 16:34:17 2013, 7450/1437308672, Storing to objects pool object 6 Wed Jan 23 16:34:17 2013, 7450/1437308672, Log request to access log file /proxy-ng/logs/c-icap/c-icap_access.log Wed Jan 23 16:34:17 2013, 7450/1437308672, Width: 0, Parameter: Wed Jan 23 16:34:17 2013, 7450/1437308672, Width: 0, Parameter: Wed Jan 23 16:34:17 2013, 7450/1437308672, Width: 0, Parameter: Wed Jan 23 16:34:17 2013, 7450/1437308672, Width: 0, Parameter: Wed Jan 23 16:34:17 2013, 7450/1437308672, Width: 0, Parameter: Wed Jan 23 16:34:17 2013, 7450/1437308672, Width: 0, Parameter: Wed Jan 23 16:34:17 2013, 7450/1437308672, Keep-alive:1 Wed Jan 23 16:34:17 2013, main proc, Server stats: Children: 2 Free servers: 18 Used servers:2 Requests served:493
Can you shed any light on this ? I don't really know where to search now :)
Regards,