search

darold / squidclamav

SquidClamAv is a dedicated ClamAV antivirus redirector for Squid. It can run antivirus checks based on filename regex, content-type regex, and more. It is easy to install and works even with heavy Squid access.
http://squidclamav.darold.net/
Other
56 stars 32 forks source link

Error When Attempting to Return Template #31

Closed skny5 closed 6 years ago

skny5 commented 8 years ago

Hi, have setup SquidClamAV and C-ICAP, virus detection is working, however when there is an error in the debug logs when sending the template file, the redirect command does however go through successfully. 

Thu Jan  7 04:09:38 2016, 18652/771090176, squidclamav.c(433) squidclamav_check_preview_handler: Thu Jan  7 04:09:38 2016, 18652/771090176, DEBUG Content-Length: 941
Thu Jan  7 04:09:38 2016, 18652/771090176, squidclamav.c(442) squidclamav_check_preview_handler: Thu Jan  7 04:09:38 2016, 18652/771090176, DEBUG Content-Type: multipart/form-data; boundary=----WebKitFormBoundary4EavaLygWOzLC4Iv
Thu Jan  7 04:09:38 2016, 18652/771090176, squidclamav.c(480) squidclamav_check_preview_handler: Thu Jan  7 04:09:38 2016, 18652/771090176, DEBUG Can not begin to scan url: No preview data.
Thu Jan  7 04:09:38 2016, 18652/771090176, ci_simple_file_new: Use temporary filename: /tmp/CI_TMP_9G4f6o
Thu Jan  7 04:09:38 2016, 18652/771090176, squidclamav.c(496) squidclamav_check_preview_handler: Thu Jan  7 04:09:38 2016, 18652/771090176, DEBUG End of method squidclamav_check_preview_handler
Thu Jan  7 04:09:38 2016, 18652/771090176, squidclamav.c(594) squidclamav_end_of_data_handler: Thu Jan  7 04:09:38 2016, 18652/771090176, DEBUG ending request data handler.
Thu Jan  7 04:09:38 2016, 18652/771090176, squidclamav.c(1698) dconnect: Thu Jan  7 04:09:38 2016, 18652/771090176, entering.
Thu Jan  7 04:09:38 2016, 18652/771090176, squidclamav.c(617) squidclamav_end_of_data_handler: Thu Jan  7 04:09:38 2016, 18652/771090176, DEBUG Sending zINSTREAM command to clamd.
Thu Jan  7 04:09:38 2016, 18652/771090176, squidclamav.c(625) squidclamav_end_of_data_handler: Thu Jan  7 04:09:38 2016, 18652/771090176, DEBUG Ok connected to clamd.
Thu Jan  7 04:09:38 2016, 18652/771090176, squidclamav.c(629) squidclamav_end_of_data_handler: Thu Jan  7 04:09:38 2016, 18652/771090176, DEBUG: Scanning data now
Thu Jan  7 04:09:38 2016, 18652/771090176, squidclamav.c(646) squidclamav_end_of_data_handler: Thu Jan  7 04:09:38 2016, 18652/771090176, DEBUG Write 945 bytes on 941 to socket
Thu Jan  7 04:09:38 2016, 18652/771090176, squidclamav.c(664) squidclamav_end_of_data_handler: Thu Jan  7 04:09:38 2016, 18652/771090176, DEBUG received from Clamd: stream: Eicar-Test-Signature FOUND
Thu Jan  7 04:09:38 2016, 18652/771090176, templateLoadText: Languages are: 'en-US,en;q=0.8'
Thu Jan  7 04:09:38 2016, 18652/771090176, squidclamav.c(671) squidclamav_end_of_data_handler: Thu Jan  7 04:09:38 2016, 18652/771090176, DEBUG Virus found, ending download.
Thu Jan  7 04:09:38 2016, 18652/771090176, squidclamav.c(680) squidclamav_end_of_data_handler: Thu Jan  7 04:09:38 2016, 18652/771090176, DEBUG Closing Clamd connection.
Thu Jan  7 04:09:38 2016, 18652/771090176, squidclamav.c(685) squidclamav_end_of_data_handler: Thu Jan  7 04:09:38 2016, 18652/771090176, DEBUG Virus found, sending redirection header / error page.
Thu Jan  7 04:09:38 2016, 18652/771090176, squidclamav.c(308) squidclamav_release_request_data: Thu Jan  7 04:09:38 2016, 18652/771090176, DEBUG Releasing request data.
Thu Jan  7 04:10:38 2016, 18652/771090176, Error 10 while parsing headers :(0)
Thu Jan  7 04:10:38 2016, 18652/771090176, Process request timeout or interrupted....

squidclamav_release_request_data: Thu Jan 7 04:09:38 2016, 18652/771090176, DEBUG Releasing request data. Thu Jan 7 04:10:38 2016, 18652/771090176, Error 10 while parsing headers :(0) Thu Jan 7 04:10:38 2016, 18652/771090176, Process request timeout or interrupted

Any ideas on how to fix the above?

darold commented 8 years ago

What version of squid/c-icap/squidclamav are you using? Have you tried latest squidclamav development code?

skny5 commented 8 years ago

Yup - latest squidclamav from master branch, c-icap 0.4.2, squid 4.0.3.

skny5 commented 8 years ago

So got past that error, I had initially kept KeepAlive -1, so the connection wasn't terminating once the data was sent. Now stuck on another error in that the message isn't being returned back to the client, instead seeing the following:

X-Squid-Error:ERR_ICAP_FAILURE 0 with a 500 Internal Error

<blockquote id="error">
<p><b>ICAP protocol error.</b></p>
</blockquote>

<p id="sysmsg">The system returned: <i>[No Error]</i></p>

<p>This means that some aspect of the ICAP communication failed.</p>

<p>Some possible problems are:</p>
<ul>
<li><p>The ICAP server is not reachable.</p></li>
<li><p>An Illegal response was received from the ICAP server.</p></li>

Just to mention virus files are being detected properly and being stopped and clean files are getting through, just need to figure out the message sent to put better error handling in place. Any suggestions?

darold commented 8 years ago

Do you have the same error when using squid version 3? I'm not able to reproduce the issue using c-icap 0.4.2 and squid3. I've not tested squid4 until now, I will give it a try this weekend.

darold commented 8 years ago

Please use latest code from github, commit b1b82e8 fix a buffer overflow in squidclamav_safebrowsing() that can be responsible of your issue. Please, let me know if that solves your issue.

skny5 commented 8 years ago

Thank you will try

skny5 commented 8 years ago

Same result