Hi, I am using SquidClamav 5.7 and Clamav 0.97.3 versions and compiling them on PowerPc architecture.
When I am making SquidClamav interact with clamav, I get an error because the clamd is returning back port 0 on a STREAM command from Squidclamav. This is clear in the log file as extracted below. The error which i am getting in squidclamav log while accessing the "EICAR Test URL- http://www.eicar.org/download/eicar.com"; is : ________________________ERROR -BEGINS in squidclamav.log--------------------- Wed Oct 3 15:00:52 2012 [2234] DEBUG Parsed request: http://www.eicar.org/download/eicar.com 10.116.65.64/- - GET Wed Oct 3 15:00:52 2012 [2234] DEBUG Curl will use proxy: http://127.0.0.1:3128 Wed Oct 3 15:00:52 2012 [2234] DEBUG looking for Content-Type of url http://www.eicar.org/download/eicar.com Wed Oct 3 15:00:53 2012 [2234] DEBUG Received HTTP-HEADER: HTTP/1.0 200 OK^M Wed Oct 3 15:00:53 2012 [2234] DEBUG Received HTTP-HEADER: Date: Wed, 03 Oct 2012 09:50:22 GMT^M Wed Oct 3 15:00:53 2012 [2234] DEBUG Received HTTP-HEADER: Server: Apache^M Wed Oct 3 15:00:53 2012 [2234] DEBUG Received HTTP-HEADER: Content-Disposition: attachment; filename="eicar.com"^M Wed Oct 3 15:00:53 2012 [2234] DEBUG Received HTTP-HEADER: Cache-Control: private^M Wed Oct 3 15:00:53 2012 [2234] DEBUG Received HTTP-HEADER: Content-Length: 68^M Wed Oct 3 15:00:53 2012 [2234] DEBUG Received HTTP-HEADER: Content-Type: application/octet-stream^M Wed Oct 3 15:00:53 2012 [2234] DEBUG Received HTTP-HEADER: X-Cache: MISS from ITMA^M Wed Oct 3 15:00:53 2012 [2234] DEBUG Received HTTP-HEADER: Via: 1.0 ITMA (squid/3.1.19)^M Wed Oct 3 15:00:53 2012 [2234] DEBUG Received HTTP-HEADER: Connection: keep-alive^M Wed Oct 3 15:00:53 2012 [2234] DEBUG Received HTTP-HEADER: ^M Wed Oct 3 15:00:53 2012 [2234] DEBUG File size is 68.00 Wed Oct 3 15:00:53 2012 [2234] DEBUG Content-Type: application/octet-stream will be scanned Wed Oct 3 15:00:53 2012 [2234] Connected to Clamd (127.0.0.1:3310) Wed Oct 3 15:00:53 2012 [2234] DEBUG Sending STREAM to clamd. Wed Oct 3 15:00:53 2012 [2234] DEBUG Received port 0 from clamd. Wed Oct 3 15:00:53 2012 [2234] DEBUG Trying to connect to clamd [port: 0]. Wed Oct 3 15:00:53 2012 [2234] ERROR Can't connect to clamd [port: 0] ------------------------------------ERROR-ENDS----------------- ------------------------ERROR in clamav.log--------------------- Wed Oct 3 18:51:40 2012 -> ERROR: ScanStream 13743: accept timeout. Wed Oct 3 18:51:59 2012 -> ERROR: ScanStream 15814: accept timeout. Wed Oct 3 18:52:04 2012 -> ERROR: ScanStream 13953: accept timeout. Wed Oct 3 18:52:07 2012 -> ERROR: ScanStream 13923: accept timeout. Wed Oct 3 18:52:07 2012 -> ERROR: ScanStream 11279: accept timeout. Wed Oct 3 18:52:10 2012 -> ERROR: ScanStream 13098: accept timeout. Wed Oct 3 18:52:10 2012 -> ERROR: ScanStream 15373: accept timeout. Wed Oct 3 18:52:12 2012 -> ERROR: ScanStream 12165: accept timeout. Wed Oct 3 18:52:15 2012 -> ERROR: ScanStream 15310: accept timeout. ------------------------END------------------------------------- The configuration file for clamav is as follows: ## Please read the clamd.conf(5) manual before editing this file. LogFile /var/log/clamav/clamav.log LogFileMaxSize 0 LogTime yes PidFile /var/run/clamd.pid DatabaseDirectory /var/lib/clamav #LocalSocket /var/run/clamav/clamd.ctl #LocalSocket /tmp/clamd.socket StreamMaxPort 16000 StreamMinPort 11000 TCPSocket 3310 TCPAddr 127.0.0.1 FixStaleSocket yes MaxConnectionQueueLength 15 MaxThreads 10 ReadTimeout 180 SelfCheck 1800 User clamav AllowSupplementaryGroups yes ScanPE yes ScanELF yes DetectBrokenExecutables yes ScanOLE2 yes ScanMail yes PhishingSignatures yes ScanHTML yes ScanArchive yes ----------------- END OF CLAMD CONF FILE --------------------- The configuration file for squidclamav is as follows: # # Global configuration # squid_ip 127.0.0.1 squid_port 3128 logfile /var/log/squid/squidclamav.log maxsize 5000000 #redirect http://proxy.domain.dom/cgi-bin/clwarn.cgi redirect http://10.116.65.63/block.html #squidguard /usr/local/squidGuard/bin/squidGuard debug 3 stat 0 maxredir 30 #clamd_local /tmp/clamd.socket clamd_ip 127.0.0.1 clamd_port 3310 timeout 60 useragent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) trust_cache 1 logredir 0 # # Squidclamav behaviour # (since v5.0 Squidclamav scan all file by default) # # Here is the defaut regex pattern pattern I use to bypass virus scan. # # Do not scan images abort ^.*\.(ico|gif|png|jpg)$ abortcontent ^image\/.*$ # Do not scan text files abort ^.*\.(css|xml|xsl|js|html|jsp)$ abortcontent ^text\/.*$ abortcontent ^application\/x-javascript$ # Do not scan streamed videos abortcontent ^video\/x-flv$ abortcontent ^video\/mp4$ # Do not scan flash files abort ^.*\.swf$ abortcontent ^application\/x-shockwave-flash$ # Do not scan sequence of framed Microsoft Media Server (MMS) data packets abortcontent ^.*application\/x-mms-framed.*$ # White list some sites whitelist .*\.clamav.net -------------------------------- END OF SQUIDCLAMAV CONF FILE ----------------- Can you please let me know why is the clamd returning an incorrect port for the squidclamav to send the stream on? Any help will be highly appreciated. -- La.Rajalakshmi _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
