Re: [squid-users] ICAP help from malmeida_at_isaaviation.ae on 2008-11-27 (squid-users)

From: <malmeida_at_isaaviation.ae>
Date: Fri, 28 Nov 2008 00:06:57 +0400

Thanks Christos,

after purging it form squid cache it work fine able to scan.
But now another problem when I try to download a zip virus file
http://www.eicar.org/download/eicar_com.zip

ERROR in the browser
The following error was encountered while trying to retrieve the URL:
http://www.eicar.org/download/eicar_com.zip

ICAP protocol error.

The system returned: [No Error]

This means that some aspect of the ICAP communication failed.

Some possible problems are:

The ICAP server is not reachable.
*

An Illegal response was received from the ICAP server.

//Remy

On Thu, 27 Nov 2008 21:46:15 +0200, Christos Tsantilas
<christos_at_chtsanti.net> wrote:
> OK this is when your are using the icap-client.What about when you are
> using squid3?
>
> - Are you seeing any log entries in c-icap log files? Just to see if
> squid contacts the icap server...
>
> - Do you see any error message in squid3 cache.log file? Maybe for a
> reason squid can not access the icap server.
>
> - What are you seeing in your web browser? How are you testing your
> configuration? If you are just trying to download the eicar.com file it
> is probably stored in your squid cache or your web broswer cache before
> you install the icap server. You need to remove it from your cache. Look
> in FAQ for info:
>
http://wiki.squid-cache.org/SquidFaq/OperatingSquid#head-f418956943bd72ee8b94390ec9df241c3d1dfd20
> Also be sure that you had delete any web browser cache before the test.
>
> Regards,
> Christos
>
>
> malmeida_at_isaaviation.ae wrote:
>> Test sample output
>>
>>
>> /usr/local/c_icap/bin# /usr/local/c_icap/bin/icap-client -f
>> /home/remy/Desktop/eicar.com.txt -s
>> "srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple"
>> ICAP server:localhost, ip:127.0.0.1, port:1344
>>
>> <html>
>> <head>
>> 
>> </head>
>> <body>
>> <H1>VIRUS FOUND</H1>
>>
>> You try to upload/download a file that contain the virus<br>
>> Eicar-Test-Signature
>> <p>This message generated by C-ICAP/060708rc1 srvClamAV/antivirus module
>>  </body>
>> </html>
>>
>> #for sample virus file test access log file of c-icap
>> tail -f /usr/local/c_icap/var/log/access.log
>> Thu Nov 27 23:09:48 2008, 127.0.0.1, 127.0.0.1, OPTIONS,
>> srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple, OK
>> Thu Nov 27 23:09:48 2008, 127.0.0.1, 127.0.0.1, RESPMOD,
>> srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple, OK
>>
>> #for sample virus file test access log file of c-icap
>> tail -f /usr/local/c_icap/var/log/server.log
>> Thu Nov 27 23:09:48 2008, general, VIRUS DETECTED:Eicar-Test-Signature.
>> Take action.......
>>
>> //Remy
>>
>>
>> On Thu, 27 Nov 2008 19:50:16 +0200, Christos Tsantilas
>> <christos_at_chtsanti.net> wrote:
>>> malmeida_at_isaaviation.ae wrote:
>>>> Hi Christos,
>>>>
>>>> I think I have not made my self clear
>>>>
>>>> first of all I don't have icap_class and icap_access in my squid.conf
>>> file
>>>> since you said
>>>>>>> Your configuration should also contain something like the
> following:
>>>>>>>
>>>>>>> icap_class class_avi service_avi
>>>>>>> icap_access class_avi allow all
>>>> I did those changes as per you and got that message
>>>>
>>>> my problem is I have enabled icap support but some how its not work
> (not
>>>> able to scan)
>>>> if is use the icap-client command to test it work fine
>>>>
>>>> where is my mistake?
>>> Do you see error messages in your squid3 server.log file?
>>> Are there any entries in c-icap's access.log file?
>>> How are you testing it?
>>>
>>>> //Remy
Received on Thu Nov 27 2008 - 20:16:03 MST

This archive was generated by hypermail 2.2.0 : Fri Nov 28 2008 - 12:00:04 MST