[pfSense] HAPV

Tue, 29 Jul 2014 10:47:04 -0700
So whats the deal with the hapv package? I can't surf when its active. I also notice on the general tab. 

File scanner    Scanner status
 Path:

 Enter file path or catalog for scanning.
------------------------------------------------------------------------
_Squid cache path (scan you squid cache now)._
_Common DB path._
_Temp path._
 Start Scanner

        2014.07.29 13:18:00 Starting scan file '/var/squid'.
--------------------------------------
ERROR: Can't connect to clamd: No such file or directory

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)

Path= /var/squid all three scan.transparent SUGGESTIONS???
<http://bbs.dlois.com:8888/index.php>
home.dlois.com

 *
   System
 *
   Interfaces
 *
   Firewall
 *
   Services
 *
   VPN
 *
   Status
 *
   Diagnostics
 *
   Help


Antivirus: HTTP proxy (havp + clamav) 
<http://bbs.dlois.com:8888/pkg_edit.php?xml=havp.xml&id=0>help 
<http://bbs.dlois.com:8888/help.php?page=havp.xml>


 * General page <http://bbs.dlois.com:8888/antivirus.php>
 * HTTP proxy <http://bbs.dlois.com:8888/pkg_edit.php?xml=havp.xml&id=0>
 * Settings
   <http://bbs.dlois.com:8888/pkg_edit.php?xml=havp_avset.xml&id=0>

Enable  
Check this for enable proxy.
Proxy mode      
Select interface mode:
*standard*- client(s) bind to the 'proxy port' on selected interface(s);
*parent for squid*- configure HAVP as parent for Squid proxy;

*transparent*- all HTTP requests on interface(s) will be directed to the 
HAVP proxy server without any client configuration necessary (works as 
parent for squid with transparent Squid proxy);
*internal*- HAVP will listen on the loopback (127.0.0.1) on configured 
'proxy port.' Use you own traffic forwarding rules.

Proxy interface(s)      

The interface(s) for client connections to the proxy. Use 'Ctrl' + L. 
Click for multiple selection.

Proxy port      

This is the port the proxy server will listen on (for example: 8080). 
This port must be different from Squid proxy.

Parent proxy    

Enter the parent (upstream) proxy settings as PROXY:PORT format or leave 
empty.

Enable X-Forwarded-For  

If client sent this header, FORWARDED_IP setting defines the value, then 
it is passed on. You might want to keep this disabled for security reasons.
Enable this if you use your own parent proxy after HAVP, so it will see 
the original client IP.

Disabling this also disables Via: header generation.
Enable Forwarded IP     

If HAVP is used as a parent proxy for some other proxy, this allows 
writing the real user's IP to log, instead of the proxy IP.

Language        

Select the language in which the proxy server will display error 
messages to users.

Max download size, Bytes        

Enter value (in Bytes) or leave empty. Downloads larger than 'Max 
download size' will be blocked if not whitelisted.

HTTP Range requests     

Set this for allow HTTP Range requests, and broken downloads can be 
resumed. Allowing HTTP Range is a security risk, because partial HTTP 
requests may not be properly scanned. Whitelisted sites are allowed to 
use Range in any case.

Whitelist       

Enter each destination URL on a new line that will be accessable to the 
users without scanning. Use '*' symbol for mask. Example: 
*.github.com/*, *sourceforge.net/*clamav-*, */*.xml, */*.inc

Blacklist       

Enter each destination domain on a new line that will be accessable to 
the users that are allowed to use the proxy.

Block file if error scanning    
If set, the proxy will block the files on which an error scanning.
Enable RAM Disk         

This option allow use RAM disk for HAVP temp files for more quick 
traffic scan. RAM disk size depends on 'ScanMax' file size and available 
memory. This option can be ignored on systems with low memory. ( RAM 
disk size calculated as [1/4 available system memory] > [Scan max file 
size] * 100 )

Scan max file size      

Select this value for limit maximum file size or leave '---(5M)'. Files 
larger than this limit won't be scanned. Small values increace scan 
speed and maximum new connections per second and allow RAM disk use.
NOTE: Setting limit is a security risk, because some archives like ZIP 
need all the data to be scanned properly! Use this only if you can't 
afford temporary space for big files.

Scan images     

Check this for scan image files. This option allows you to increase 
reliability, but also slows down the scanning process.

Scan media stream       

Check this for scan media (audio/video) stream. Use this for additional 
scan exploits for players.

Scan Broken Executables         
Check this to enable the Heuristic Broken Executable scan.
Log     
Check this for enable log.
Syslog  
Check this for enable Syslog.
        


pfSense <https://www.pfsense.org/?gui211>is © 2004 - 2014 byElectric 
Sheep Fencing LLC <http://www.electricsheepfencing.com/>. All Rights 
Reserved. [view license <http://bbs.dlois.com:8888/license.php>]


--

Brian Caouette

DJ-BrianC
(207) 212-6560
www.djbrianc.us




_______________________________________________
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list













    











					Reply via email to