OK this is when your are using the icap-client.What about when you are
using squid3?
- Are you seeing any log entries in c-icap log files? Just to see if
squid contacts the icap server...
- Do you see any error message in squid3 cache.log file? Maybe for a
reason squid can not access the icap server.
- What are you seeing in your web browser? How are you testing your
configuration? If you are just trying to download the eicar.com file it
is probably stored in your squid cache or your web broswer cache before
you install the icap server. You need to remove it from your cache. Look
in FAQ for info:
http://wiki.squid-cache.org/SquidFaq/OperatingSquid#head-f418956943bd72ee8b94390ec9df241c3d1dfd20
Also be sure that you had delete any web browser cache before the test.
Regards,
Christos
malmeida_at_isaaviation.ae wrote:
> Test sample output
>
>
> /usr/local/c_icap/bin# /usr/local/c_icap/bin/icap-client -f
> /home/remy/Desktop/eicar.com.txt -s
> "srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple"
> ICAP server:localhost, ip:127.0.0.1, port:1344
>
> <html>
> <head>
> <!--C-ICAP/060708rc1 srvClamAV module -->
> </head>
> <body>
> <H1>VIRUS FOUND</H1>
>
> You try to upload/download a file that contain the virus<br>
> Eicar-Test-Signature
> <p>This message generated by C-ICAP/060708rc1 srvClamAV/antivirus module
> <!-- And this is a silly HTML comment just to make this error bigger than
> 512 bytes
> to allow it displayed in an IE. Yes the IE has a "feature" which does not
> allow
> error messages smaller than 512 bytes displayed, because they are not
> considered
> enough "friendly"
>
> (Xmm...I think this stupid comment is better than empeding viruses or porn
> images in this error message as a bad guy suggest me!)--> </body>
> </html>
>
> #for sample virus file test access log file of c-icap
> tail -f /usr/local/c_icap/var/log/access.log
> Thu Nov 27 23:09:48 2008, 127.0.0.1, 127.0.0.1, OPTIONS,
> srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple, OK
> Thu Nov 27 23:09:48 2008, 127.0.0.1, 127.0.0.1, RESPMOD,
> srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple, OK
>
> #for sample virus file test access log file of c-icap
> tail -f /usr/local/c_icap/var/log/server.log
> Thu Nov 27 23:09:48 2008, general, VIRUS DETECTED:Eicar-Test-Signature.
> Take action.......
>
> //Remy
>
>
> On Thu, 27 Nov 2008 19:50:16 +0200, Christos Tsantilas
> <christos_at_chtsanti.net> wrote:
>> malmeida_at_isaaviation.ae wrote:
>>> Hi Christos,
>>>
>>> I think I have not made my self clear
>>>
>>> first of all I don't have icap_class and icap_access in my squid.conf
>> file
>>> since you said
>>>>>> Your configuration should also contain something like the following:
>>>>>>
>>>>>> icap_class class_avi service_avi
>>>>>> icap_access class_avi allow all
>>> I did those changes as per you and got that message
>>>
>>> my problem is I have enabled icap support but some how its not work (not
>>> able to scan)
>>> if is use the icap-client command to test it work fine
>>>
>>> where is my mistake?
>> Do you see error messages in your squid3 server.log file?
>> Are there any entries in c-icap's access.log file?
>> How are you testing it?
>>
>>> //Remy
Received on Thu Nov 27 2008 - 19:46:22 MST
This archive was generated by hypermail 2.2.0 : Fri Nov 28 2008 - 12:00:04 MST