Hi Christos,
thanks for the quick reply.
I set up the combo Squid3 and c-icap and it works for most. However, I
get a couple of "ICAP protocol errors" during downloads.
The version of squid3 you are using is about 10 months old, please
upgrade to a newer version:
Okay, I upgraded to the current Debian sid sources. This is the
following Squid and it has the icap client enabled right off the shelf:
Squid Cache: Version 3.0.PRE7
configure options: '--build=i486-linux-gnu' '--prefix=/usr'
'--includedir=${prefix}/include' '--mandir=${prefix}/share/man'
'--infodir=${prefix}/share/info' '--sysconfdir=/etc'
'--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3'
'--disable-maintainer-mode' '--disable-dependency-tracking' '--srcdir=.'
'--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3'
'--mandir=/usr/share/man' '--with-cppunit-basedir=/usr'
'--enable-inline' '--enable-async-io=8'
'--enable-storeio=ufs,aufs,coss,diskd'
'--enable-removal-policies=lru,heap' '--enable-poll'
'--enable-delay-pools' '--enable-cache-digests' '--enable-snmp'
'--enable-htcp' '--enable-select' '--enable-carp' '--enable-large-files'
'--enable-underscores' '--enable-icap-client'
'--enable-auth=basic,digest,ntlm'
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,getpwnam,multi-domain-NTLM'
'--enable-ntlm-auth-helpers=SMB'
'--enable-digest-auth-helpers=ldap,password'
'--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group'
'--with-filedescriptors=65536' '--with-default-user=proxy'
'--enable-epoll' '--enable-linux-netfilter' 'CC=cc' 'CFLAGS=-g -Wall
-O2' 'CPPFLAGS=' 'CXXFLAGS=-g -Wall -O2' 'CXX=g++' 'LDFLAGS='
'build_alias=i486-linux-gnu'
However, updating did not change the issue.
http://www.squid-cache.org/Versions/v3/3.0/
Well, unless there is really a known issue I would not like to leave the
Debian tree, since once the system is working, I tend to forget watching
for security updates.
Can anybody give me a hint on how to do better diagnosis on the problem?
Again upgrade your squid3 proxy to a newer version.
Done.
Always you can to send urls which are not working.
http://dfn.dl.sourceforge.net/sourceforge/openantivirus/samba-vscan-0.3.6b.tar.bz2
Also wireshark is a good tool :-)
I feared that answer. But since I do not know the ICAP protocol I do
neither know what to expect. I have a log of that access and I would
gladly send it do anybody, who knowns how to read it.
$ tcpdump -w icap-packets.dump -i lo port 1344
> About c-icap configuration please ask to the c-icap mailing list.
One of the first responses of c-icap appears to be
500 Server Error
but later I also find packets sent from c-icap containing things like
200 OK
Moved Temporarily
and so on. So if that first message is not intended, it is probably an
issue of c-icap.
Thanks for your help,
- lars.
