OK this is when your are using the icap-client.What about when you are
using squid3?
- Are you seeing any log entries in c-icap log files? Just to see if
squid contacts the icap server...
- Do you see any error message in squid3 cache.log file? Maybe for a
reason squid can not access the icap server.
- What are you seeing in your web browser? How are you testing your
configuration? If you are just trying to download the eicar.com file it
is probably stored in your squid cache or your web broswer cache before
you install the icap server. You need to remove it from your cache. Look
in FAQ for info:
http://wiki.squid-cache.org/SquidFaq/OperatingSquid#head-f418956943bd72ee8b94390ec9df241c3d1dfd20
Also be sure that you had delete any web browser cache before the test.
Regards,
Christos
malmeida@xxxxxxxxxxxxxx wrote:
Test sample output
/usr/local/c_icap/bin# /usr/local/c_icap/bin/icap-client -f
/home/remy/Desktop/eicar.com.txt -s
"srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple"
ICAP server:localhost, ip:127.0.0.1, port:1344
<html>
<head>
<!--C-ICAP/060708rc1 srvClamAV module -->
</head>
<body>
<H1>VIRUS FOUND</H1>
You try to upload/download a file that contain the virus<br>
Eicar-Test-Signature
<p>This message generated by C-ICAP/060708rc1 srvClamAV/antivirus module
<!-- And this is a silly HTML comment just to make this error bigger than
512 bytes
to allow it displayed in an IE. Yes the IE has a "feature" which does not
allow
error messages smaller than 512 bytes displayed, because they are not
considered
enough "friendly"
(Xmm...I think this stupid comment is better than empeding viruses or porn
images in this error message as a bad guy suggest me!)--> </body>
</html>
#for sample virus file test access log file of c-icap
tail -f /usr/local/c_icap/var/log/access.log
Thu Nov 27 23:09:48 2008, 127.0.0.1, 127.0.0.1, OPTIONS,
srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple, OK
Thu Nov 27 23:09:48 2008, 127.0.0.1, 127.0.0.1, RESPMOD,
srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple, OK
#for sample virus file test access log file of c-icap
tail -f /usr/local/c_icap/var/log/server.log
Thu Nov 27 23:09:48 2008, general, VIRUS DETECTED:Eicar-Test-Signature.
Take action.......
//Remy
On Thu, 27 Nov 2008 19:50:16 +0200, Christos Tsantilas
<christos@xxxxxxxxxxxx> wrote:
malmeida@xxxxxxxxxxxxxx wrote:
Hi Christos,
I think I have not made my self clear
first of all I don't have icap_class and icap_access in my squid.conf
file
since you said
Your configuration should also contain something like the following:
icap_class class_avi service_avi
icap_access class_avi allow all
I did those changes as per you and got that message
my problem is I have enabled icap support but some how its not work (not
able to scan)
if is use the icap-client command to test it work fine
where is my mistake?
Do you see error messages in your squid3 server.log file?
Are there any entries in c-icap's access.log file?
How are you testing it?
//Remy
