Thanks Christos, after purging it form squid cache it work fine able to scan. But now another problem when I try to download a zip virus file http://www.eicar.org/download/eicar_com.zip ERROR in the browser The following error was encountered while trying to retrieve the URL: http://www.eicar.org/download/eicar_com.zip ICAP protocol error. The system returned: [No Error] This means that some aspect of the ICAP communication failed. Some possible problems are: * The ICAP server is not reachable. * An Illegal response was received from the ICAP server. //Remy On Thu, 27 Nov 2008 21:46:15 +0200, Christos Tsantilas <christos@xxxxxxxxxxxx> wrote: > OK this is when your are using the icap-client.What about when you are > using squid3? > > - Are you seeing any log entries in c-icap log files? Just to see if > squid contacts the icap server... > > - Do you see any error message in squid3 cache.log file? Maybe for a > reason squid can not access the icap server. > > - What are you seeing in your web browser? How are you testing your > configuration? If you are just trying to download the eicar.com file it > is probably stored in your squid cache or your web broswer cache before > you install the icap server. You need to remove it from your cache. Look > in FAQ for info: > http://wiki.squid-cache.org/SquidFaq/OperatingSquid#head-f418956943bd72ee8b94390ec9df241c3d1dfd20 > Also be sure that you had delete any web browser cache before the test. > > Regards, > Christos > > > malmeida@xxxxxxxxxxxxxx wrote: >> Test sample output >> >> >> /usr/local/c_icap/bin# /usr/local/c_icap/bin/icap-client -f >> /home/remy/Desktop/eicar.com.txt -s >> "srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple" >> ICAP server:localhost, ip:127.0.0.1, port:1344 >> >> <html> >> <head> >> <!--C-ICAP/060708rc1 srvClamAV module --> >> </head> >> <body> >> <H1>VIRUS FOUND</H1> >> >> You try to upload/download a file that contain the virus<br> >> Eicar-Test-Signature >> <p>This message generated by C-ICAP/060708rc1 srvClamAV/antivirus module >> <!-- And this is a silly HTML comment just to make this error bigger > than >> 512 bytes >> to allow it displayed in an IE. Yes the IE has a "feature" which does > not >> allow >> error messages smaller than 512 bytes displayed, because they are not >> considered >> enough "friendly" >> >> (Xmm...I think this stupid comment is better than empeding viruses or > porn >> images in this error message as a bad guy suggest me!)--> </body> >> </html> >> >> #for sample virus file test access log file of c-icap >> tail -f /usr/local/c_icap/var/log/access.log >> Thu Nov 27 23:09:48 2008, 127.0.0.1, 127.0.0.1, OPTIONS, >> srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple, OK >> Thu Nov 27 23:09:48 2008, 127.0.0.1, 127.0.0.1, RESPMOD, >> srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple, OK >> >> #for sample virus file test access log file of c-icap >> tail -f /usr/local/c_icap/var/log/server.log >> Thu Nov 27 23:09:48 2008, general, VIRUS DETECTED:Eicar-Test-Signature. >> Take action....... >> >> //Remy >> >> >> On Thu, 27 Nov 2008 19:50:16 +0200, Christos Tsantilas >> <christos@xxxxxxxxxxxx> wrote: >>> malmeida@xxxxxxxxxxxxxx wrote: >>>> Hi Christos, >>>> >>>> I think I have not made my self clear >>>> >>>> first of all I don't have icap_class and icap_access in my squid.conf >>> file >>>> since you said >>>>>>> Your configuration should also contain something like the > following: >>>>>>> >>>>>>> icap_class class_avi service_avi >>>>>>> icap_access class_avi allow all >>>> I did those changes as per you and got that message >>>> >>>> my problem is I have enabled icap support but some how its not work > (not >>>> able to scan) >>>> if is use the icap-client command to test it work fine >>>> >>>> where is my mistake? >>> Do you see error messages in your squid3 server.log file? >>> Are there any entries in c-icap's access.log file? >>> How are you testing it? >>> >>>> //Remy