squid, squirm, clamav, viralator 0.9.8, Invoked with the arguments

Stefan Reible <mail@xxxxxxxxxxxxxxxx> · Fri, 19 Mar 2010 14:02:19 +0100

Hey,

I am using squid 3.0.19 with squirm 1.23, clamav 0.95.3, viralator  
0.9.8 from svn and mozilla firefox with configured proxy.

If I put following url in my Firefox:

http://squid1.testdomain.de/cgi-bin/viralator.cgi?action=http://putty.very.rulez.org/latest/x86/putty.exe

I get this Output:

squid1 log # tail -f viralator.log

2010/03/19 13:47:28 INFO> viralator.cgi: 1637 main::config_app -  
Reading configuration file /etc/viralator/viralator.conf
2010/03/19 13:47:28 INFO> viralator.cgi: 1668 main::config_app -  
Configuration file was read successfully
2010/03/19 13:47:28 DEBUG> viralator.cgi: 1679 main::config_app -  
Values recovered from configuration file
popupwidth -> 600
filechmod -> 0644
popupback -> false
maximum_size -> 1689600
css_file -> style.css
virusscanner -> clamdscan
dirmask -> 0022
scannersummary -> true
scannerpath -> /usr/bin
progress_indicator -> progress.png
downloadsdir -> /downloads
default_language -> english.txt
alert -> FOUND
downloads -> /var/www/localhost/htdocs/downloads
lang -> en-US
viruscmd -> --verbose --stdout
secret -> sdfjkjk438sdfh234Hasdh73
charset -> ISO-8859-1
skip_downloads -> true
popupheight -> 400
popupfast -> false
progress_unit -> bar.png
2010/03/19 13:47:28 INFO> viralator.cgi: 1683 main::config_app -  
Testing configuration values
2010/03/19 13:47:28 INFO> viralator.cgi: 1717 main::config_app -  
Configuration is OK
2010/03/19 13:47:28 INFO> viralator.cgi: 1731 main::config_lang -  
Trying to read language file /etc/viralator/languages/english.txt
2010/03/19 13:47:28 INFO> viralator.cgi: 1755 main::config_lang -  
Language file read successfully
2010/03/19 13:47:28 INFO> viralator.cgi: 101 main:: - Client  
192.9.200.32 connected to Viralator
2010/03/19 13:47:28 INFO> viralator.cgi: 140 main:: - Charset is  
defined as ISO-8859-1
2010/03/19 13:47:28 INFO> viralator.cgi: 156 main:: - Presenting  
initial page to user
2010/03/19 13:47:28 DEBUG> viralator.cgi: 162 main:: - Parameters  
received action
2010/03/19 13:47:28 DEBUG> viralator.cgi: 1356 main::test_param -  
Invoked with the arguments: action,  
http://putty.very.rulez.org/latest/x86/putty.exe
2010/03/19 13:47:28 ERROR> viralator.cgi: 676 main::error - Invalid  
value for action parameter:  
http://putty.very.rulez.org/latest/x86/putty.exe - requested by  
192.9.200.32

And when I put the url normaly:

http://putty.very.rulez.org/latest/x86/putty.exe

I get:

(....)
2010/03/19 13:49:16 INFO> viralator.cgi: 1683 main::config_app -  
Testing configuration values
2010/03/19 13:49:16 INFO> viralator.cgi: 1717 main::config_app -  
Configuration is OK
2010/03/19 13:49:16 INFO> viralator.cgi: 1731 main::config_lang -  
Trying to read language file /etc/viralator/languages/english.txt
2010/03/19 13:49:16 INFO> viralator.cgi: 1755 main::config_lang -  
Language file read successfully
2010/03/19 13:49:16 INFO> viralator.cgi: 101 main:: - Client  
192.9.200.32 connected to Viralator
2010/03/19 13:49:16 INFO> viralator.cgi: 140 main:: - Charset is  
defined as ISO-8859-1
2010/03/19 13:49:16 INFO> viralator.cgi: 156 main:: - Presenting  
initial page to user
2010/03/19 13:49:16 DEBUG> viralator.cgi: 162 main:: - Parameters received url
2010/03/19 13:49:16 DEBUG> viralator.cgi: 1356 main::test_param -  
Invoked with the arguments: url,  
http://putty.very.rulez.org/latest/x86/putty.exe
2010/03/19 13:49:16 INFO> viralator.cgi: 197 main:: - No referer is available
2010/03/19 13:49:16 DEBUG> viralator.cgi: 1459 main::WinOpen - Invoked  
with the arguments:  
http://192.9.200.32/cgi-bin/viralator.cgi?action=popup&fileurl=http://putty.very.rulez.org/latest/x86/putty.exe, 1269002956,  
width=600,height=400,scrollbars=1,resize=no

The download button didn't work. Here is my squirm.patterns:

abortregexi ^http://192.9.200.32.* #zB (^http://192\.168\.100\.1/.*)
abortregexi ^http://squid1.testdomain.de.*
regexi ^(.*\.zip)$ http://192.9.200.32/cgi-bin/viralator.cgi?url=\1
regexi ^(.*\.exe)$ http://192.9.200.32/cgi-bin/viralator.cgi?url=\1

squirm match log:

Fri Mar 19 13:49:16  
2010:http://putty.very.rulez.org/latest/x86/putty.exe:http://192.9.200.32/cgi-bin/viralator.cgi?url=http://putty.very.rulez.org/latest/x86/putty.exe

My viralator config:

default_language -> english.txt
charset -> ISO-8859-1
lang -> en-US
servername ->
proxy_address ->
proxy_port ->
maximum_size -> 1689600
virusscanner -> clamdscan
scannerpath -> /usr/bin
viruscmd -> --verbose --stdout
alert -> FOUND
scannersummary -> true
downloads -> /var/www/localhost/htdocs/downloads
skip_downloads -> true
downloadsdir -> /downloads
(....)

I don't find an error in my config. I`m running the whole system under  
linux gentoo, an in future the proxy server will be in transparent  
mode. The squid and squirm are running as user squid.

Regards, Stefan