pfSense 2.1: Squid3-dev + Clamav (i386)

This changes were merged to official package squid3-dev by it’s developer Marcello Coutinho

In this guide I’ll show how to have Squid3-dev running with Clamav on pfSense 2.1 (i386). I’ll not show here squid’s configurations/block lists.

Let’s Start!

First access your pfSense’s dashboard.

[caption id="attachment_41" align="aligncenter" width="1044"]pfsense32_squid3-dev_001 Image 01: pfSense i386 Dashboard[/caption]

Installing Squid3-dev package

As this is a fresh install of pfSense we need to install squid3-dev package. Then let’s go to “System -> Package” menu, see image 02.

[caption id="attachment_42" align="aligncenter" width="254"]pfsense32_squid3-dev_002 Image 02: pfSense System’s menu[/caption]

Then click on “Available Packages” tab, see image 03.

[caption id="attachment_43" align="aligncenter" width="327"]pfsense32_squid3-dev_003 Image 03: pfSense Package Manager’s tabs[/caption]

It’ll list all pfSense’s available packages, look for “squid3-dev” and click on installation icon to install squid3-dev package.

[caption id="attachment_44" align="aligncenter" width="1044"]pfsense32_squid3-dev_004 Image 04: pfSense packages[/caption]

Then pfSense will starts squid3-dev install process.

[caption id="attachment_45" align="aligncenter" width="1044"]pfsense32_squid3-dev_005 Image 05: pfSense squid3-dev installation process[/caption]

As you can see in image 06, squid3-dev package comes with clamv antivirus installed.

[caption id="attachment_46" align="aligncenter" width="1044"]pfsense32_squid3-dev_006 Image 06: pfSense Services status’ page[/caption]

Configuring ClamAV in PfSense

Before we configure squid3-dev we have to fix some dependencies. So go to “Diagnostics->Command Prompt“, see image 07.

[caption id="attachment_47" align="aligncenter" width="242"]pfsense32_squid3-dev_007 Image 07: pfSense Diagnostics’ menu[/caption]

First let’s create clamav user, type the command below on “Execute Shell command” and click ‘Execute‘, image 08.

pw useradd clamav -G wheel 

If it’s appears a message that user already exists, let’s just add clamav user to wheel’s group with command below.

pw usermod clamav -G wheel 
[caption id="attachment_48" align="aligncenter" width="1044"]pfsense32_squid3-dev_008 Image 08: pfSense Command Prompt / add system’s user[/caption]

Now we have to create clamav’s directories and give permissions to system access them, image 09:

mkdir /var/log/clamav
chmod 775 /var/log/clamav
mkdir /var/db/clamav
chmod 775 /var/db/clamav
mkdir /var/run/clamav
chmod 775 /var/run/clamav
[caption id="attachment_49" align="aligncenter" width="1044"]pfsense32_squid3-dev_009 Image 09: pfSense Command Prompt / creating folders, settings permissions[/caption]

SquidClamAv uses the file “clwarn.cgi” to display virus information. This file is located on “/usr/local/www/clwarn.cgi“, but it’s no accessible via web browser, so let’s give permission to “clwarn.cgi” be accessible via browser:

 chmod 775 /usr/local/www/clwarn.cgi
[caption id="attachment_50" align="aligncenter" width="1044"]pfsense32_squid3-dev_010 Image 10: pfSense Command Prompt / set clwarn.cgi permission[/caption]

Updating ClamAV in PfSense

Now it’s time to update our antivirus, otherwise it won’t run. Execute below command:

[caption id="attachment_51" align="aligncenter" width="1044"]pfsense32_squid3-dev_011 Image 11: pfSense Command Prompt / update clamav antivirus[/caption]

As you can see above at the end of update system will display a warning:

WARNING: Clamd was NOT notified: Can’t connect to clamd through /var/run/clamav/clamd.sock
connect () : No such file or directory

Don’t worry about it, it’s because clamd isn’t running yet.

Fixing ClamAV Can’t connect to clamd

The file “clwarn.cgi” must be run by perl. In some cases pfSense can’t find perl on “/usr/bin/perl” because it’s located in “/usr/local/bin/perl“, so you can link “/usr/local/bin/perl” to “/usr/bin/perl“. Sometimes linking perl doesn’t work, than we have to edit perl path in file “/usr/local/www/clwarn.cgi“, changing “#!/usr/bin/perl” to “#!/usr/local/bin/perl” and hit “Save” button.
You can edit files in menu “Diagnostics->Edit File“, see image 07.

[caption id="attachment_52" align="aligncenter" width="1044"]pfsense32_squid3-dev_012 Image 12: pfSense Edit file /usr/local/www/clwarn.cgi / change perl path[/caption]

Configuring Squid3-dev proxy

Now it’s time to start squid3-dev and clamv. First let’s do a basic configuration. Go to “Services->Proxy server“.

[caption id="attachment_53" align="aligncenter" width="299"]pfsense32_squid3-dev_013 Image 13: pfSense Services’ menu[/caption]

Let’s configure squid3-dev to run on “LAN interface” with “transparent HTTP proxy” enable. See below in image 14.

[caption id="attachment_54" align="aligncenter" width="1044"]pfsense32_squid3-dev_014 Image 14: pfSense Basic squid3-dev configuration[/caption]

Optionally let’s change “visible hostname” and “administrator email“.

[caption id="attachment_55" align="aligncenter" width="1044"]pfsense32_squid3-dev_015 Image 15: pfSense Basic squid3-dev configuration[/caption]

And hit “Save” button at the end of the page.

[caption id="attachment_56" align="aligncenter" width="1059"]pfsense32_squid3-dev_016 Image 16: pfSense Basic squid3-dev configuration[/caption]

As you can see in image 17 squid3-dev is running.

[caption id="attachment_57" align="aligncenter" width="936"]pfsense32_squid3-dev_017 Image 17: pfSense squid3-dev running icon[/caption]

Let’s enable Squid3-dev’s ClamAV integration

Now let’s enable clamav integration. Click on “Antivirus” tab and then check “Enable” and hit “Save” button. Don’t worry if “squidclamav.conf” and “c-icap.conf” box is blank, after you hit “Save” button it’ll be automatically filled.

After page reloads, just change in “squidclamav.conf” box value of “redirect” option to “http://yourserverip/clwarn.cgi“, and hit “Save” button again.

[caption id="attachment_58" align="aligncenter" width="1044"]pfsense32_squid3-dev_018 Image 18: pfSensesquid3-dev enabling clamav antivirus[/caption]

If everything is working as it should you can try to access a page with an infected file and you’ll see a page like the one below, see image 19.

[caption id="attachment_59" align="aligncenter" width="1044"]pfsense32_squid3-dev_019 Image 19: pfSense testing squid3-dev + clamv antivirus[/caption]

If you need some help or if this helped you, leave a comment below.

  CentOs 7 Unknown filesystem type 'exfat' or 'ntfs'