This changes were merged to official package squid3-dev by it’s developer Marcello Coutinho
In this guide I’ll show how to have Squid3-dev running with Clamav on pfSense 2.1 (i386). I’ll not show here squid’s configurations/block lists.
First access your pfSense’s dashboard.
Installing Squid3-dev package
As this is a fresh install of pfSense we need to install squid3-dev package. Then let’s go to “System -> Package” menu, see image 02.
Then click on “Available Packages” tab, see image 03.
It’ll list all pfSense’s available packages, look for “squid3-dev” and click on installation icon to install squid3-dev package.
Then pfSense will starts squid3-dev install process.
As you can see in image 06, squid3-dev package comes with clamv antivirus installed.
Before we configure squid3-dev we have to fix some dependencies. So go to “Diagnostics->Command Prompt“, see image 07.
First let’s create clamav user, type the command below on “Execute Shell command” and click ‘Execute‘, image 08.
pw useradd clamav -G wheel
If it’s appears a message that user already exists, let’s just add clamav user to wheel’s group with command below.
pw usermod clamav -G wheel
Now we have to create clamav’s directories and give permissions to system access them, image 09:
mkdir /var/log/clamav chmod 775 /var/log/clamav mkdir /var/db/clamav chmod 775 /var/db/clamav mkdir /var/run/clamav chmod 775 /var/run/clamav
SquidClamAv uses the file “clwarn.cgi” to display virus information. This file is located on “/usr/local/www/clwarn.cgi“, but it’s no accessible via web browser, so let’s give permission to “clwarn.cgi” be accessible via browser:
chmod 775 /usr/local/www/clwarn.cgi
Updating ClamAV in PfSense
Now it’s time to update our antivirus, otherwise it won’t run. Execute below command:
As you can see above at the end of update system will display a warning:
WARNING: Clamd was NOT notified: Can’t connect to clamd through /var/run/clamav/clamd.sock
connect () : No such file or directory
Don’t worry about it, it’s because clamd isn’t running yet.
Fixing ClamAV Can’t connect to clamd
The file “clwarn.cgi” must be run by perl. In some cases pfSense can’t find perl on “/usr/bin/perl” because it’s located in “/usr/local/bin/perl“, so you can link “/usr/local/bin/perl” to “/usr/bin/perl“. Sometimes linking perl doesn’t work, than we have to edit perl path in file “/usr/local/www/clwarn.cgi“, changing “#!/usr/bin/perl” to “#!/usr/local/bin/perl” and hit “Save” button.
You can edit files in menu “Diagnostics->Edit File“, see image 07.
Configuring Squid3-dev proxy
Now it’s time to start squid3-dev and clamv. First let’s do a basic configuration. Go to “Services->Proxy server“.
Let’s configure squid3-dev to run on “LAN interface” with “transparent HTTP proxy” enable. See below in image 14.
Optionally let’s change “visible hostname” and “administrator email“.
And hit “Save” button at the end of the page.
As you can see in image 17 squid3-dev is running.
Let’s enable Squid3-dev’s ClamAV integration
Now let’s enable clamav integration. Click on “Antivirus” tab and then check “Enable” and hit “Save” button. Don’t worry if “squidclamav.conf” and “c-icap.conf” box is blank, after you hit “Save” button it’ll be automatically filled.
After page reloads, just change in “squidclamav.conf” box value of “redirect” option to “http://yourserverip/clwarn.cgi“, and hit “Save” button again.
If everything is working as it should you can try to access a page with an infected file and you’ll see a page like the one below, see image 19.
If you need some help or if this helped you, leave a comment below.