pfSense 2.1: Squid3-dev + Clamav (i386)

This changes were merged to official package squid3-dev by it’s developer Marcello Coutinho

In this guide I’ll show how to have Squid3-dev running with Clamav on pfSense 2.1 (i386). I’ll not show here squid’s configurations/block lists.

Let’s Start!

First access your pfSense’s dashboard.

pfsense32_squid3-dev_001
Image 01: pfSense i386 Dashboard

Installing Squid3-dev package

As this is a fresh install of pfSense we need to install squid3-dev package. Then let’s go to “System -> Package” menu, see image 02.

pfsense32_squid3-dev_002
Image 02: pfSense System’s menu

Then click on “Available Packages” tab, see image 03.

pfsense32_squid3-dev_003
Image 03: pfSense Package Manager’s tabs

It’ll list all pfSense’s available packages, look for “squid3-dev” and click on installation icon to install squid3-dev package.

pfsense32_squid3-dev_004
Image 04: pfSense packages

Then pfSense will starts squid3-dev install process.

pfsense32_squid3-dev_005
Image 05: pfSense squid3-dev installation process

As you can see in image 06, squid3-dev package comes with clamv antivirus installed.

pfsense32_squid3-dev_006
Image 06: pfSense Services status’ page

Configuring ClamAV in PfSense

Before we configure squid3-dev we have to fix some dependencies. So go to “Diagnostics->Command Prompt“, see image 07.

pfsense32_squid3-dev_007
Image 07: pfSense Diagnostics’ menu

First let’s create clamav user, type the command below on “Execute Shell command” and click ‘Execute‘, image 08.

pw useradd clamav -G wheel 

If it’s appears a message that user already exists, let’s just add clamav user to wheel’s group with command below.

pw usermod clamav -G wheel 
pfsense32_squid3-dev_008
Image 08: pfSense Command Prompt / add system’s user

Now we have to create clamav’s directories and give permissions to system access them, image 09:

mkdir /var/log/clamav
chmod 775 /var/log/clamav
mkdir /var/db/clamav
chmod 775 /var/db/clamav
mkdir /var/run/clamav
chmod 775 /var/run/clamav
pfsense32_squid3-dev_009
Image 09: pfSense Command Prompt / creating folders, settings permissions

SquidClamAv uses the file “clwarn.cgi” to display virus information. This file is located on “/usr/local/www/clwarn.cgi“, but it’s no accessible via web browser, so let’s give permission to “clwarn.cgi” be accessible via browser:

 chmod 775 /usr/local/www/clwarn.cgi
pfsense32_squid3-dev_010
Image 10: pfSense Command Prompt / set clwarn.cgi permission

Updating ClamAV in PfSense

Now it’s time to update our antivirus, otherwise it won’t run. Execute below command:

freshclam
pfsense32_squid3-dev_011
Image 11: pfSense Command Prompt / update clamav antivirus

As you can see above at the end of update system will display a warning:

WARNING: Clamd was NOT notified: Can’t connect to clamd through /var/run/clamav/clamd.sock
connect () : No such file or directory

Don’t worry about it, it’s because clamd isn’t running yet.

  Instalar PHP-FPM 7 no Ubuntu 16.10

Fixing ClamAV Can’t connect to clamd

The file “clwarn.cgi” must be run by perl. In some cases pfSense can’t find perl on “/usr/bin/perl” because it’s located in “/usr/local/bin/perl“, so you can link “/usr/local/bin/perl” to “/usr/bin/perl“. Sometimes linking perl doesn’t work, than we have to edit perl path in file “/usr/local/www/clwarn.cgi“, changing “#!/usr/bin/perl” to “#!/usr/local/bin/perl” and hit “Save” button.
You can edit files in menu “Diagnostics->Edit File“, see image 07.

  Instalando/Utilizando o Protheus TOTVS em estações Linux 64 bits
pfsense32_squid3-dev_012
Image 12: pfSense Edit file /usr/local/www/clwarn.cgi / change perl path

Configuring Squid3-dev proxy

Now it’s time to start squid3-dev and clamv. First let’s do a basic configuration. Go to “Services->Proxy server“.

pfsense32_squid3-dev_013
Image 13: pfSense Services’ menu

Let’s configure squid3-dev to run on “LAN interface” with “transparent HTTP proxy” enable. See below in image 14.

pfsense32_squid3-dev_014
Image 14: pfSense Basic squid3-dev configuration

Optionally let’s change “visible hostname” and “administrator email“.

pfsense32_squid3-dev_015
Image 15: pfSense Basic squid3-dev configuration

And hit “Save” button at the end of the page.

pfsense32_squid3-dev_016
Image 16: pfSense Basic squid3-dev configuration

As you can see in image 17 squid3-dev is running.

  Executar o comando wget em segundo plano/background
pfsense32_squid3-dev_017
Image 17: pfSense squid3-dev running icon

Let’s enable Squid3-dev’s ClamAV integration

Now let’s enable clamav integration. Click on “Antivirus” tab and then check “Enable” and hit “Save” button. Don’t worry if “squidclamav.conf” and “c-icap.conf” box is blank, after you hit “Save” button it’ll be automatically filled.

After page reloads, just change in “squidclamav.conf” box value of “redirect” option to “http://yourserverip/clwarn.cgi“, and hit “Save” button again.

pfsense32_squid3-dev_018
Image 18: pfSensesquid3-dev enabling clamav antivirus

If everything is working as it should you can try to access a page with an infected file and you’ll see a page like the one below, see image 19.

pfsense32_squid3-dev_019
Image 19: pfSense testing squid3-dev + clamv antivirus

If you need some help or if this helped you, leave a comment below.