Soooo 2.2 is in RELEASE 🙂
it is based on Freebsd 10.1 – Awesome…
But ripped my hair out getting AV filtering going.
Squid 3.4 now packages in clamd – no longer need to install HAVP.
Kept getting c-icap protocol errors…
After all day of digging, turns out c-icap was built only listening ipv6.
Thanks to https://redmine.pfsense.org/issues/4197
… edit /usr/local/pkg/squid.inc
start at line 1367 and replace current with this:
icap_service service_avi_req reqmod_precache icap://localhost:1344 /squidclamav bypass=off
adaptation_access service_avi_req allow all
icap_service service_avi_resp respmod_precache icap://localhost:1344/squidclamav bypass=on
adaptation_access service_avi_resp allow all
Also, under c-icap.conf in proxy server antivirus config,
Squidclamav warns redirect points to sample config domain (http://proxy.domain.dom/squid_clwarn.php)
Change redirect info on ‘squidclamav.conf’ field to pfsense gui or an external host.
c-icap Squidclamav service definition is no present.
Add ‘Service squid_clamav squidclamav.so'(without quotes) to ‘c-icap.conf’ field in order to get it working.
Remove ldap configuration’Manager:Apassword@ldap.chtsanti.net?o=chtsanti?mermberUid?(&(objectClass=posixGroup)(cn=%s))’ from ‘c-icap.conf’ field.
