pfSense 2.2 + Squid3 + c-icap

Soooo 2.2 is in RELEASE 🙂

it is based on Freebsd 10.1 – Awesome…

But ripped my hair out getting AV filtering going.

Squid 3.4 now packages in clamd – no longer need to install HAVP.

Kept getting c-icap protocol errors…

After all day of digging, turns out c-icap was built only listening ipv6.

Thanks to

… edit /usr/local/pkg/

start at line 1367 and replace current with this:
icap_service service_avi_req reqmod_precache icap://localhost:1344 /squidclamav bypass=off
adaptation_access service_avi_req allow all
icap_service service_avi_resp respmod_precache icap://localhost:1344/squidclamav bypass=on
adaptation_access service_avi_resp allow all

Also, under c-icap.conf in proxy server antivirus config,
Squidclamav warns redirect points to sample config domain (http://proxy.domain.dom/squid_clwarn.php)
Change redirect info on ‘squidclamav.conf’ field to pfsense gui or an external host.
c-icap Squidclamav service definition is no present.
Add ‘Service squid_clamav'(without quotes) to ‘c-icap.conf’ field in order to get it working.
Remove ldap configuration’’ from ‘c-icap.conf’ field.

Leave a Reply

Your email address will not be published. Required fields are marked *