Re: [squid-users] squid clamav and squidguard

2011-02-26 Thread Yuri Voinov 
That's elementary and ecplained in squidclamav documentation. Just read it.

Use squidclamav as primary redirector in squid.conf, set squidGuard as
secondary redirector in squidclamav.conf

My squidclamav.conf:
---

#-
# SquidClamav v5.3 default configuration file
#
# To know to customize your configuration file, see squidclamav manpage
# or go to http://squidclamav.darold.net/
#
#-
#
# Global configuration
#
squid_ip 127.0.0.1
squid_port 3128
logfile /usr/local/squid/var/logs/squidclamav.log
maxsize 500
redirect http://localhost/cgi-bin/clwarn.cgi.ru_RU
squidguard /usr/local/bin/squidGuard
debug 0
stat 0
maxredir 96
clamd_local /tmp/clamd.socket
clamd_ip 127.0.0.1
clamd_port 3310
timeout 60
useragent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
trust_cache 0
logredir 0

My squid.conf fragment:
---

# SquidGuard rewriter
#url_rewrite_program /usr/local/bin/squidGuard -c
/usr/local/squidGuard/squidGuard.conf
# SquidClamAV rewriter
url_rewrite_program /usr/local/bin/squidclamav
url_rewrite_children 96
redirect_rewrites_host_header on
#redirector_bypass on

All works perfectly.

On 2/27/11, Amos Jeffries  wrote:
> On 27/02/11 13:58, marco wrote:
>> Howdi folks,
>>
>> Iam using squid 2.7 with clamav and Squidguard, all works fine.
>> For the CEO of a Company i setup webmin, that he can get done his jobs
>> easy
>> by gui.
>> I installed the webmin extension für SquidGuard, but it says squidguard
>> isn´t configured in the cfg.
>> Thats right, but if i do this, it will insert "redirect_programm
>> /usr/local/bin/squidGuard" and clamav fails
>>
>> for squidclamav i used url_rewrite_programm. In the Configfile from
>> squidclamav i can add squidguard, but the Webminmodule says then "not
>> insert
>> in squid cfg file".
>>
>> Is there a way to do handle the problem ?
>
> Not with Squid. Only one helper is possible in Squid.
>
> This is a webmin problem detecting the wrong config state. Contact the
> webmin project for help.
>
> Amos
> --
> Please be using
>Current Stable Squid 2.7.STABLE9 or 3.1.11
>Beta testers wanted for 3.2.0.5
>


-- 
-= WBR, Yuri.
Powered by Google =-

[squid-users] RE: Cannot build 3.1.11 on Solaris 10 with IP-FIlter transparent support.

2011-02-15 Thread Yuri Voinov 
On Tue, Feb 15, 2011 at 1:41 PM, Yuri Voinov  wrote:
> Hi there,
>
>
>
> I cannot build 3.1.11 with IP-Filter transparent support on Solaris 10
> due to duplicate IPF header.
>
> My build option (working with 2.7 STABLE 9) is:
>
> ./configure '--disable-unlinkd' '--disable-ipv6' '-enable-ssl'
> '--enable-default-err-language=Russian-1251'
> --enable-err-languages='Russian-1251 English'
> '--enable-follow-x-forwarded-for' '--enable-delay-pools'
> '--enable-async-io=4' '--enable-storeio=ufs,diskd'
> '--prefix=/usr/local/squid' '--enable-external-acl-helpers=ldap_group'
>  '--enable-ipf-transparent' 'CC=gcc' 'CFLAGS=-O2 -march=i686
> -L/usr/local/lib -R/usr/local/lib -L/usr/local/ssl/lib
> -R/usr/local/ssl/lib -L/usr/openwin/lib -R/usr/openwin/lib
> -I/usr/local/rrdtool-1.4.2/include -I/usr/local/BerkeleyDB.4.7/include
> -I/usr/local/mysql/include' 'LDFLAGS=-L/usr/local/lib -R/usr/local/lib
> -R/usr/lib -L/usr/lib -R/usr/openwin/lib -L/usr/openwin/lib
> -L/usr/local/ssl/lib -R/usr/local/ssl/lib -L/usr/X11R6/lib
> -R/usr/X11R6/lib -L/usr/local/BerkeleyDB.4.7/lib
> -R/usr/local/BerkeleyDB.4.7/lib -L/usr/local/mysql/lib
> -R/usr/local/mysql/lib' 'CPPFLAGS=-I/usr/local/include
> -I/usr/local/ssl/include -I/usr/local/include/ncurses
> -I/usr/openwin/include -I/usr/local/rrdtool-1.4.2/include
> -I/usr/local/BerkeleyDB.4.7/include -I/usr/local/include/pcap
> -I/usr/local/include/freetype2'
>
> Configuration is successful, but make produces an error. Erorr is
> absent if I drop  '--enable-ipf-transparent' configuration flag.
>
> Is it bug, or just feature? Why it is not clear documented?
>
> PS. Yes, I need to build transparent proxy with IP Filter.

>>It's hard to tell if you don't paste the error message..
>>Could you please paste here the last few lines of the build output?

Yes, here is it:


libtool: compile:  g++ -DHAVE_CONFIG_H -I../.. -I../../include
-I../../src -I../../include -I/usr/local/include
-I/usr/local/ssl/include -I/usr/local/include/ncurses
-I/usr/openwin/include -I/usr/local/rrdtool-1.4.2/include
-I/usr/local/BerkeleyDB.4.7/include -I/usr/local/include/pcap
-I/usr/local/include/freetype2 -Wall -Wpointer-arith -Wwrite-strings
-Wcomments -Werror -D_REENTRANT -pthreads -DSOLARIS2=10 -g -O2 -MT
IpIntercept.lo -MD -MP -MF .deps/IpIntercept.Tpo -c IpIntercept.cc
-fPIC -DPIC -o .libs/IpIntercept.o
In file included from /usr/include/inet/ip.h:16,
 from /usr/include/netinet/ip_compat.h:189,
 from IpIntercept.cc:60:
/usr/include/inet/mib2.h:133: error: conflicting declaration 'typedef
uint32_t IpAddress'
../../src/ip/IpAddress.h:77: error: 'class IpAddress' has a previous
declaration as `class IpAddress'
IpIntercept.cc:127: error: prototype for `int
IpIntercept::NetfilterInterception(int, const IpAddress&, IpAddress&,
int)' does not match any in class `IpIntercept'
IpIntercept.h:106: error: candidate is: int
IpIntercept::NetfilterInterception(int, const IpAddress&, IpAddress&,
int)
IpIntercept.cc:158: error: prototype for `int
IpIntercept::NetfilterTransparent(int, const IpAddress&, IpAddress&,
int)' does not match any in class `IpIntercept'
IpIntercept.h:120: error: candidate is: int
IpIntercept::NetfilterTransparent(int, const IpAddress&, IpAddress&,
int)
IpIntercept.cc:177: error: prototype for `int
IpIntercept::IpfwInterception(int, const IpAddress&, IpAddress&, int)'
does not match any in class `IpIntercept'
IpIntercept.h:134: error: candidate is: int
IpIntercept::IpfwInterception(int, const IpAddress&, IpAddress&, int)
IpIntercept.cc:208: error: prototype for `int
IpIntercept::IpfInterception(int, const IpAddress&, IpAddress&,
IpAddress&, int)' does not match any in class `IpIntercept'
IpIntercept.h:143: error: candidate is: int
IpIntercept::IpfInterception(int, const IpAddress&, IpAddress&,
IpAddress&, int)
IpIntercept.cc: In member function `int
IpIntercept::IpfInterception(int, const IpAddress&, IpAddress&,
IpAddress&, int)':
IpIntercept.cc:229: error: request for member `GetPort' in `me', which
is of non-class type `const unsigned int'
IpIntercept.cc:230: error: request for member `GetPort' in `dst',
which is of non-class type `unsigned int'
IpIntercept.cc:231: error: request for member `GetInAddr' in `me',
which is of non-class type `const unsigned int'
IpIntercept.cc:232: error: request for member `GetInAddr' in `dst',
which is of non-class type `unsigned int'
IpIntercept.cc:287: error: no match for 'operator!=' in 'client !=
natLookup.natloo

[squid-users] Cannot build 3.1.11 on Solaris 10 with IP-FIlter transparent support.

2011-02-15 Thread Yuri Voinov 
Hi there,



I cannot build 3.1.11 with IP-Filter transparent support on Solaris
10 due to duplicate IPF header.

My build option (working with 2.7 STABLE 9) is:

./configure '--disable-unlinkd' '--disable-ipv6' '-enable-ssl'
'--enable-default-err-language=Russian-1251'
--enable-err-languages='Russian-1251 English'
'--enable-follow-x-forwarded-for' '--enable-delay-pools'
'--enable-async-io=4' '--enable-storeio=ufs,diskd'
'--prefix=/usr/local/squid' '--enable-external-acl-helpers=ldap_group'
 '--enable-ipf-transparent' 'CC=gcc' 'CFLAGS=-O2 -march=i686
-L/usr/local/lib -R/usr/local/lib -L/usr/local/ssl/lib
-R/usr/local/ssl/lib -L/usr/openwin/lib -R/usr/openwin/lib
-I/usr/local/rrdtool-1.4.2/include -I/usr/local/BerkeleyDB.4.7/include
-I/usr/local/mysql/include' 'LDFLAGS=-L/usr/local/lib -R/usr/local/lib
-R/usr/lib -L/usr/lib -R/usr/openwin/lib -L/usr/openwin/lib
-L/usr/local/ssl/lib -R/usr/local/ssl/lib -L/usr/X11R6/lib
-R/usr/X11R6/lib -L/usr/local/BerkeleyDB.4.7/lib
-R/usr/local/BerkeleyDB.4.7/lib -L/usr/local/mysql/lib
-R/usr/local/mysql/lib' 'CPPFLAGS=-I/usr/local/include
-I/usr/local/ssl/include -I/usr/local/include/ncurses
-I/usr/openwin/include -I/usr/local/rrdtool-1.4.2/include
-I/usr/local/BerkeleyDB.4.7/include -I/usr/local/include/pcap
-I/usr/local/include/freetype2'

Configuration is successful, but make produces an error. Erorr is
absent if I drop  '--enable-ipf-transparent' configuration flag.

Is it bug, or just feature? Why it is not clear documented?

PS. Yes, I need to build transparent proxy with IP Filter.



Thanks, bye.