SQUID & ICAP & ClamAV

Проблемы с установкой, настройкой и работой системных и сетевых программ.

Модераторы: GRooVE, alexco

Правила форума
Убедительная просьба юзать теги [code] при оформлении листингов.
Сообщения не оформленные должным образом имеют все шансы быть незамеченными.
Nichls
проходил мимо
Сообщения: 8
Зарегистрирован: 2007-02-28 14:20:30
Контактная информация:

SQUID & ICAP & ClamAV

Непрочитанное сообщение Nichls » 2007-02-28 15:30:26

Добрый день.

Автор данной статьи http://www.lissyara.su/?id=1128 просил все вопросы задавать в форуме.

Большое автору спасибо за труд.

Перейду к делу.

Система:
FreeBSD 6.2-RELEASE

Squid и c-icap из портов. Устанавливал как описано в указанном выше мануале.

Код: Выделить всё

[root@pantera ~]# squid -v
Squid Cache: Version 2.6.STABLE9
configure options: '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' '--localstatedir=/usr/local/squid' '--sysconfdir=/usr/local/etc/squid' '--enable-removal-policies=lru heap' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-epoll' '--enable-auth=basic ntlm digest' '--enable-basic-auth-helpers=NCSA PAM MSNT SMB YP' '--enable-digest-auth-helpers=password' '--enable-external-acl-helpers=ip_user session unix_group wbinfo_group' '--enable-ntlm-auth-helpers=SMB' '--enable-storeio=ufs diskd null' '--enable-icap-support' '--enable-kqueue' '--with-large-files' '--enable-large-cache-files' '--enable-err-languages=Azerbaijani Bulgarian Catalan Czech Danish Dutch  English Estonian Finnish French German Greek Hebrew  Hungarian Italian Japanese Korean Lithuanian  Polish Portuguese Romanian Russian-1251 Russian-koi8-r  Serbian Simplify_Chinese Slovak Spanish Swedish  Traditional_Chinese Turkish' '--enable-default-err-language=English' '--prefix=/usr/local' 'i386-portbld-freebsd6.2' 'CC=cc' 'CFLAGS=-O2 -fno-strict-aliasing -pipe ' 'CPPFLAGS=' 'LDFLAGS=' 'build_alias=i386-portbld-freebsd6.2' 'host_alias=i386-portbld-freebsd6.2' 'target_alias=i386-portbld-freebsd6.2'
[root@pantera ~]#
Права на директории:

для Squid:

Код: Выделить всё

[root@pantera ~]# ls -l /usr/local/squid/
total 6
drwxr-x---  2 nobody  nobody  512 Feb 27 12:26 cache
drwxr-xr-x  2 nobody  nobody  512 Feb 28 13:04 infected
drwxr-x---  2 nobody  nobody  512 Feb 28 14:39 logs
[root@pantera ~]#
Место под кэш для Squid:

Код: Выделить всё

[root@pantera ~]# ls -l /
......
drwxr-xr-x  19 nobody  nobody     512 Feb 28 14:39 cache
....
[root@pantera ~]#
Логи Squid:

Код: Выделить всё

[root@pantera ~]# ls -l /home/squid-log/
total 102
-rw-r-----  1 nobody  nobody  24457 Feb 28 14:39 access.log
-rw-r-----  1 nobody  nobody  53358 Feb 28 14:39 cache.log
-rw-r-----  1 nobody  nobody  24172 Feb 28 14:39 store.log
[root@pantera ~]#

Логи c-icap:

Код: Выделить всё

[root@pantera ~]# ls -l /home/
...
drwxr-xr-x  3 nobody  nobody    512 Feb 28 14:29 icap
...
[root@pantera ~]#

[root@pantera ~]# ls -l /home/icap/
total 2
drwxr-xr-x  2 nobody  nobody  512 Feb 28 14:29 tmp
[root@pantera ~]#



Конфиг Squid'a:

Код: Выделить всё

[root@pantera ~]# cat /usr/local/etc/squid/squid.conf

http_port 8080

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

cache_mem 128 MB
maximum_object_size 35840 KB
minimum_object_size  5 KB

ipcache_size 1024
ipcache_low 90
ipcache_high 95

cache_dir ufs /cache  20480 16 4096
access_log /home/squid-log/access.log
cache_log /home/squid-log/cache.log
cache_store_log /home/squid-log/store.log

dns_nameservers XXX.XXX.XXX.XXX

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320

icap_enable on
icap_preview_enable on
icap_preview_size 128
icap_send_client_ip on

half_closed_clients off

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 21 443 563 70 210 1025-65535 200 204 7772
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 8080
acl CONNECT method CONNECT

acl proxy-server src 10.66.64.166

http_access allow proxy-server
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access deny all
http_reply_access allow all

icp_access allow all

cache_mgr webmaster@domain.ru
cache_effective_user nobody
cache_effective_group nobody

visible_hostname pantera.domain.ru
unique_hostname pantera.domain.ru

icap_service         service_1 reqmod_precache 0 icap://localhost:1344/srv_clamav
icap_service         service_2 respmod_precache 1 icap://localhost:1344/srv_clamav
icap_class           class_antivirus service_2 service_1
icap_access          class_antivirus allow all

logfile_rotate 30
append_domain .domain.ru
memory_pools on
memory_pools_limit 50 MB
forwarded_for off
log_icp_queries off
client_db off
coredump_dir /usr/local/squid/
Конфиг i-cap:

Код: Выделить всё

[root@pantera ~]# cat /usr/local/etc/c-icap.conf
PidFile /var/run/c-icap.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 600
StartServers 3
MaxServers 10
MinSpareThreads     10
MaxSpareThreads     20
ThreadsPerChild     10
MaxRequestsPerChild  0

Port 1344
User nobody
Group nobody

TmpDir /home/icap/tmp
MaxMemObject 131072

ServerLog /home/icap/icap-server.log
AccessLog /home/icap/icap-access.log

ModulesDir /usr/local/lib/c_icap/
Module logger sys_logger.so
Module perl_handler perl_handler.so

sys_logger.Prefix "icap"
sys_logger.Facility local1

Logger sys_logger

acl squid_respmod src 127.0.0.0/255.255.225.255 type respmod
icap_access allow squid_respmod

ServicesDir /usr/local/lib/c_icap
Service echo_module srv_echo.so
Service squard_module srv_sguard.so
Service antivirus_module srv_clamav.so

srv_clamav.ScanFileTypes TEXT DATA EXECUTABLE ARCHIVE GIF JPEG MSOFFICE
srv_clamav.SendPercentData 5
srv_clamav.StartSendPercentDataAfter 2M

srv_clamav.MaxObjectSize  5M
srv_clamav.ClamAvMaxFilesInArchive 0
srv_clamav.ClamAvMaxFileSizeInArchive 100M
srv_clamav.ClamAvMaxRecLevel 5

# следующеи строки - это когда похоже на режим какого-то
# `виралатора` - поюзал, непонравилось...
#srv_clamav.VirSaveDir /usr/local/squid/infected/
#srv_clamav.VirHTTPServer  "http://192.168.254.254/"
#srv_clamav.VirUpdateTime   15
#srv_clamav.VirScanFileTypes ARCHIVE EXECUTABLE

Если c-icap в squid'e отключить, выход в Интернет работает.

Запускаем все это

Сначало c-icap:

Код: Выделить всё

[root@pantera ~]# c-icap -d 1 -D
Enabling parameter -D
Setting parameter :PidFile=/var/run/c-icap.pid
Setting parameter :Timeout=300
Setting parameter :KeepAliveTimeout=600
Setting parameter :StartServers=3
Setting parameter :MaxServers=10
Setting parameter :MinSpareThreads=10
Setting parameter :MaxSpareThreads=20
Setting parameter :ThreadsPerChild=10
Setting parameter :Port=1344
Setting parameter :User=nobody
Setting parameter :Group=nobody
Setting parameter :TmpDir=/home/icap/tmp
Setting parameter :MaxMemObject=131072
Setting parameter :ServerLog=/home/icap/icap-server.log
Setting parameter :AccessLog=/home/icap/icap-access.log
Setting parameter :ModulesDir=/usr/local/lib/c_icap/
Loading service :logger path sys_logger.so
Loading service :perl_handler path perl_handler.so
Uknown type of module:perl_handler
Error loading service
Going to search variable Prefix in table sys_logger
Setting parameter :Prefix=icap
Going to search variable Facility in table sys_logger
Setting parameter :Logger=sys_logger
Setting parameter :ServicesDir=/usr/local/lib/c_icap
Loading service :echo_module path srv_echo.so
Found handler C_handler for service with extension:.so
Initialization of echo module......
Loading service :squard_module path srv_sguard.so
Found handler C_handler for service with extension:.so
Error loading service srv_sguard.so: (null)
Error finding symbol "service" in  module srv_sguard.so
Error loading service
Loading service :antivirus_module path srv_clamav.so
Found handler C_handler for service with extension:.so
Error loading service srv_clamav.so: (null)
Error finding symbol "service" in  module srv_clamav.so
Error loading service
Going to search variable ScanFileTypes in table srv_clamav
Going to search variable SendPercentData in table srv_clamav
Going to search variable StartSendPercentDataAfter in table srv_clamav
Going to search variable MaxObjectSize in table srv_clamav
Going to search variable ClamAvMaxFilesInArchive in table srv_clamav
Going to search variable ClamAvMaxFileSizeInArchive in table srv_clamav
Going to search variable ClamAvMaxRecLevel in table srv_clamav
My hostname is:pantera.domain.ru
Следом Squid:

Код: Выделить всё

[root@pantera /usr/ports/www/c-icap]# squid -d 10 -N -X
2007/02/28 15:20:21| Memory pools are 'off'; limit: 0.00 MB
2007/02/28 15:20:21| cachemgrRegister: registered mem
2007/02/28 15:20:21| cbdataInit
2007/02/28 15:20:21| cachemgrRegister: registered cbdata
2007/02/28 15:20:21| cachemgrRegister: registered events
2007/02/28 15:20:21| cachemgrRegister: registered diskd
2007/02/28 15:20:21| diskd started
2007/02/28 15:20:21| authSchemeAdd: adding basic
2007/02/28 15:20:21| authSchemeAdd: adding ntlm
2007/02/28 15:20:21| authSchemeAdd: adding digest
2007/02/28 15:20:21| parse_line: icp_port 3130
2007/02/28 15:20:21| parse_line: udp_incoming_address 0.0.0.0
2007/02/28 15:20:21| parse_line: udp_outgoing_address 255.255.255.255
2007/02/28 15:20:21| parse_line: icp_query_timeout 0
2007/02/28 15:20:21| parse_line: maximum_icp_query_timeout 2000
2007/02/28 15:20:21| parse_line: mcast_icp_query_timeout 2000
2007/02/28 15:20:21| parse_line: dead_peer_timeout 10 seconds
2007/02/28 15:20:21| parse_line: cache_vary on
2007/02/28 15:20:21| parse_line: cache_mem 8 MB
2007/02/28 15:20:21| parse_line: cache_swap_low 90
2007/02/28 15:20:21| parse_line: cache_swap_high 95
2007/02/28 15:20:21| parse_line: maximum_object_size 4096 KB
2007/02/28 15:20:21| parse_line: minimum_object_size 0 KB
2007/02/28 15:20:21| parse_line: maximum_object_size_in_memory 8 KB
2007/02/28 15:20:21| parse_line: ipcache_size 1024
2007/02/28 15:20:21| parse_line: ipcache_low 90
2007/02/28 15:20:21| parse_line: ipcache_high 95
2007/02/28 15:20:21| parse_line: fqdncache_size 1024
2007/02/28 15:20:21| parse_line: cache_replacement_policy lru
2007/02/28 15:20:21| parse_line: memory_replacement_policy lru
2007/02/28 15:20:21| parse_line: cache_log /usr/local/squid/logs/cache.log
2007/02/28 15:20:21| parse_line: cache_store_log /usr/local/squid/logs/store.log
2007/02/28 15:20:21| parse_line: emulate_httpd_log off
2007/02/28 15:20:21| parse_line: log_ip_on_direct on
2007/02/28 15:20:21| parse_line: mime_table /usr/local/etc/squid/mime.conf
2007/02/28 15:20:21| parse_line: log_mime_hdrs off
2007/02/28 15:20:21| parse_line: pid_filename /usr/local/squid/logs/squid.pid
2007/02/28 15:20:21| parse_line: debug_options ALL,1
2007/02/28 15:20:21| parse_line: log_fqdn off
2007/02/28 15:20:21| parse_line: client_netmask 255.255.255.255
2007/02/28 15:20:21| parse_line: ftp_user Squid@
2007/02/28 15:20:21| parse_line: ftp_list_width 32
2007/02/28 15:20:21| parse_line: ftp_passive on
2007/02/28 15:20:21| parse_line: ftp_sanitycheck on
2007/02/28 15:20:21| parse_line: ftp_telnet_protocol on
2007/02/28 15:20:21| parse_line: check_hostnames on
2007/02/28 15:20:21| parse_line: allow_underscore on
2007/02/28 15:20:21| parse_line: dns_retransmit_interval 5 seconds
2007/02/28 15:20:21| parse_line: dns_timeout 2 minutes
2007/02/28 15:20:21| parse_line: dns_defnames off
2007/02/28 15:20:21| parse_line: hosts_file /etc/hosts
2007/02/28 15:20:21| parse_line: diskd_program /usr/local/libexec/squid/diskd-daemon
2007/02/28 15:20:21| parse_line: unlinkd_program /usr/local/libexec/squid/unlinkd
2007/02/28 15:20:21| parse_line: url_rewrite_children 5
2007/02/28 15:20:21| parse_line: url_rewrite_concurrency 0
2007/02/28 15:20:21| parse_line: url_rewrite_host_header on
2007/02/28 15:20:21| parse_line: location_rewrite_children 5
2007/02/28 15:20:21| parse_line: location_rewrite_concurrency 0
2007/02/28 15:20:21| parse_line: authenticate_cache_garbage_interval 1 hour
2007/02/28 15:20:21| parse_line: authenticate_ttl 1 hour
2007/02/28 15:20:21| parse_line: authenticate_ip_ttl 0 seconds
2007/02/28 15:20:21| parse_line: wais_relay_port 0
2007/02/28 15:20:21| parse_line: request_header_max_size 20 KB
2007/02/28 15:20:21| parse_line: request_body_max_size 0 KB
2007/02/28 15:20:21| parse_line: quick_abort_min 16 KB
2007/02/28 15:20:21| parse_line: quick_abort_max 16 KB
2007/02/28 15:20:21| parse_line: quick_abort_pct 95
2007/02/28 15:20:21| parse_line: read_ahead_gap 16 KB
2007/02/28 15:20:21| parse_line: negative_ttl 5 minutes
2007/02/28 15:20:21| parse_line: positive_dns_ttl 6 hours
2007/02/28 15:20:21| parse_line: negative_dns_ttl 1 minute
2007/02/28 15:20:21| parse_line: range_offset_limit 0 KB
2007/02/28 15:20:21| parse_line: collapsed_forwarding off
2007/02/28 15:20:21| parse_line: refresh_stale_hit 0 seconds
2007/02/28 15:20:21| parse_line: forward_timeout 4 minutes
2007/02/28 15:20:21| parse_line: connect_timeout 1 minute
2007/02/28 15:20:21| parse_line: peer_connect_timeout 30 seconds
2007/02/28 15:20:21| parse_line: read_timeout 15 minutes
2007/02/28 15:20:21| parse_line: request_timeout 5 minutes
2007/02/28 15:20:21| parse_line: persistent_request_timeout 1 minute
2007/02/28 15:20:21| parse_line: client_lifetime 1 day
2007/02/28 15:20:21| parse_line: half_closed_clients on
2007/02/28 15:20:21| parse_line: pconn_timeout 120 seconds
2007/02/28 15:20:21| parse_line: ident_timeout 10 seconds
2007/02/28 15:20:21| parse_line: shutdown_lifetime 30 seconds
2007/02/28 15:20:21| parse_line: reply_header_max_size 20 KB
2007/02/28 15:20:21| parse_line: cache_mgr webmaster
2007/02/28 15:20:21| parse_line: mail_program mail
2007/02/28 15:20:21| parse_line: cache_effective_user squid
2007/02/28 15:20:21| parse_line: httpd_suppress_version_string off
2007/02/28 15:20:21| parse_line: umask 027
2007/02/28 15:20:21| parse_line: announce_period 0
2007/02/28 15:20:21| parse_line: announce_host tracker.ircache.net
2007/02/28 15:20:21| parse_line: announce_port 3131
2007/02/28 15:20:21| parse_line: httpd_accel_no_pmtu_disc off
2007/02/28 15:20:21| parse_line: icap_enable off
2007/02/28 15:20:21| parse_line: icap_preview_enable off
2007/02/28 15:20:21| parse_line: icap_preview_size -1
2007/02/28 15:20:21| parse_line: icap_check_interval 300
2007/02/28 15:20:21| parse_line: icap_send_client_ip off
2007/02/28 15:20:21| parse_line: icap_send_server_ip off
2007/02/28 15:20:21| parse_line: icap_send_auth_user off
2007/02/28 15:20:21| parse_line: icap_auth_scheme Local://%u
2007/02/28 15:20:21| parse_line: logfile_rotate 10
2007/02/28 15:20:21| parse_line: tcp_recv_bufsize 0 bytes
2007/02/28 15:20:21| parse_line: memory_pools on
2007/02/28 15:20:21| parse_line: memory_pools_limit 5 MB
2007/02/28 15:20:21| parse_line: via on
2007/02/28 15:20:21| parse_line: forwarded_for on
2007/02/28 15:20:21| parse_line: log_icp_queries on
2007/02/28 15:20:21| parse_line: icp_hit_stale off
2007/02/28 15:20:21| parse_line: minimum_direct_hops 4
2007/02/28 15:20:21| parse_line: minimum_direct_rtt 400
2007/02/28 15:20:21| parse_line: store_avg_object_size 13 KB
2007/02/28 15:20:21| parse_line: store_objects_per_bucket 20
2007/02/28 15:20:21| parse_line: client_db on
2007/02/28 15:20:21| parse_line: netdb_low 900
2007/02/28 15:20:21| parse_line: netdb_high 1000
2007/02/28 15:20:21| parse_line: netdb_ping_period 5 minutes
2007/02/28 15:20:21| parse_line: query_icmp off
2007/02/28 15:20:21| parse_line: test_reachability off
2007/02/28 15:20:21| parse_line: buffered_logs off
2007/02/28 15:20:21| parse_line: reload_into_ims off
2007/02/28 15:20:21| parse_line: icon_directory /usr/local/etc/squid/icons
2007/02/28 15:20:21| parse_line: global_internal_static on
2007/02/28 15:20:21| parse_line: short_icon_urls off
2007/02/28 15:20:21| parse_line: error_directory /usr/local/etc/squid/errors/English
2007/02/28 15:20:21| parse_line: maximum_single_addr_tries 1
2007/02/28 15:20:21| parse_line: retry_on_error off
2007/02/28 15:20:21| parse_line: as_whois_server whois.ra.net
2007/02/28 15:20:21| parse_line: wccp_router 0.0.0.0
2007/02/28 15:20:21| parse_line: wccp_version 4
2007/02/28 15:20:21| parse_line: wccp2_rebuild_wait on
2007/02/28 15:20:21| parse_line: wccp2_forwarding_method 1
2007/02/28 15:20:21| parse_line: wccp2_return_method 1
2007/02/28 15:20:21| parse_line: wccp2_assignment_method 1
2007/02/28 15:20:21| parse_line: wccp2_weight 10000
2007/02/28 15:20:21| parse_line: wccp_address 0.0.0.0
2007/02/28 15:20:21| parse_line: wccp2_address 0.0.0.0
2007/02/28 15:20:21| parse_line: incoming_icp_average 6
2007/02/28 15:20:21| parse_line: incoming_http_average 4
2007/02/28 15:20:21| parse_line: incoming_dns_average 4
2007/02/28 15:20:21| parse_line: min_icp_poll_cnt 8
2007/02/28 15:20:21| parse_line: min_dns_poll_cnt 8
2007/02/28 15:20:21| parse_line: min_http_poll_cnt 8
2007/02/28 15:20:21| parse_line: max_open_disk_fds 0
2007/02/28 15:20:21| parse_line: offline_mode off
2007/02/28 15:20:21| parse_line: uri_whitespace strip
2007/02/28 15:20:21| parse_line: nonhierarchical_direct on
2007/02/28 15:20:21| parse_line: prefer_direct off
2007/02/28 15:20:21| parse_line: strip_query_terms on
2007/02/28 15:20:21| parse_line: redirector_bypass off
2007/02/28 15:20:21| parse_line: ignore_unknown_nameservers on
2007/02/28 15:20:21| parse_line: client_persistent_connections on
2007/02/28 15:20:21| parse_line: server_persistent_connections on
2007/02/28 15:20:21| parse_line: persistent_connection_after_error off
2007/02/28 15:20:21| parse_line: detect_broken_pconn off
2007/02/28 15:20:21| parse_line: balance_on_multiple_ip on
2007/02/28 15:20:21| parse_line: pipeline_prefetch off
2007/02/28 15:20:21| parse_line: request_entities off
2007/02/28 15:20:21| parse_line: high_response_time_warning 0
2007/02/28 15:20:21| parse_line: high_page_fault_warning 0
2007/02/28 15:20:21| parse_line: high_memory_warning 0
2007/02/28 15:20:21| parse_line: store_dir_select_algorithm least-load
2007/02/28 15:20:21| parse_line: ie_refresh off
2007/02/28 15:20:21| parse_line: vary_ignore_expire off
2007/02/28 15:20:21| parse_line: sleep_after_fork 0
2007/02/28 15:20:21| parse_line: minimum_expiry_time 60 seconds
2007/02/28 15:20:21| parse_line: relaxed_header_parser on
2007/02/28 15:20:21| Processing: 'http_port 8080'
2007/02/28 15:20:21| parse_line: http_port 8080
2007/02/28 15:20:21| Processing: 'hierarchy_stoplist cgi-bin ?'
2007/02/28 15:20:21| parse_line: hierarchy_stoplist cgi-bin ?
2007/02/28 15:20:21| Processing: 'acl QUERY urlpath_regex cgi-bin \?'
2007/02/28 15:20:21| parse_line: acl QUERY urlpath_regex cgi-bin \?
2007/02/28 15:20:21| aclParseAclLine: Creating ACL 'QUERY'
2007/02/28 15:20:21| Processing: 'cache deny QUERY'
2007/02/28 15:20:21| parse_line: cache deny QUERY
2007/02/28 15:20:21| aclParseAccessLine: looking for ACL name 'QUERY'
2007/02/28 15:20:21| Processing: 'acl apache rep_header Server ^Apache'
2007/02/28 15:20:21| parse_line: acl apache rep_header Server ^Apache
2007/02/28 15:20:21| aclParseAclLine: Creating ACL 'apache'
2007/02/28 15:20:21| Processing: 'broken_vary_encoding allow apache'
2007/02/28 15:20:21| parse_line: broken_vary_encoding allow apache
2007/02/28 15:20:21| aclParseAccessLine: looking for ACL name 'apache'
2007/02/28 15:20:21| Processing: 'cache_mem 128 MB'
2007/02/28 15:20:21| parse_line: cache_mem 128 MB
2007/02/28 15:20:21| Processing: 'maximum_object_size 35840 KB'
2007/02/28 15:20:21| parse_line: maximum_object_size 35840 KB
2007/02/28 15:20:21| Processing: 'minimum_object_size  5 KB'
2007/02/28 15:20:21| parse_line: minimum_object_size  5 KB
2007/02/28 15:20:21| Processing: 'ipcache_size 1024'
2007/02/28 15:20:21| parse_line: ipcache_size 1024
2007/02/28 15:20:21| Processing: 'ipcache_low 90'
2007/02/28 15:20:21| parse_line: ipcache_low 90
2007/02/28 15:20:21| Processing: 'ipcache_high 95'
2007/02/28 15:20:21| parse_line: ipcache_high 95
2007/02/28 15:20:21| Processing: 'cache_dir ufs /cache  20480 16 4096'
2007/02/28 15:20:21| parse_line: cache_dir ufs /cache  20480 16 4096
2007/02/28 15:20:21| Processing: 'access_log /home/squid-log/access.log'
2007/02/28 15:20:21| parse_line: access_log /home/squid-log/access.log
2007/02/28 15:20:21| Log definition name 'auto' file '/home/squid-log/access.log'
2007/02/28 15:20:21| Processing: 'cache_log /home/squid-log/cache.log'
2007/02/28 15:20:21| parse_line: cache_log /home/squid-log/cache.log
2007/02/28 15:20:21| Processing: 'cache_store_log /home/squid-log/store.log'
2007/02/28 15:20:21| parse_line: cache_store_log /home/squid-log/store.log
2007/02/28 15:20:21| Processing: 'dns_nameservers XXX.XXX.XXX.XXX'
2007/02/28 15:20:21| parse_line: dns_nameservers XXX.XXX.XXX.XXX
2007/02/28 15:20:21| Processing: 'refresh_pattern ^ftp:         1440    20%     10080'
2007/02/28 15:20:21| parse_line: refresh_pattern ^ftp:          1440    20%     10080
2007/02/28 15:20:21| Processing: 'refresh_pattern ^gopher:      1440    0%      1440'
2007/02/28 15:20:21| parse_line: refresh_pattern ^gopher:       1440    0%      1440
2007/02/28 15:20:21| Processing: 'refresh_pattern .             0       20%     4320'
2007/02/28 15:20:21| parse_line: refresh_pattern .              0       20%     4320
2007/02/28 15:20:21| Processing: 'icap_enable on'
2007/02/28 15:20:21| parse_line: icap_enable on
2007/02/28 15:20:21| Processing: 'icap_preview_enable on'
2007/02/28 15:20:21| parse_line: icap_preview_enable on
2007/02/28 15:20:21| Processing: 'icap_preview_size 128'
2007/02/28 15:20:21| parse_line: icap_preview_size 128
2007/02/28 15:20:21| Processing: 'icap_send_client_ip on'
2007/02/28 15:20:21| parse_line: icap_send_client_ip on
2007/02/28 15:20:21| Processing: 'half_closed_clients off'
2007/02/28 15:20:21| parse_line: half_closed_clients off
2007/02/28 15:20:21| Processing: 'acl all src 0.0.0.0/0.0.0.0'
2007/02/28 15:20:21| parse_line: acl all src 0.0.0.0/0.0.0.0
2007/02/28 15:20:21| aclParseAclLine: Creating ACL 'all'
2007/02/28 15:20:21| aclParseIpData: 0.0.0.0/0.0.0.0
2007/02/28 15:20:21| Processing: 'acl manager proto cache_object'
2007/02/28 15:20:21| parse_line: acl manager proto cache_object
2007/02/28 15:20:21| aclParseAclLine: Creating ACL 'manager'
2007/02/28 15:20:21| Processing: 'acl localhost src 127.0.0.1/255.255.255.255'
2007/02/28 15:20:21| parse_line: acl localhost src 127.0.0.1/255.255.255.255
2007/02/28 15:20:21| aclParseAclLine: Creating ACL 'localhost'
2007/02/28 15:20:21| aclParseIpData: 127.0.0.1/255.255.255.255
2007/02/28 15:20:21| Processing: 'acl to_localhost dst 127.0.0.0/8'
2007/02/28 15:20:21| parse_line: acl to_localhost dst 127.0.0.0/8
2007/02/28 15:20:21| aclParseAclLine: Creating ACL 'to_localhost'
2007/02/28 15:20:21| aclParseIpData: 127.0.0.0/8
2007/02/28 15:20:21| Processing: 'acl SSL_ports port 443'
2007/02/28 15:20:21| parse_line: acl SSL_ports port 443
2007/02/28 15:20:21| aclParseAclLine: Creating ACL 'SSL_ports'
2007/02/28 15:20:21| Processing: 'acl Safe_ports port 80 21 443 563 70 210 1025-65535 200 204 7772'
2007/02/28 15:20:21| parse_line: acl Safe_ports port 80 21 443 563 70 210 1025-65535 200 204 7772
2007/02/28 15:20:21| aclParseAclLine: Creating ACL 'Safe_ports'
2007/02/28 15:20:21| Processing: 'acl Safe_ports port 280         # http-mgmt'
2007/02/28 15:20:21| parse_line: acl Safe_ports port 280         # http-mgmt
2007/02/28 15:20:21| aclParseAclLine: Appending to 'Safe_ports'
2007/02/28 15:20:21| Processing: 'acl Safe_ports port 488         # gss-http'
2007/02/28 15:20:21| parse_line: acl Safe_ports port 488         # gss-http
2007/02/28 15:20:21| aclParseAclLine: Appending to 'Safe_ports'
2007/02/28 15:20:21| Processing: 'acl Safe_ports port 591         # filemaker'
2007/02/28 15:20:21| parse_line: acl Safe_ports port 591         # filemaker
2007/02/28 15:20:21| aclParseAclLine: Appending to 'Safe_ports'
2007/02/28 15:20:21| Processing: 'acl Safe_ports port 777         # multiling http'
2007/02/28 15:20:21| parse_line: acl Safe_ports port 777         # multiling http
2007/02/28 15:20:21| aclParseAclLine: Appending to 'Safe_ports'
2007/02/28 15:20:21| Processing: 'acl Safe_ports port 8080'
2007/02/28 15:20:21| parse_line: acl Safe_ports port 8080
2007/02/28 15:20:21| aclParseAclLine: Appending to 'Safe_ports'
2007/02/28 15:20:21| Processing: 'acl CONNECT method CONNECT'
2007/02/28 15:20:21| parse_line: acl CONNECT method CONNECT
2007/02/28 15:20:21| aclParseAclLine: Creating ACL 'CONNECT'
2007/02/28 15:20:21| Processing: 'acl proxy-server src 10.66.64.166'
2007/02/28 15:20:21| parse_line: acl proxy-server src 10.66.64.166
2007/02/28 15:20:21| aclParseAclLine: Creating ACL 'proxy-server'
2007/02/28 15:20:21| aclParseIpData: 10.66.64.166
2007/02/28 15:20:21| Processing: 'http_access allow proxy-server'
2007/02/28 15:20:21| parse_line: http_access allow proxy-server
2007/02/28 15:20:21| aclParseAccessLine: looking for ACL name 'proxy-server'
2007/02/28 15:20:21| Processing: 'http_access allow manager localhost'
2007/02/28 15:20:21| parse_line: http_access allow manager localhost
2007/02/28 15:20:21| aclParseAccessLine: looking for ACL name 'manager'
2007/02/28 15:20:21| aclParseAccessLine: looking for ACL name 'localhost'
2007/02/28 15:20:21| Processing: 'http_access deny manager'
2007/02/28 15:20:21| parse_line: http_access deny manager
2007/02/28 15:20:21| aclParseAccessLine: looking for ACL name 'manager'
2007/02/28 15:20:21| Processing: 'http_access deny !Safe_ports'
2007/02/28 15:20:21| parse_line: http_access deny !Safe_ports
2007/02/28 15:20:21| aclParseAccessLine: looking for ACL name 'Safe_ports'
2007/02/28 15:20:21| Processing: 'http_access deny CONNECT !SSL_ports'
2007/02/28 15:20:21| parse_line: http_access deny CONNECT !SSL_ports
2007/02/28 15:20:21| aclParseAccessLine: looking for ACL name 'CONNECT'
2007/02/28 15:20:21| aclParseAccessLine: looking for ACL name 'SSL_ports'
2007/02/28 15:20:21| Processing: 'http_access deny all'
2007/02/28 15:20:21| parse_line: http_access deny all
2007/02/28 15:20:21| aclParseAccessLine: looking for ACL name 'all'
2007/02/28 15:20:21| Processing: 'http_reply_access allow all'
2007/02/28 15:20:21| parse_line: http_reply_access allow all
2007/02/28 15:20:21| aclParseAccessLine: looking for ACL name 'all'
2007/02/28 15:20:21| Processing: 'icp_access allow all'
2007/02/28 15:20:21| parse_line: icp_access allow all
2007/02/28 15:20:21| aclParseAccessLine: looking for ACL name 'all'
2007/02/28 15:20:21| Processing: 'cache_mgr webmaster@domain.ru'
2007/02/28 15:20:21| parse_line: cache_mgr webmaster@domain.ru
2007/02/28 15:20:21| Processing: 'cache_effective_user nobody'
2007/02/28 15:20:21| parse_line: cache_effective_user nobody
2007/02/28 15:20:21| Processing: 'cache_effective_group nobody'
2007/02/28 15:20:21| parse_line: cache_effective_group nobody
2007/02/28 15:20:21| Processing: 'visible_hostname pantera.domain.ru'
2007/02/28 15:20:21| parse_line: visible_hostname pantera.domain.ru
2007/02/28 15:20:21| Processing: 'unique_hostname pantera.domain.ru'
2007/02/28 15:20:21| parse_line: unique_hostname pantera.domain.ru
2007/02/28 15:20:21| Processing: 'icap_service         service_1 reqmod_precache 0 icap://localhost:1344/srv_clamav'
2007/02/28 15:20:21| parse_line: icap_service         service_1 reqmod_precache 0 icap://localhost:1344/srv_clamav
2007/02/28 15:20:21| parse_icap_service_type (line 83): service_1 reqmod_precache 0 service_1
2007/02/28 15:20:21| icap_service_process (line 83): type=ICAP_SERVICE_REQMOD_PRECACHE
2007/02/28 15:20:21| icap_service_process (line 83): port given
2007/02/28 15:20:21| icap_service_process (line 83): resource given
2007/02/28 15:20:21| icap_service_process (line 83): hostname=localhost
2007/02/28 15:20:21| icap_service_process (line 83): port=1344
2007/02/28 15:20:21| icap_service_process (line 83): service=srv_clamav
2007/02/28 15:20:21| Processing: 'icap_service         service_2 respmod_precache 1 icap://localhost:1344/srv_clamav'
2007/02/28 15:20:21| parse_line: icap_service         service_2 respmod_precache 1 icap://localhost:1344/srv_clamav
2007/02/28 15:20:21| parse_icap_service_type (line 84): service_2 respmod_precache 1 service_2
2007/02/28 15:20:21| icap_service_process (line 84): type=ICAP_SERVICE_RESPMOD_PRECACHE
2007/02/28 15:20:21| icap_service_process (line 84): port given
2007/02/28 15:20:21| icap_service_process (line 84): resource given
2007/02/28 15:20:21| icap_service_process (line 84): hostname=localhost
2007/02/28 15:20:21| icap_service_process (line 84): port=1344
2007/02/28 15:20:21| icap_service_process (line 84): service=srv_clamav
2007/02/28 15:20:21| Processing: 'icap_class           class_antivirus service_2 service_1'
2007/02/28 15:20:21| parse_line: icap_class           class_antivirus service_2 service_1
2007/02/28 15:20:21| Processing: 'icap_access          class_antivirus allow all'
2007/02/28 15:20:21| parse_line: icap_access          class_antivirus allow all
2007/02/28 15:20:21| aclParseAccessLine: looking for ACL name 'all'
2007/02/28 15:20:21| parse_icap_access_type (line 86): class_antivirus
2007/02/28 15:20:21| Processing: 'logfile_rotate 30'
2007/02/28 15:20:21| parse_line: logfile_rotate 30
2007/02/28 15:20:21| Processing: 'append_domain .domain.ru'
2007/02/28 15:20:21| parse_line: append_domain .domain.ru
2007/02/28 15:20:21| Processing: 'memory_pools on'
2007/02/28 15:20:21| parse_line: memory_pools on
2007/02/28 15:20:21| Processing: 'memory_pools_limit 50 MB'
2007/02/28 15:20:21| parse_line: memory_pools_limit 50 MB
2007/02/28 15:20:21| Processing: 'forwarded_for off'
2007/02/28 15:20:21| parse_line: forwarded_for off
2007/02/28 15:20:21| Processing: 'log_icp_queries off'
2007/02/28 15:20:21| parse_line: log_icp_queries off
2007/02/28 15:20:21| Processing: 'client_db off'
2007/02/28 15:20:21| parse_line: client_db off
2007/02/28 15:20:21| Processing: 'coredump_dir /usr/local/squid/'
2007/02/28 15:20:21| parse_line: coredump_dir /usr/local/squid/
2007/02/28 15:20:21| parse_line: ident_lookup_access deny all
2007/02/28 15:20:21| aclParseAccessLine: looking for ACL name 'all'
2007/02/28 15:20:21| parse_line: reply_body_max_size 0 allow all
2007/02/28 15:20:21| aclParseAccessLine: looking for ACL name 'all'
2007/02/28 15:20:21| parse_line: dns_testnames netscape.com internic.net nlanr.net microsoft.com
2007/02/28 15:20:21| parse_line: wccp2_service standard 0
2007/02/28 15:20:21| wccp2_add_service_list: added service id 0
2007/02/28 15:20:21| cachemgrRegister: registered config
2007/02/28 15:20:21| fd_open FD 3 kqueue ctl
2007/02/28 15:20:21| fd_open FD 0 stdin
2007/02/28 15:20:21| fd_open FD 1 stdout
2007/02/28 15:20:21| fd_open FD 2 stderr
2007/02/28 15:20:21| leave_suid: PID 62844 called
2007/02/28 15:20:21| leave_suid: PID 62844 giving up root, becoming 'nobody'
2007/02/28 15:20:21| Starting Squid Cache version 2.6.STABLE9 for i386-portbld-freebsd6.2...
2007/02/28 15:20:21| Process ID 62844
2007/02/28 15:20:21| With 11072 file descriptors available
2007/02/28 15:20:21| Using kqueue for the IO loop
2007/02/28 15:20:21| Performing DNS Tests...
2007/02/28 15:20:21| Successful DNS name lookup tests...
2007/02/28 15:20:21| DNS Socket created at 0.0.0.0, port 58652, FD 5
2007/02/28 15:20:21| Adding nameserver XXX.XXX.XXX.XXX from squid.conf
2007/02/28 15:20:21| Unlinkd pipe opened on FD 10
2007/02/28 15:20:21| Swap maxSize 20971520 KB, estimated 1613193 objects
2007/02/28 15:20:21| Target number of buckets: 80659
2007/02/28 15:20:21| Using 131072 Store buckets
2007/02/28 15:20:21| Max Mem  size: 131072 KB
2007/02/28 15:20:21| Max Swap size: 20971520 KB
2007/02/28 15:20:21| Rebuilding storage in /cache (CLEAN)
2007/02/28 15:20:21| Using Least Load store dir selection
2007/02/28 15:20:21| Set Current Directory to /usr/local/squid/
2007/02/28 15:20:21| Loaded Icons.
2007/02/28 15:20:21| Accepting proxy HTTP connections at 0.0.0.0, port 8080, FD 12.
2007/02/28 15:20:21| Accepting ICP messages at 0.0.0.0, port 3130, FD 13.
2007/02/28 15:20:21| WCCP Disabled.
2007/02/28 15:20:21| Ready to serve requests.
2007/02/28 15:20:21| Done reading /cache swaplog (2 entries)
2007/02/28 15:20:21| Finished rebuilding storage from disk.
2007/02/28 15:20:21|         2 Entries scanned
2007/02/28 15:20:21|         0 Invalid entries.
2007/02/28 15:20:21|         0 With invalid flags.
2007/02/28 15:20:21|         2 Objects loaded.
2007/02/28 15:20:21|         0 Objects expired.
2007/02/28 15:20:21|         0 Objects cancelled.
2007/02/28 15:20:21|         0 Duplicate URLs purged.
2007/02/28 15:20:21|         0 Swapfile clashes avoided.
2007/02/28 15:20:21|   Took 0.3 seconds (   5.9 objects/sec).
2007/02/28 15:20:21| Beginning Validation Procedure
2007/02/28 15:20:21|   Completed Validation Procedure
2007/02/28 15:20:21|   Validated 2 Entries
2007/02/28 15:20:21|   store_swap_size = 30k
2007/02/28 15:20:22| storeLateRelease: released 0 objects
Пытаемся выйти в Интернет

Код: Выделить всё

ERROR
The requested URL could not be retrieved

--------------------------------------------------------------------------------

While attempting to retrieve the URL: http://www.opennet.ru/openforum/vsluhforumID3/36798.html 

the following error was encountered: 

ICAP protocol error.

Some aspect of the ICAP communication failed. Possible problems: 

ICAP server is not reachable. 
Illegal response from ICAP server. 

Your cache administrator is webmaster@domain.ru. 



--------------------------------------------------------------------------------

Generated Wed, 28 Feb 2007 12:21:40 GMT by pantera.domain.ru (squid/2.6.STABLE9) 

Возникает сразу несколько вопросов:

1. Почему не работает :?:
2. Почему в /usr/local/lib/c_icap отсутствуют модули:
    perl_handler.so
      srv_sguard.so
      и как следствие:

      Код: Выделить всё

      Loading service :perl_handler path perl_handler.so
      Uknown type of module:perl_handler
      Error loading service
      

      Код: Выделить всё

      Loading service :squard_module path srv_sguard.so
      Found handler C_handler for service with extension:.so
      Error loading service srv_sguard.so: (null)
      Error finding symbol "service" in  module srv_sguard.so
      Error loading service
      
      3. Почему происходит следующее при загрузке модуля srv_clamav.so:

      Код: Выделить всё

      Loading service :antivirus_module path srv_clamav.so
      Found handler C_handler for service with extension:.so
      Error loading service srv_clamav.so: (null)
      Error finding symbol "service" in  module srv_clamav.so
      Error loading service
      
      4. Почему в указанной выше статье нет подобных ошибок?

      Код: Выделить всё

      Loading service :squard_module path srv_sguard.so
      Found handler C_handler for service with extension:.so
      Initialization of sguard module......
      Loading service :antivirus_module path srv_clamav.so
      
      5. Где автор статьи взял модуль srv_sguard.so ?

      6. Укажите пожалуйста, где я допустил ошибку.

      Сразу отвечу на вопрос почему не ставил из сырцов. Ответ прост - ставил и результат точно такой же.

      Очень прошу помочь разобраться.

      С Уважением, Александр.
      Принцип капитализма - быть лучшим среди разных
      Принцип коммунизма - быть нужным среди равных

      Хостинговая компания Host-Food.ru
      Хостинг HostFood.ru
       

      Услуги хостинговой компании Host-Food.ru

      Хостинг HostFood.ru

      Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
      Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
      Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
      https://www.host-food.ru/tariffs/vydelennyi-server-ds/
      Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

      Аватара пользователя
      Alex Keda
      стреляли...
      Сообщения: 35145
      Зарегистрирован: 2004-10-18 14:25:19
      Откуда: Made in USSR
      Контактная информация:

      Непрочитанное сообщение Alex Keda » 2007-02-28 16:35:01

      дык... на дату статьи посмотри..
      я из исходников сто лет назад собирал...
      Убей их всех! Бог потом рассортирует...

      Nichls
      проходил мимо
      Сообщения: 8
      Зарегистрирован: 2007-02-28 14:20:30
      Контактная информация:

      Непрочитанное сообщение Nichls » 2007-03-01 10:04:30

      Хм...

      Понятно. Хотя, ничего не понятно. Неужели из-за того, что статья написана не полных 6 месяцев назад нет возможности мне помочь?

      И ответить на 3,4 и 5 вопросы Вы можете?

      Спасибо.

      С Уважением, Александр.
      Принцип капитализма - быть лучшим среди разных
      Принцип коммунизма - быть нужным среди равных

      Аватара пользователя
      Alex Keda
      стреляли...
      Сообщения: 35145
      Зарегистрирован: 2004-10-18 14:25:19
      Откуда: Made in USSR
      Контактная информация:

      Непрочитанное сообщение Alex Keda » 2007-03-01 10:34:19

      ну за полгода могли и убрать половину модулей.
      на самом деле - полгода - очень долго для программы котоаря была едва ли не в альфе когда я ставил. могли запросто переписать весь код.
      советую сходить на сайт разработчиков. Мне хватило документации что шла в комплекте и их сайта....
      Убей их всех! Бог потом рассортирует...