HAVP Package for HTTP Anti-Virus Scanning

From PFSenseDocs

Jump to: navigation, search
This article is part of the HOWTO series.
Image:Important30.png WARNING Image:Important30.png
This package is relatively new, be sure to try this in a testing environment first

There is now support for Anti-Virus filtering web access with the use of HAVP. See this forum thread for more information.

The package is available to install from System > Packages and you must also install the Squid proxy from the same location.

Contents

HAVP issues

Transparent proxy mode

HAVP support transparent proxy under the following conditions:

  • Squid option Transparent proxy is unchecked. For exclude conflicts HAVP ignored self transparent option, if Squid also set as transparent.
  • pfSense not have bridged interfaces. 'Transparent on Bridge' - now this issue not resolved.

How to setup transparent mode:

  • Uncheck Squid Transparent proxy option
  • Set HAVP Proxy mode as 'Transparent'

Scanner issues

Why downloading large files is slow

HAVP should load your file in full and then scan it. To avoid this, set the Scan max file size up to 100-500 K. In 90% cases of the virus are small, and there is no need for scanning large files. Scanning large downloadable files and archives, you can instruct the antivirus program on the client station.

HAVP and Squid

HAVP can be configured for use as followed, per the package maintainer in the aforementioned thread:

Scheme: {inet}->[HAVP]->[Squid cache]->{clients}

Setup

Squid:

  • Disable upstream proxy (also will auto-disabled by HAVP)

HAVP:

  • Select Proxy mode field as Parent for Squid and Save
  • Scan Squid cache with Antivirus: File scanner for removing cached viruses.
  • If you planning transparent proxy: Squid transparent on

(do not delete exists Squid Custom Options)


Scheme: {inet}->[Squid cache]->[HAVP]->{clients}

Setup

  • Squid transparent off
  • Havp parent proxy field (lan ip:squid port) ex. 192.168.0.1:3128
  • Havp forwarded ip checked
  • Squid Disable X-Forward unchecked
  • Squid Disable VIA unchecked
  • If you planning transparent proxy: Havp transparent on


How to in the HAVP logs get a real IP clients

Typically, the logs HAVP with Squid instead addresses customers displayed address 127.0.0.1. How to fix this:

Squid:

  • Uncheck Disable X-Forward
  • Uncheck Disable VIA
  • Save

HAVP:

  • Check Enable Forwarded IP
  • Save
Personal tools