Personal tools

HAVP Package for HTTP Anti-Virus Scanning

From PFSenseDocs

Jump to: navigation, search
This article is part of the HOWTO series.
Important30.png WARNING Important30.png
This package is relatively new, be sure to try this in a testing environment first

There is now support for Anti-Virus filtering web access with the use of HAVP. See this forum thread for more information.

The package is available to install from System > Packages and you must also install the Squid proxy from the same location.

Contents

HAVP issues

Transparent proxy mode

HAVP supports transparent proxy under the following conditions:

  • Squid option Transparent proxy is unchecked. To avoid conflicts, HAVP ignores its own transparent option if Squid also set as transparent.
  • pfSense not have bridged interfaces. 'Transparent on Bridge'

How to setup transparent mode:

  • Uncheck Transparent proxy option in the Squid package
  • Set HAVP Proxy mode as 'Transparent'

Scanner issues

Why downloading large files is slow

HAVP will load your file in full and then scan it. To avoid this, set the Scan max file size up to 100-500 KB. In 90% cases of virus are small, and there is no need to scan large files. Scanning large downloadable files and archives can be done by the antivirus program on the client station.

HAVP and Squid

HAVP can be configured for use as follows, per the package maintainer in the forum thread:

You can choose either of these options - whichever one you prefer.

Scheme: {inet}->[HAVP]->[Squid cache]->{clients}

Setup

Squid:

  • Disable upstream proxy (also will auto-disabled by HAVP)

HAVP:

  • Select Proxy mode field as Parent for Squid and Save
  • Scan Squid cache with Antivirus: File scanner for removing cached viruses.
  • If you are planning to use Transparent Proxy mode: Squid transparent on

(do not delete exists Squid Custom Options)


Scheme: {inet}->[Squid cache]->[HAVP]->{clients}

Setup

Squid:

  • Transparent Proxy off/unchecked
  • Disable X-Forward unchecked
  • Disable VIA unchecked

HAVP:

  • If you want transparent proxy, Select "Transparent" for HAVP Proxy Mode.
  • HAVP Parent proxy field (lan ip:squid port) ex. 192.168.0.1:3128
  • HAVP forwarded ip checked


How to in the HAVP logs get a real IP clients

Typically, the logs HAVP with Squid instead addresses customers displayed address 127.0.0.1. How to fix this:

Squid:

  • Uncheck Disable X-Forward
  • Uncheck Disable VIA
  • Save

HAVP:

  • Check Enable Forwarded IP
  • Save
Retrieved from "http://doc.pfsense.org/index.php?title=HAVP_Package_for_HTTP_Anti-Virus_Scanning&oldid=4187"