HAVP Package for HTTP Anti-Virus Scanning

From pfSense Documentation
Jump to: navigation, search
This article was contributed or cited from an outside source. The style and formatting may not match other articles.
This article is part of the How-To series.
Important30.png WARNING Important30.png
This package is relatively unstable, be sure to try this in a testing environment first

There is support for Anti-Virus filtering web access with the use of HAVP. See this forum thread for more information.

Important30.png WARNING Important30.png
Gateway anti-virus solutions are generally not recommended as they are relatively ineffective and give a false sense of security. Use this as part of a larger anti-virus strategy, not on its own.

The package is available to install from System > Packages and the squid proxy package must also be installed from the same location.

HAVP issues

Transparent proxy mode

HAVP supports transparent proxy under the following conditions:

  • Squid option Transparent proxy is unchecked. To avoid conflicts, HAVP ignores its own transparent option if Squid also set as transparent.
  • pfSense does not have bridged interfaces. 'Transparent on Bridge' does not function.

How to setup transparent mode:

  • Uncheck the Transparent proxy option in the Squid package
  • Set HAVP Proxy mode as Transparent

Scanner issues

Why downloading large files is slow

HAVP will load the file in full and then scan it. To avoid this, set the Scan max file size up to 100-500 KB. In 90% cases of virus are small, and there is no need to scan large files. Scanning large downloadable files and archives can be done by the anti-virus program on the client station.

HAVP and Squid

HAVP can be configured for use as follows, per the package maintainer in the forum thread:

Choose either of these options - whichever one is preferred.

Scheme: {inet}->[HAVP]->[Squid cache]->{clients}

Setup

Squid:

  • Disable upstream proxy (also will auto-disabled by HAVP)

HAVP:

  • Select Proxy mode field as Parent for Squid and Save
  • Scan Squid cache with Antivirus: File scanner for removing cached viruses.
  • If planning to use Transparent Proxy mode: Squid transparent on

(do not delete any Squid Custom Options if they exist)


Scheme: {inet}->[Squid cache]->[HAVP]->{clients}

Setup

Squid:

  • Transparent Proxy off/unchecked
  • Disable X-Forward unchecked
  • Disable VIA unchecked

HAVP:

  • If transparent proxy is wanted, Select "Transparent" for HAVP Proxy Mode.
  • HAVP Parent proxy field (LAN IP address:squid port) ex. 192.168.0.1:3128
  • HAVP forwarded IP address checked


How to in the HAVP logs get a real IP clients

Typically, the logs HAVP with Squid instead addresses customers displayed address 127.0.0.1. How to fix this:

Squid:

  • Uncheck Disable X-Forward
  • Uncheck Disable VIA
  • Save

HAVP:

  • Check Enable Forwarded IP
  • Save