Re: [squid-users] squid+c-icap file download + get_file.pl problem

Hi,
I tried with the latest stable version of squid (version 3) but still
have the same problem.

OS= FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25 UTC 2009
root_at_logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386

c-icap Port:= c-icap-030606_5,1
Listening on port 1344

Squid Version = squid-icap-2.5.STABLE12
Note: Also tried with the latest stabel version
Squid is connecting to port 1344 to check viruses

Dansguardian= DansGuardian config file for version 2.10.0.3
Dansguardian is listening on port 8080 and is communicating with squid
on port 3128

I have everything working fine (checked with a trial with eicar test
virus) in c-icap logs I see the Found virus, Take action, then on the
client machine I get 404 error, I want to send a detail that page
contains virus and is blocked, instead of a 404 page.

Second problem which i am facing is with providing the downloaded file
to the client machine. I modified the configurations to have things
working, and created some scripts to resolve the issues and is causing
a dos to the server.

Ideally after the client browser is redirected by c-icap module to
deliver the file to client machine, proxy server should remove the
file as there is no further need for the file to consume the space on
the proxy server ( i am using a cron entry, script to find out the
files which are not changed in last 30 minutes and remove the file).

To accomplish this on freebsd I have a get_file.pl cgi script
(/usr/ports/www/c-icap/work/c_icap-030606rc1/contrib/get_file.pl)
which I copied to my apache cgi-bin folder. what happens is, after the
user using proxy clicks on the link of link (redirected be c-icap
module & linking to downloaded file on proxy server) the link becomes
recursive, instead of file being delivered to client machine thus keep
on filling the space.

File name c-icap.conf,

All the downloads are done in srv_clamav.VirSaveDir
/usr/local/www/data/ directory and then virus check is performed.

# from where the documents can be retrieved (you can find the
get_file.pl script in contrib dir)
srv_clamav.VirHTTPServer
"http://10.139.7.6/cgi-bin/get_file.pl?usename=%f&remove=1&file="
#where remove=1 means remove the file after download is done.

I changed this parameter with the following on:
srv_clamav.VirHTTPServer "http://10.139.7.6/"
Which redirects client to the location on proxy server (running
apache) where his file is downloaded.

Information of get_file.pl:

#!/usr/bin/perl

my(%args);
if($ENV{'REQUEST_METHOD'} eq "GET") {
   $query=$ENV{'QUERY_STRING'};
   my(@line_args)=split(/&/,$query);

   for my $arg (@line_args){
       $arg=~ s/\+/ /g; # replace + with spaces.....
       ($key,$val)=split(/=/,$arg);
       $val =~ s/%(..)/pack("c",hex($1))/ge;
       if($key eq "file" || $key eq "usename" || $key eq "content"
||$key eq "remove" ){
           $args{$key}=$val;
       }

   }

}
else{
    print "Content-type: text/html\n\n";
    print "No Arguments.....";
    exit 1;
}

$filename="/srv/www/htdocs/downloads/".$args{"file"};
my(@stat)=stat $filename;
binmode(STDOUT);
if(open (F,"<$filename")){
    print "Connection: close\n";
    if($args{"content"}){
        print "Content-Type: ".$args{"content"}."\n\\";
    }
    else{
        print "Content-Type: application/octet-stream\n";
    }

    print "Content-Length: ".$stat[7]."\n";
    if($args{"usename"}){
        print "Content-Disposition: attachment;
filename=".$args{"usename"}."\n\n";
    }
    else {
        print "Content-Disposition: attachment; filename=".$args{"file"}."\n\n";
    }

    while($len=sysread( F, $buf,512)){
        print $buf;
    }
    close F;
    if($args{"remove"}==1){
        unlink $filename;
    }
}
else {
    print "Connection: close\n";
    print "Content-Type: text/html\n\n";
    print "<H1>Error </H1>\n";
    print "The file ".$args{"file"}." does not exists in the server<br>\n";
    print "Please contact to the administrator for more info.\n\n";
}

So any idea?

Thanks

Anuj Singh

On Thu, Mar 5, 2009 at 5:18 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>> Hi,
>>
>> I have squid-2.7.6, dansguadian version 2.10.0.3, and
>> c-icap-030606_5,1 installed on FreeBSD7.1
>
> Please use Squid-3 for ICAP.
> The Squid-2 patches are very experimental with many known issues and are
> no longer supported.
>
> Amos
>
>
>
Received on Mon Mar 09 2009 - 19:21:57 MDT