[squid-users] squid, squirm, clamav, viralator 0.9.8, Invoked with the arguments from Stefan Reible on 2010-03-19 (squid-users)

From: Stefan Reible <mail_at_stefan-reible.de>
Date: Fri, 19 Mar 2010 14:02:19 +0100

Hey,

I am using squid 3.0.19 with squirm 1.23, clamav 0.95.3, viralator
0.9.8 from svn and mozilla firefox with configured proxy.

If I put following url in my Firefox:

http://squid1.testdomain.de/cgi-bin/viralator.cgi?action=http://putty.very.rulez.org/latest/x86/putty.exe

I get this Output:

squid1 log # tail -f viralator.log

2010/03/19 13:47:28 INFO> viralator.cgi: 1637 main::config_app -
Reading configuration file /etc/viralator/viralator.conf
2010/03/19 13:47:28 INFO> viralator.cgi: 1668 main::config_app -
Configuration file was read successfully
2010/03/19 13:47:28 DEBUG> viralator.cgi: 1679 main::config_app -
Values recovered from configuration file
popupwidth -> 600
filechmod -> 0644
popupback -> false
maximum_size -> 1689600
css_file -> style.css
virusscanner -> clamdscan
dirmask -> 0022
scannersummary -> true
scannerpath -> /usr/bin
progress_indicator -> progress.png
downloadsdir -> /downloads
default_language -> english.txt
alert -> FOUND
downloads -> /var/www/localhost/htdocs/downloads
lang -> en-US
viruscmd -> --verbose --stdout
secret -> sdfjkjk438sdfh234Hasdh73
charset -> ISO-8859-1
skip_downloads -> true
popupheight -> 400
popupfast -> false
progress_unit -> bar.png
2010/03/19 13:47:28 INFO> viralator.cgi: 1683 main::config_app -
Testing configuration values
2010/03/19 13:47:28 INFO> viralator.cgi: 1717 main::config_app -
Configuration is OK
2010/03/19 13:47:28 INFO> viralator.cgi: 1731 main::config_lang -
Trying to read language file /etc/viralator/languages/english.txt
2010/03/19 13:47:28 INFO> viralator.cgi: 1755 main::config_lang -
Language file read successfully
2010/03/19 13:47:28 INFO> viralator.cgi: 101 main:: - Client
192.9.200.32 connected to Viralator
2010/03/19 13:47:28 INFO> viralator.cgi: 140 main:: - Charset is
defined as ISO-8859-1
2010/03/19 13:47:28 INFO> viralator.cgi: 156 main:: - Presenting
initial page to user
2010/03/19 13:47:28 DEBUG> viralator.cgi: 162 main:: - Parameters
received action
2010/03/19 13:47:28 DEBUG> viralator.cgi: 1356 main::test_param -
Invoked with the arguments: action,
http://putty.very.rulez.org/latest/x86/putty.exe
2010/03/19 13:47:28 ERROR> viralator.cgi: 676 main::error - Invalid
value for action parameter:
http://putty.very.rulez.org/latest/x86/putty.exe - requested by
192.9.200.32

And when I put the url normaly:

http://putty.very.rulez.org/latest/x86/putty.exe

I get:

(....)
2010/03/19 13:49:16 INFO> viralator.cgi: 1683 main::config_app -
Testing configuration values
2010/03/19 13:49:16 INFO> viralator.cgi: 1717 main::config_app -
Configuration is OK
2010/03/19 13:49:16 INFO> viralator.cgi: 1731 main::config_lang -
Trying to read language file /etc/viralator/languages/english.txt
2010/03/19 13:49:16 INFO> viralator.cgi: 1755 main::config_lang -
Language file read successfully
2010/03/19 13:49:16 INFO> viralator.cgi: 101 main:: - Client
192.9.200.32 connected to Viralator
2010/03/19 13:49:16 INFO> viralator.cgi: 140 main:: - Charset is
defined as ISO-8859-1
2010/03/19 13:49:16 INFO> viralator.cgi: 156 main:: - Presenting
initial page to user
2010/03/19 13:49:16 DEBUG> viralator.cgi: 162 main:: - Parameters received url
2010/03/19 13:49:16 DEBUG> viralator.cgi: 1356 main::test_param -
Invoked with the arguments: url,
http://putty.very.rulez.org/latest/x86/putty.exe
2010/03/19 13:49:16 INFO> viralator.cgi: 197 main:: - No referer is available
2010/03/19 13:49:16 DEBUG> viralator.cgi: 1459 main::WinOpen - Invoked
with the arguments:
http://192.9.200.32/cgi-bin/viralator.cgi?action=popup&fileurl=http://putty.very.rulez.org/latest/x86/putty.exe, 1269002956,
width=600,height=400,scrollbars=1,resize=no

The download button didn't work. Here is my squirm.patterns:

abortregexi ^http://192.9.200.32.* #zB (^http://192\.168\.100\.1/.*)
abortregexi ^http://squid1.testdomain.de.*
regexi ^(.*\.zip)$ http://192.9.200.32/cgi-bin/viralator.cgi?url=\1
regexi ^(.*\.exe)$ http://192.9.200.32/cgi-bin/viralator.cgi?url=\1

squirm match log:

Fri Mar 19 13:49:16
2010:http://putty.very.rulez.org/latest/x86/putty.exe:http://192.9.200.32/cgi-bin/viralator.cgi?url=http://putty.very.rulez.org/latest/x86/putty.exe

My viralator config:

default_language -> english.txt
charset -> ISO-8859-1
lang -> en-US
servername ->
proxy_address ->
proxy_port ->
maximum_size -> 1689600
virusscanner -> clamdscan
scannerpath -> /usr/bin
viruscmd -> --verbose --stdout
alert -> FOUND
scannersummary -> true
downloads -> /var/www/localhost/htdocs/downloads
skip_downloads -> true
downloadsdir -> /downloads
(....)

I don't find an error in my config. I`m running the whole system under
linux gentoo, an in future the proxy server will be in transparent
mode. The squid and squirm are running as user squid.

Regards, Stefan
Received on Fri Mar 19 2010 - 13:02:25 MDT

This archive was generated by hypermail 2.2.0 : Fri Mar 19 2010 - 12:00:05 MDT