X-Virus-ID Missing?

Asked by William Metcalf on 2011-05-02

When I attempd to download various clamav test files from the following URL most are blocked but I don't seem to get notification in the squid log via X-Virus-ID even when adding %adapt::<last_h to the logformat. Am I missing a step somewhere? Also is there anyway to notify the user of the Virus-ID in the error page displayed by squid?

http://git.clamav.net/gitweb?p=clamav-devel.git;a=tree;f=contrib/test;hb=HEAD

#Squid log format
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh "%adapt::<last_h"

#Blocked log entry.
1304302823.836 405 172.18.100.107 TCP_MISS/403 4222 GET http://git.clamav.net/gitweb? - HIER_DIRECT/94.228.131.69 text/html [Host: git.clamav.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:2.0) Gecko/20100101 Firefox/4.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-us,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\nKeep-Alive: 115\r\nProxy-Connection: keep-alive\r\nReferer: http://git.clamav.net/gitweb?p=clamav-devel.git;a=tree;f=contrib/test;h=3aa5ff3a01f4e2890d80cee4d6d81c2a7c0c462d;hb=HEAD\r\n] [HTTP/1.1 403 Forbidden\r\nServer: squid/3.HEAD-20110429\r\nMime-Version: 1.0\r\nDate: Mon, 02 May 2011 02:20:23 GMT\r\nContent-Type: text/html\r\nContent-Length: 3848\r\nX-Squid-Error: ERR_ACCESS_DENIED 100007\r\nVary: Accept-Language\r\nContent-Language: en-us\r\n\r]

#However If I crank up debug logging I do get virus found messages in the cache.log

2011/05/02 01:55:36.121 kid1| eClamAv: virus found: ClamAV-Test-File (RESPMOD http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob;f=contrib/test/clam.7z;h=1fe17d43986b5f85a93f9caac730943f80857250;hb=HEAD)

#versions
libecap-0.2.0
ecap_clamav_adapter-0.2.1
squid-3.HEAD-20110429

Question information

Language:
English Edit question
Status:
Answered
For:
eCAP Edit question
Assignee:
No assignee Edit question
Last query:
2011-05-02
Last reply:
2011-05-02
Alex Rousskov (rousskov) said : #1

Try logging not all last eCAP meta-headers but X-Virus-ID specifically (like you do with User-Agent header, for example). There is a bug/inconsistency in Squid that may cause it to treat %adapt::<last_h differently when a specific header is not specified.

Can you help with this problem?

Provide an answer of your own, or ask William Metcalf for more information if necessary.

To post a message you must log in.