RE: [squid-users] Squid checking if AV is installed

From: Chris Robertson <[email protected]>
Date: Mon, 11 Jul 2005 16:05:19 -0800

> -----Original Message-----
> From: Carlos Eduardo Gomes Marins
> [mailto:carlos.suporte.deinf@bcb.gov.br]
> Sent: Monday, July 11, 2005 4:52 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] Squid checking if AV is installed
>
>
> Hi,
>
> I'm working on a project to only allow users with updated AntiVirus
> software to access Internet. The first step in this project is to only
> verify if the AV is installed. To complete this stage I've adapted the
> script listed below to check if the AV is listening in the specified
> port (17217):
>
> #!/usr/bin/perl
> use IO::Socket;
> my $VERSION = '1.0';
> my ( $peer, $port );
>
> # Disable output buffering
> $|=1;
>
> ##look for server argument or display usage
> #( $peer = $ARGV[0] ) || &usage;
> #( $peer = $ARGV[0] );
> $peer = $_;
> ##attempt to connect to all ports in hash index, then display open ports
> $port = "17217";
> $sock = IO::Socket::INET->new("$peer:17217");
> if ($sock){
> print "OK\n";
> }
> else {
> print "Err\n";
> }

A couple things... You declared $peer and $port, but not $sock. You didn't explicitly "use strict" though, so that might not be a problem. The script should endlessly loop. As is, it executes once and drops out. Lastly the ERR should probably be capitalized for consistency.

>
> In squid.conf I've put some lines to use an external acl and to deny
> access to non-compliant users.
>
> external_acl_type AV children=100 %SRC /usr/local/squid/etc/checa_av.pl
>
> acl AV_ACCESS external AV
> http_access allow AV_ACCESS
>
> When I reconfigure Squid I got the following errors in cache.log until
> Squid crashes
>
> helperHandleRead: unexpected read from AV #1, 57 bytes
> 2005/07/07 18:50:10| helperHandleRead: unexpected read from AV #2, 57
> bytes
> 2005/07/07 18:50:10| helperHandleRead: unexpected read from AV #3, 57
> bytes
> 2005/07/07 18:50:10| helperHandleRead: unexpected read from AV #4, 57
> bytes
> 2005/07/07 18:50:10| helperHandleRead: unexpected read from AV #5, 57
> bytes
> 2005/07/07 18:50:10| helperHandleRead: unexpected read from AV #6, 57
> bytes
> 2005/07/07 18:50:10| helperHandleRead: unexpected read from AV #7, 57
> bytes
> ...

According to http://www.squid-cache.org/mail-archive/squid-dev/200505/0060.html this "indicates there was data received from the helper when none were expected." Try running the script from the command line (as the Squid user) and see what it outputs given both a host that is running the AV software, and one that is not.

>
> Is there a problem with "my" script or the configuration in squid.conf?

I don't see any problems with your squid.conf (though you find you don't need that many children), so I'd have to guess it's the script.

> Thanks for help.
>
> Carlos Eduardo.

Chris
Received on Mon Jul 11 2005 - 18:05:21 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Aug 01 2005 - 12:00:02 MDT