Many of us still using internet explorer as main browser due to many factor, but much more related to our worksheet display. It’s in progress to make it more compliance to other browser such firefox and opera.

Another problem came up when spyware and virus spread more easier using IE. To prevent it from spread to other host I decide to install havp in junction with installed squid.

Squid already run in port 3128 and I want to install havp in recent FreeBSD 7.1 RC1

Here’s my steps :

1.  Update ports to latest version using csup and install havp

cd /usr/ports/www/havp && make install

2. Install clamav

/usr/ports/security/clamav && make install

3. Edit rc.conf, add these lines :

clamav_freshclam_enable=”YES”

clamav_clamd_enable=”YES”

havp_enable=”YES”

4. Edit havp.config, My config :

USER havp
GROUP havp
DAEMON true

PIDFILE /var/run/havp/havp.pid
SERVERNUMBER 30
MAXSERVERS 100

ACCESSLOG /var/log/havp/access.log
ERRORLOG /var/log/havp/havp.log

LOG_OKS false

FORWARDED_IP true

X_FORWARDED_FOR true

PORT 8080

TEMPLATEPATH /usr/local/etc/havp/en

WHITELISTFIRST true

WHITELIST /usr/local/etc/havp/whitelist

BLACKLIST /usr/local/etc/havp/blacklist

SCANIMAGES false

ENABLECLAMLIB true
CLAMDBDIR /var/db/clamav
CLAMBLOCKMAX false
CLAMMAXFILES 1000
CLAMMAXFILESIZE 10
CLAMMAXRECURSION 8
CLAMMAXRATIO 250

ENABLECLAMD false

5. Copy havp english templates

mv  /usr/ports/www/havp/work/havp-0.88/etc/havp/templates/en \

/usr/local/etc/havp

6. Update clamav, like this post.

7. Start havp

proxy# /usr/local/etc/rc.d/havp start
Starting havp.
Starting HAVP Version: 0.88
Mandatory locking disabled! KEEPBACK settings not used!
proxy#

8. Checking  havp.log

proxy# tail -f /var/log/havp/havp.log
11/12/2008 16:07:50 Process ID: 16837
11/12/2008 16:28:10 === Starting HAVP Version: 0.88
11/12/2008 16:28:10 === Mandatory locking disabled! KEEPBACK settings not used!
11/12/2008 16:28:10 Running as user: havp, group: havp
11/12/2008 16:28:10 — Initializing ClamAV Library Scanner
11/12/2008 16:28:10 ClamAV: Using database directory: /var/db/clamav
11/12/2008 16:28:13 ClamAV: Loaded 469940 signatures (engine 0.94.2)
11/12/2008 16:28:13 ClamAV Library Scanner passed EICAR virus test (Eicar-Test-Signature)
11/12/2008 16:28:13 — All scanners initialized
11/12/2008 16:28:13 Process ID: 19707

9. Checking access.log

proxy# tail -f /var/log/havp/access.log
11/12/2008 16:07:39 172.88.1.89 GET 304 http://kompas.com/data/images/kradio_top.gif 199+0 OK
11/12/2008 16:07:39 172.88.1.89 GET 304 http://kompas.com/data/images/rss_icon.gif 253+0 OK
11/12/2008 16:07:39 172.88.1.89 GET 304 http://kompas.com/data/images/kradio_mid.gif 252+0 OK
11/12/2008 16:07:39 172.88.1.89 GET 304 http://kompas.com/data/images/kradio_bot.gif 199+0 OK
11/12/2008 16:07:39 172.88.1.89 GET 304 http://kompas.com/data/images/logo_kg.gif 253+0 OK
11/12/2008 16:07:44 172.88.1.89 GET 200 http://static.cache.l.google.com/safebrowsing/rd/goog-phish-shavar_s_30561-30720;30563,30565,30567-30573,30575-30576,30578-30579,30581,30583-30592,30595,30600,30605-30606,30609-30611,30615-30621,30623-30625,30627,30629-30631,30634,30636-30638,30641,30643,30646-30647,30649-30650,30652,30654,30659,30661,30663,30665-30668,30670-30672,30676-30679,30682-30684,30686,30690,30692-30701,30703-30706,30708-30709,30713,30716-30717,30719-30720;30561-30562,30564,30566,30574,30577,30580,30582,30593-30594,30596… 262+15212 OK
11/12/2008 16:07:47 172.88.1.89 GET 200 http://static.cache.l.google.com/safebrowsing/rd/goog-phish-shavar_s_30721-30880;30725,30727,30732,30736-30739,30747,30750,30752-30754,30757,30759-30760,30763,30765,30767,30769-30770,30776,30778,30780,30782-30789,30791-30792,30794-30796,30798,30800,30803-30804,30808-30810,30812,30814-30815,30817-30819,30821-30823,30827-30828,30831-30834,30837-30839,30843-30848,30850-30853,30855-30856,30859,30861-30862,30865-30867,30871,30873,30875-30879;30721-30724,30726,30728-30731,30733-30735,30740-30746,30748… 262+14985 OK
11/12/2008 16:08:01 172.88.1.72 GET 200 http://www.eicar.org/download/eicarcom2.zip 403+308 VIRUS ClamAV: Eicar-Test-Signature
11/12/2008 16:08:33 172.88.1.72 GET 200 http://www.eicar.org/download/eicar.com.txt 358+68 VIRUS ClamAV: Eicar-Test-Signature
11/12/2008 16:17:21 172.88.1.72 GET 200 http://www.eicar.org/download/eicar.com.txt 358+68 VIRUS ClamAV: Eicar-Test-Signature

10. Integrate havp with existing  squid, just put this line :

cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default

11. Restart  squid and test to open sample virus from Eicar.

Great, seem work well with my Linux Mint Desktop.

• havp freebsd
• freebsd havp
• install havp
• havp on freebsd7
• havp on freebsd 7
• mandatory locking disabled! keepback settings not used!
• havp on freebsd
• havp log
• havp mandatory locking disabled! keepback settings not used!
• havp mandatory locking freebsd
• havp install
• havp blacklist
• install havp freebsd
• havp squid freebsd
• optimasi squid freebsd 7 1
• havp
• havp whitelist
• havp keepback
• how to check havp log
• havp installation
• freebsd havp install
• havp antivirus test
• freebsd havp squid
• freebsd mandatory locking
• freebsd proxy antivirus
• antivirus: http proxy (havp clamav)
• havp virus test
• how to install havp antivirus on pfsense
• integrating squid and clamav
• proxy antivirus freebsd
• squid antivirus freebsd
• havp antivirus
• test havp antivirus
• squid havp
• test havp
• freebsd squid havp howto
• freebsd proxy virus
• havp scanimages false
• Mandatory Locking FreeBSd
• mandatory locking disabled keepback settings not used
• havp tutorial
• freebsd ; havp
• how to install havp
• how to install havp on freebsd
• install freebsd port behind proxy
• installer havp
• havp freebsd7
• havp freebsd 7
• local http proxy with clamav
• havp access log