squid + c-icap + squidclamav creates i-cap protocol error

fl0w3b

New Member


Messages: 3

I am trying to run squid (version 4.1) with squidclamav. This used to work fine but broke with an update to the current c-icap (0.5.5) version. When I try to access a webpage, I get the following error:
Code:
The following error was encountered while trying to retrieve the URL: http://www.eicar.com/
ICAP protocol error.

The system returned: [No Error]
This means that some aspect of the ICAP communication failed.

Some possible problems are:

  • The ICAP server is not reachable.
  • An Illegal response was received from the ICAP server.
The c-icap server is however running:
Code:
/usr/local/bin/c-icap-client -i 127.0.0.1 -p 1344 -d 10
OK done with options!
ICAP server:127.0.0.1, ip:127.0.0.1, port:1344

OPTIONS:
    Allow 204: Yes
    Preview: 1024
    Keep alive: Yes

ICAP HEADERS:
    ICAP/1.0 200 OK
    Methods: RESPMOD, REQMOD
    Service: C-ICAP/0.5.5 server - Echo demo service
    ISTag: CI0001-XXXXXXXXX
    Transfer-Preview: *
    Options-TTL: 3600
    Date: Sun, 21 Oct 2018 18:56:34 GMT
    Preview: 1024
    Allow: 204
    X-Include: X-Authenticated-User, X-Authenticated-Groups
    Encapsulated: null-body=0
I am not sure what is causing the issue. The redirect in the squid.conf looks like this:

Code:
icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_encode off
icap_client_username_header X-Authenticated-User
icap_preview_enable on
icap_preview_size 1024
adaptation_send_client_ip on
adaptation_send_username on
icap_service squidclamav1 reqmod_precache icap://127.0.0.1:1344/squidclamav bypass=0
icap_service squidclamav2 respmod_precache icap://127.0.0.1:1344/squidclamav bypass=0
adaptation_service_chain svcRequest squidclamav1
adaptation_service_chain svcResponse squidclamav2            
adaptation_access svcRequest allow all
adaptation_access svcResponse allow all
Really appreciate any ideas what might help.
Thank you
 

CompDrClovis

New Member


Messages: 1

I know this is kind of old, but it came up when I searched for the same issue, so it's worth answering I guess.

Most likely issue is that squidclamav.conf says
Code:
clamd_local /var/run/clamav/clamd.ctl
but by default, clamd is set up for /var/run/clamav/clamd.sock. Just change the ctl to sock, restart c-icap and squid, and you should be good to go.
 
Top