andrystepa
16-03-2008, 19:38
В качестве шлюза использую компьютер с Mandriva Linux 2007 PowerPack+. На нем стоит прозрачный прокси Squid.
Для проверки http траффика из инета в локальную сеть установил на шлюзе squidclamav, настроил в Squid редиректор:
redirect_program /usr/local/squidclamav/bin/squidclamav
redirect_children 15
Установил clamav-0.92-1.2-mdv-i586. Файл clamd.conf привожу:
LogFile /var/log/clamav/clamd.log
LogTime yes
LogVerbose yes
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /var/lib/clamav/tmp
DatabaseDirectory /var/lib/clamav
LocalSocket /var/lib/clamav/clamd.socket
FixStaleSocket yes
TCPSocket 3310
TCPAddr 127.0.0.1
# Maximum number of threads running at the same time.
# Default: 10
MaxThreads 64
ReadTimeout 300
FollowDirectorySymlinks yes
FollowFileSymlinks yes
# Run as another user (clamd must be started by root for this option to work)
# Default: don't drop privileges
User clamav
# Initialize supplementary group access (clamd must be started by root).
# Default: no
AllowSupplementaryGroups yes
ScanPE yes
# Executable and Linking Format is a standard format for UN*X executables.
# This option allows you to control the scanning of ELF files.
# Default: yes
ScanELF yes
# This option enables scanning of OLE2 files, such as Microsoft Office
# documents and .msi files.
# Default: yes
ScanOLE2 yes
# Enable internal e-mail scanner.
# Default: yes
ScanMail yes
# Perform HTML normalisation and decryption of MS Script Encoder code.
# Default: yes
ScanHTML yes
# ClamAV can scan within archives and compressed files.
# Default: yes
ScanArchive yes
Все опции конфига, которые не приведены - по дефолту.
Конфиг для Squidclamav:
squidclamav.patterns.dist
# The ordering of lines is this file is critical
# Lines have the form:
# regex|regexi pattern
# abort|aborti pattern
#
redirect http://192.168.0.254/cgi-bin/clwarn.cgi
logfile /var/log/squid/squidclamav.log
# proxy http://127.0.0.1:3128
debug 0
force 1
timeout 60
clamd_ip 127.0.0.1
clamd_port 3310
# clamd_local /var/run/clamav/clamd.ctl
stat 1
abort ^.*\.gz$
abort ^.*\.bz2$
abort ^.*\.pdf$
#abort ^.*\.js$
abort ^.*\.html$
abort ^.*\.css$
#abort ^.*\.xml$
#abort ^.*\.xsl$
#abort ^.*\.js$
abort ^.*\.ico$
aborti ^.*\.gif$
aborti ^.*\.png$
aborti ^.*\.jpg$
#aborti ^.*\.swf$
content ^.*application\/.*$
regexi ^.*\.dll$
Запустил clamd и всю остальную байду. Результат не заставил себя ждать - практически все интернет
сайты стали грузиться с черепашьей скоростью. К примеру rbc.ru на компьютере в локальной сети
грузился десять минут. Смотрю логи. Приведу часть clamd.log:
Thu Mar 13 09:49:03 2008 -> Accepted connection on port 1846, fd 8
Thu Mar 13 09:49:03 2008 -> Accepted connection on port 1732, fd 12
Thu Mar 13 09:49:03 2008 -> Accepted connection on port 1586, fd 20
Thu Mar 13 09:49:03 2008 -> Accepted connection on port 1378, fd 64
Thu Mar 13 09:49:04 2008 -> Accepted connection on port 1949, fd 20
Thu Mar 13 09:49:04 2008 -> Accepted connection on port 1715, fd 24
Thu Mar 13 09:49:04 2008 -> Accepted connection on port 1724, fd 28
Thu Mar 13 09:49:05 2008 -> Accepted connection on port 1512, fd 36
Thu Mar 13 09:49:05 2008 -> Accepted connection on port 1632, fd 40
Thu Mar 13 09:49:05 2008 -> Accepted connection on port 1140, fd 12
Thu Mar 13 09:49:05 2008 -> Accepted connection on port 1253, fd 44
Thu Mar 13 09:49:05 2008 -> Accepted connection on port 1606, fd 48
Thu Mar 13 09:49:05 2008 -> Accepted connection on port 1695, fd 56
Thu Mar 13 09:49:05 2008 -> Accepted connection on port 1348, fd 64
Thu Mar 13 09:50:01 2008 -> Accepted connection on port 1375, fd 8
Thu Mar 13 09:50:01 2008 -> stream 1375: Eicar-Test-Signature FOUND
Thu Mar 13 09:55:01 2008 -> Accepted connection on port 1852, fd 8
Thu Mar 13 09:55:01 2008 -> stream 1852: Eicar-Test-Signature FOUND
Thu Mar 13 10:00:01 2008 -> Accepted connection on port 1039, fd 8
Thu Mar 13 10:00:01 2008 -> stream 1039: Eicar-Test-Signature FOUND
Thu Mar 13 10:05:01 2008 -> SelfCheck: Database status OK.
Thu Mar 13 10:05:01 2008 -> Accepted connection on port 1847, fd 8
Thu Mar 13 10:05:01 2008 -> stream 1847: Eicar-Test-Signature FOUND
Thu Mar 13 10:10:01 2008 -> Accepted connection on port 2043, fd 8
Thu Mar 13 10:10:01 2008 -> stream 2043: Eicar-Test-Signature FOUND
Thu Mar 13 10:15:01 2008 -> Accepted connection on port 1948, fd 8
Thu Mar 13 10:15:01 2008 -> stream 1948: Eicar-Test-Signature FOUND
Thu Mar 13 10:20:01 2008 -> Accepted connection on port 1112, fd 8
Thu Mar 13 10:20:01 2008 -> stream 1112: Eicar-Test-Signature FOUND
Thu Mar 13 10:25:01 2008 -> Accepted connection on port 1227, fd 8
Thu Mar 13 10:25:01 2008 -> stream 1227: Eicar-Test-Signature FOUND
Thu Mar 13 10:30:01 2008 -> Accepted connection on port 1300, fd 8
Thu Mar 13 10:30:01 2008 -> stream 1300: Eicar-Test-Signature FOUND
Хоть этот лог я и не очень понимаю, но видно, что антивирус находит тестовый вирус. Но при этом комп из локальной сети его благополучно скачал!
Смотрю лог Squidclamav:
ttp://pics.rbc.ru/5e89k3j/ty5a3/djbefntrbs/fhchfjhqgser/234-200_rbk.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dtop_top.20080307113605.72759%26lid%3Dtop_top%26id%3D72759%26code%3D%21http%3A//ad.adriver.ru/cgi-bin/click.cgi%3Fsid%3D1%26ad%3D121019%26bt%3D37%26pid%3D219377%26bid%3D416304%26bn%3D416304%26rnd%3D8018 11192%26bn%3D416304&seed=35228
Thu Mar 13 09:49:03 2008 [30105] ERROR CURLOPT_ERRORBUFFER: Operation timed out after 60 seconds with 0 bytes received
Thu Mar 13 09:49:03 2008 [30105] STAT Total process time 118.375 second(s)
Thu Mar 13 09:49:03 2008 [30103] STAT Virus Scanning process time 58.953 second(s)
Thu Mar 13 09:49:03 2008 [30103] STAT Total process time 59.232 second(s)
Thu Mar 13 09:49:04 2008 [30095] ERROR fail downloading url http://pics.rbc.ru/1ewm9v2j/ye/a2t/ebgicvpoymk/fhjhbiaohlir/234-200_sareevo_1.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dtop_economics.20080307112043.79718%26lid%3Dtop_economics%26id%3D79718%26code%3D %21http%253A%252F%252Fwww.artgrad.info%252F&seed=51299
Thu Mar 13 09:49:04 2008 [30095] ERROR CURLOPT_ERRORBUFFER: Operation timed out after 60 seconds with 0 bytes received
Thu Mar 13 09:49:04 2008 [30095] STAT Total process time 119.329 second(s)
Thu Mar 13 09:49:04 2008 [30096] ERROR fail downloading url http://pics.rbc.ru/img/banners/show_flash.js
Thu Mar 13 09:49:04 2008 [30096] ERROR CURLOPT_ERRORBUFFER: Operation timed out after 60 seconds with 0 bytes received
Thu Mar 13 09:49:04 2008 [30096] STAT Total process time 119.322 second(s)
Thu Mar 13 09:49:04 2008 [30093] STAT Virus Scanning process time 0.632 second(s)
Thu Mar 13 09:49:04 2008 [30093] STAT Total process time 1.291 second(s)
Thu Mar 13 09:49:04 2008 [30104] ERROR fail downloading url http://pics.rbc.ru/1ewm9v2j/ye/a2t/ebgicvpoymk/fhjhbiaohlir/234-200_sareevo_1.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dtop_economics.20080307112043.79718%26lid%3Dtop_economics%26id%3D79718%26code%3D %21http%253A%252F%252Fwww.artgrad.info%252F&seed=51299
Thu Mar 13 09:49:04 2008 [30104] ERROR CURLOPT_ERRORBUFFER: Operation timed out after 60 seconds with 5544 out of 19391 bytes received
Thu Mar 13 09:49:04 2008 [30104] STAT Total process time 60.080 second(s)
Thu Mar 13 09:49:04 2008 [30104] STAT Total process time 0.000 second(s)
Thu Mar 13 09:49:04 2008 [30104] STAT Total process time 0.000 second(s)
Thu Mar 13 09:49:04 2008 [30103] STAT Total process time 0.656 second(s)
Thu Mar 13 09:49:04 2008 [30098] ERROR fail downloading url http://pics.rbc.ru/1ewm9v2j/ye/a2t/ebgicvpoymk/fhjhbiaohlir/234-200_sareevo_1.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dtop_economics.20080307112043.79718%26lid%3Dtop_economics%26id%3D79718%26code%3D %21http%253A%252F%252Fwww.artgrad.info%252F&seed=51299
Thu Mar 13 09:49:04 2008 [30098] ERROR CURLOPT_ERRORBUFFER: Operation timed out after 60 seconds with 0 bytes received
Thu Mar 13 09:49:04 2008 [30098] STAT Total process time 60.284 second(s)
Thu Mar 13 09:49:04 2008 [30098] STAT Total process time 0.000 second(s)
Thu Mar 13 09:49:04 2008 [30100] STAT Virus Scanning process time 59.955 second(s)
Thu Mar 13 09:49:04 2008 [30100] STAT Total process time 60.240 second(s)
Thu Mar 13 09:49:05 2008 [30101] ERROR fail downloading url http://pics.rbc.ru/img/banners/show_flash.js
Thu Mar 13 09:49:05 2008 [30101] ERROR CURLOPT_ERRORBUFFER: Operation timed out after 60 seconds with 0 bytes received
Thu Mar 13 09:49:05 2008 [30101] STAT Total process time 60.051 second(s)
Thu Mar 13 09:49:05 2008 [30106] STAT Virus Scanning process time 1.669 second(s)
Thu Mar 13 09:49:05 2008 [30106] STAT Total process time 2.323 second(s)
Thu Mar 13 09:49:05 2008 [30105] STAT Virus Scanning process time 1.955 second(s)
Thu Mar 13 09:49:05 2008 [30105] STAT Total process time 2.619 second(s)
Thu Mar 13 09:49:05 2008 [30101] STAT Total process time 0.570 second(s)
Thu Mar 13 09:49:52 2008 [30096] ERROR fail downloading url http://pics.rbc.ru/1ewm9v2j/ye/a2t/ebgicvpoymk/fhjhbiaohlir/234-200_sareevo_1.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dtop_economics.20080307112043.79718%26lid%3Dtop_economics%26id%3D79718%26code%3D %21http%253A%252F%252Fwww.artgrad.info%252F&seed=51299
Thu Mar 13 09:49:52 2008 [30096] ERROR CURLOPT_ERRORBUFFER: couldn't connect to host
Thu Mar 13 09:49:52 2008 [30096] STAT Total process time 48.128 second(s)
Thu Mar 13 09:49:52 2008 [30093] ERROR fail downloading url http://pics.rbc.ru/img/banners/show_flash.js
Thu Mar 13 09:49:52 2008 [30093] ERROR CURLOPT_ERRORBUFFER: couldn't connect to host
Thu Mar 13 09:49:52 2008 [30093] STAT Total process time 47.833 second(s)
Thu Mar 13 09:49:52 2008 [30106] ERROR fail downloading url http://pics.rbc.ru/qe8/9d/j/gya1a1/cddvnpahs/fejcjbyslujp/davidoff_234-100-3.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dfirstpage_graph2.20080311142131.49291%26lid%3Dfirstpage_graph2%26id%3D49291%26c ode%3D%21http%253A%252F%252Fdavidoff-parfums.ru%252F&seed=52835
Thu Mar 13 09:49:52 2008 [30106] ERROR CURLOPT_ERRORBUFFER: couldn't connect to host
Thu Mar 13 09:49:52 2008 [30106] STAT Total process time 46.802 second(s)
Thu Mar 13 09:49:52 2008 [30100] ERROR fail downloading url http://pics.rbc.ru/img/banners/show_flash.js
Thu Mar 13 09:49:52 2008 [30100] ERROR CURLOPT_ERRORBUFFER: couldn't connect to host
Thu Mar 13 09:49:52 2008 [30100] STAT Total process time 47.147 second(s)
Thu Mar 13 09:49:52 2008 [30105] ERROR fail downloading url http://pics.rbc.ru/jev/9/1jzy1/a9n/deefwbdonr/fhjabbqjnmev/100p_60_1.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dbanner_news.20080303143450.79011%26lid%3Dbanner_news%26id%3D79011%26code%3D%21h ttp%253A%252F%252Fwww.megafon.ru%252Fmain%252Ffederaloffer%252F&seed=24671
Thu Mar 13 09:49:52 2008 [30105] ERROR CURLOPT_ERRORBUFFER: couldn't connect to host
Thu Mar 13 09:49:52 2008 [30104] ERROR fail downloading url http://pics.rbc.ru/ge/f90ajfy1ah/dijjygrxqs/fiaceiaaxlbh/baner_950-60_lenta_dynamic.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dfirstpage_end.20080312180149.80248%26lid%3Dfirstpage_end%26id%3D80248%26code%3D %21http%253A%252F%252Fwww.su155.ru%252Fru%252Fservice%252Fsale&seed=155
Thu Mar 13 09:49:52 2008 [30104] ERROR CURLOPT_ERRORBUFFER: Empty reply from server
Thu Mar 13 09:49:52 2008 [30099] ERROR fail downloading url http://pics.rbc.ru/img/banners/show_flash.js
Thu Mar 13 09:49:52 2008 [30104] STAT Total process time 47.740 second(s)
Thu Mar 13 09:49:52 2008 [30099] ERROR CURLOPT_ERRORBUFFER: Empty reply from server
Thu Mar 13 09:49:52 2008 [30099] STAT Total process time 107.520 second(s)
Thu Mar 13 09:49:52 2008 [30102] ERROR fail downloading url http://pics.rbc.ru/pe4/9/7j5ychai/djbefntrbs/fiacfaufccxx/dell_banner_blue_static_server_rbcru_234-200_001.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dtop_left.20080312182236.80250%26lid%3Dtop_left%26id%3D80250%26code%3D%21http%25 3A%252F%252Fwww1.euro.dell.com%252Fcontent%252Fproducts%252Fcategory.aspx%252Fenterprise%253Fc%253Dr u%2526cs%253Drubsdc%2526l%253Dru%2526s%253Dbsd&seed=35047
Thu Mar 13 09:49:52 2008 [30102] ERROR CURLOPT_ERRORBUFFER: Empty reply from server
Thu Mar 13 09:49:52 2008 [30102] STAT Total process time 107.213 second(s)
Thu Mar 13 09:49:52 2008 [30101] ERROR fail downloading url http://yabs.yandex.ru/resource/flashldr003.js
Thu Mar 13 09:49:52 2008 [30101] ERROR CURLOPT_ERRORBUFFER: couldn't connect to host
Thu Mar 13 09:49:52 2008 [30107] ERROR fail downloading url http://pics.rbc.ru/img/banners/show_flash.js
Thu Mar 13 09:49:52 2008 [30101] STAT Total process time 46.501 second(s)
Thu Mar 13 09:49:52 2008 [30107] ERROR CURLOPT_ERRORBUFFER: couldn't connect to host
Thu Mar 13 09:49:52 2008 [30107] STAT Total process time 49.127 second(s)
Thu Mar 13 09:49:52 2008 [30094] ERROR fail downloading url http://pics.rbc.ru/4e29zj/xy9/as3/ebgjgluqvuq/fhgbgdwalscy/mobilitymood_200-600_ru.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dbanner_right.20080130113452.76163%26lid%3Dbanner_right%26id%3D76163%26code%3D%2 1http%253A%252F%252Fbody.imho.ru%252Fclick.ng%252Fimpt%253Dimp%2526place%253Drbc_pixel%2526id%253D24 010841%2526transactionId%253D571178&seed=22603
Thu Mar 13 09:49:52 2008 [30094] ERROR CURLOPT_ERRORBUFFER: Empty reply from server
Thu Mar 13 09:49:52 2008 [30094] STAT Total process time 107.092 second(s)
Thu Mar 13 09:49:52 2008 [30097] ERROR fail downloading url http://yabs.yandex.ru/resource/flashldr003.js
Thu Mar 13 09:49:52 2008 [30097] ERROR CURLOPT_ERRORBUFFER: Empty reply from server
Thu Mar 13 09:49:52 2008 [30097] STAT Total process time 107.534 second(s)
Thu Mar 13 09:49:52 2008 [30095] ERROR fail downloading url http://pics.rbc.ru/5e89k3j/ty5a3/djbefntrbs/fhchfjhqgser/234-200_rbk.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dtop_top.20080307113605.72759%26lid%3Dtop_top%26id%3D72759%26code%3D%21http%3A//ad.adriver.ru/cgi-bin/click.cgi%3Fsid%3D1%26ad%3D121019%26bt%3D37%26pid%3D219377%26bid%3D416304%26bn%3D416304%26rnd%3D8018 11192%26bn%3D416304&seed=35228
Thu Mar 13 09:49:52 2008 [30095] ERROR CURLOPT_ERRORBUFFER: Empty reply from server
Thu Mar 13 09:49:52 2008 [30098] ERROR fail downloading url http://pics.rbc.ru/ge/f90ajfy1ah/dijjygrxqs/fiaceiaaxlbh/baner_950-60_lenta_dynamic.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dfirstpage_end.20080312180149.80248%26lid%3Dfirstpage_end%26id%3D80248%26code%3D %21http%253A%252F%252Fwww.su155.ru%252Fru%252Fservice%252Fsale&seed=23757
Thu Mar 13 09:49:52 2008 [30095] STAT Total process time 48.136 second(s)
Thu Mar 13 09:49:52 2008 [30098] ERROR CURLOPT_ERRORBUFFER: couldn't connect to host
Thu Mar 13 09:49:52 2008 [30098] STAT Total process time 47.204 second(s)
Thu Mar 13 09:49:52 2008 [30105] STAT Total process time 46.505 second(s)
Thu Mar 13 09:49:52 2008 [30103] ERROR fail downloading url http://pics.rbc.ru/9e/9mjm/yoanj/djdhosddbf/fiacaistvwww/234-100.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dfirstpage_top.20080312122255.80208%26lid%3Dfirstpage_top%26id%3D80208%26code%3D %21http%253A%252F%252Fwww.carnival-kia.ru%252F&seed=11663
Thu Mar 13 09:49:52 2008 [30103] ERROR CURLOPT_ERRORBUFFER: couldn't connect to host
Thu Mar 13 09:49:52 2008 [30103] STAT Total process time 47.504 second(s)
Вот тут уже я совсем не разобрался. Почему некоторые урлы не качаются?
Почему ERROR CURLOPT_ERRORBUFFER, и что это значит? Может это и есть причина тормозов?
Или что-то не так в конфигах? Помогите пожалуйста!
Для проверки http траффика из инета в локальную сеть установил на шлюзе squidclamav, настроил в Squid редиректор:
redirect_program /usr/local/squidclamav/bin/squidclamav
redirect_children 15
Установил clamav-0.92-1.2-mdv-i586. Файл clamd.conf привожу:
LogFile /var/log/clamav/clamd.log
LogTime yes
LogVerbose yes
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /var/lib/clamav/tmp
DatabaseDirectory /var/lib/clamav
LocalSocket /var/lib/clamav/clamd.socket
FixStaleSocket yes
TCPSocket 3310
TCPAddr 127.0.0.1
# Maximum number of threads running at the same time.
# Default: 10
MaxThreads 64
ReadTimeout 300
FollowDirectorySymlinks yes
FollowFileSymlinks yes
# Run as another user (clamd must be started by root for this option to work)
# Default: don't drop privileges
User clamav
# Initialize supplementary group access (clamd must be started by root).
# Default: no
AllowSupplementaryGroups yes
ScanPE yes
# Executable and Linking Format is a standard format for UN*X executables.
# This option allows you to control the scanning of ELF files.
# Default: yes
ScanELF yes
# This option enables scanning of OLE2 files, such as Microsoft Office
# documents and .msi files.
# Default: yes
ScanOLE2 yes
# Enable internal e-mail scanner.
# Default: yes
ScanMail yes
# Perform HTML normalisation and decryption of MS Script Encoder code.
# Default: yes
ScanHTML yes
# ClamAV can scan within archives and compressed files.
# Default: yes
ScanArchive yes
Все опции конфига, которые не приведены - по дефолту.
Конфиг для Squidclamav:
squidclamav.patterns.dist
# The ordering of lines is this file is critical
# Lines have the form:
# regex|regexi pattern
# abort|aborti pattern
#
redirect http://192.168.0.254/cgi-bin/clwarn.cgi
logfile /var/log/squid/squidclamav.log
# proxy http://127.0.0.1:3128
debug 0
force 1
timeout 60
clamd_ip 127.0.0.1
clamd_port 3310
# clamd_local /var/run/clamav/clamd.ctl
stat 1
abort ^.*\.gz$
abort ^.*\.bz2$
abort ^.*\.pdf$
#abort ^.*\.js$
abort ^.*\.html$
abort ^.*\.css$
#abort ^.*\.xml$
#abort ^.*\.xsl$
#abort ^.*\.js$
abort ^.*\.ico$
aborti ^.*\.gif$
aborti ^.*\.png$
aborti ^.*\.jpg$
#aborti ^.*\.swf$
content ^.*application\/.*$
regexi ^.*\.dll$
Запустил clamd и всю остальную байду. Результат не заставил себя ждать - практически все интернет
сайты стали грузиться с черепашьей скоростью. К примеру rbc.ru на компьютере в локальной сети
грузился десять минут. Смотрю логи. Приведу часть clamd.log:
Thu Mar 13 09:49:03 2008 -> Accepted connection on port 1846, fd 8
Thu Mar 13 09:49:03 2008 -> Accepted connection on port 1732, fd 12
Thu Mar 13 09:49:03 2008 -> Accepted connection on port 1586, fd 20
Thu Mar 13 09:49:03 2008 -> Accepted connection on port 1378, fd 64
Thu Mar 13 09:49:04 2008 -> Accepted connection on port 1949, fd 20
Thu Mar 13 09:49:04 2008 -> Accepted connection on port 1715, fd 24
Thu Mar 13 09:49:04 2008 -> Accepted connection on port 1724, fd 28
Thu Mar 13 09:49:05 2008 -> Accepted connection on port 1512, fd 36
Thu Mar 13 09:49:05 2008 -> Accepted connection on port 1632, fd 40
Thu Mar 13 09:49:05 2008 -> Accepted connection on port 1140, fd 12
Thu Mar 13 09:49:05 2008 -> Accepted connection on port 1253, fd 44
Thu Mar 13 09:49:05 2008 -> Accepted connection on port 1606, fd 48
Thu Mar 13 09:49:05 2008 -> Accepted connection on port 1695, fd 56
Thu Mar 13 09:49:05 2008 -> Accepted connection on port 1348, fd 64
Thu Mar 13 09:50:01 2008 -> Accepted connection on port 1375, fd 8
Thu Mar 13 09:50:01 2008 -> stream 1375: Eicar-Test-Signature FOUND
Thu Mar 13 09:55:01 2008 -> Accepted connection on port 1852, fd 8
Thu Mar 13 09:55:01 2008 -> stream 1852: Eicar-Test-Signature FOUND
Thu Mar 13 10:00:01 2008 -> Accepted connection on port 1039, fd 8
Thu Mar 13 10:00:01 2008 -> stream 1039: Eicar-Test-Signature FOUND
Thu Mar 13 10:05:01 2008 -> SelfCheck: Database status OK.
Thu Mar 13 10:05:01 2008 -> Accepted connection on port 1847, fd 8
Thu Mar 13 10:05:01 2008 -> stream 1847: Eicar-Test-Signature FOUND
Thu Mar 13 10:10:01 2008 -> Accepted connection on port 2043, fd 8
Thu Mar 13 10:10:01 2008 -> stream 2043: Eicar-Test-Signature FOUND
Thu Mar 13 10:15:01 2008 -> Accepted connection on port 1948, fd 8
Thu Mar 13 10:15:01 2008 -> stream 1948: Eicar-Test-Signature FOUND
Thu Mar 13 10:20:01 2008 -> Accepted connection on port 1112, fd 8
Thu Mar 13 10:20:01 2008 -> stream 1112: Eicar-Test-Signature FOUND
Thu Mar 13 10:25:01 2008 -> Accepted connection on port 1227, fd 8
Thu Mar 13 10:25:01 2008 -> stream 1227: Eicar-Test-Signature FOUND
Thu Mar 13 10:30:01 2008 -> Accepted connection on port 1300, fd 8
Thu Mar 13 10:30:01 2008 -> stream 1300: Eicar-Test-Signature FOUND
Хоть этот лог я и не очень понимаю, но видно, что антивирус находит тестовый вирус. Но при этом комп из локальной сети его благополучно скачал!
Смотрю лог Squidclamav:
ttp://pics.rbc.ru/5e89k3j/ty5a3/djbefntrbs/fhchfjhqgser/234-200_rbk.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dtop_top.20080307113605.72759%26lid%3Dtop_top%26id%3D72759%26code%3D%21http%3A//ad.adriver.ru/cgi-bin/click.cgi%3Fsid%3D1%26ad%3D121019%26bt%3D37%26pid%3D219377%26bid%3D416304%26bn%3D416304%26rnd%3D8018 11192%26bn%3D416304&seed=35228
Thu Mar 13 09:49:03 2008 [30105] ERROR CURLOPT_ERRORBUFFER: Operation timed out after 60 seconds with 0 bytes received
Thu Mar 13 09:49:03 2008 [30105] STAT Total process time 118.375 second(s)
Thu Mar 13 09:49:03 2008 [30103] STAT Virus Scanning process time 58.953 second(s)
Thu Mar 13 09:49:03 2008 [30103] STAT Total process time 59.232 second(s)
Thu Mar 13 09:49:04 2008 [30095] ERROR fail downloading url http://pics.rbc.ru/1ewm9v2j/ye/a2t/ebgicvpoymk/fhjhbiaohlir/234-200_sareevo_1.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dtop_economics.20080307112043.79718%26lid%3Dtop_economics%26id%3D79718%26code%3D %21http%253A%252F%252Fwww.artgrad.info%252F&seed=51299
Thu Mar 13 09:49:04 2008 [30095] ERROR CURLOPT_ERRORBUFFER: Operation timed out after 60 seconds with 0 bytes received
Thu Mar 13 09:49:04 2008 [30095] STAT Total process time 119.329 second(s)
Thu Mar 13 09:49:04 2008 [30096] ERROR fail downloading url http://pics.rbc.ru/img/banners/show_flash.js
Thu Mar 13 09:49:04 2008 [30096] ERROR CURLOPT_ERRORBUFFER: Operation timed out after 60 seconds with 0 bytes received
Thu Mar 13 09:49:04 2008 [30096] STAT Total process time 119.322 second(s)
Thu Mar 13 09:49:04 2008 [30093] STAT Virus Scanning process time 0.632 second(s)
Thu Mar 13 09:49:04 2008 [30093] STAT Total process time 1.291 second(s)
Thu Mar 13 09:49:04 2008 [30104] ERROR fail downloading url http://pics.rbc.ru/1ewm9v2j/ye/a2t/ebgicvpoymk/fhjhbiaohlir/234-200_sareevo_1.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dtop_economics.20080307112043.79718%26lid%3Dtop_economics%26id%3D79718%26code%3D %21http%253A%252F%252Fwww.artgrad.info%252F&seed=51299
Thu Mar 13 09:49:04 2008 [30104] ERROR CURLOPT_ERRORBUFFER: Operation timed out after 60 seconds with 5544 out of 19391 bytes received
Thu Mar 13 09:49:04 2008 [30104] STAT Total process time 60.080 second(s)
Thu Mar 13 09:49:04 2008 [30104] STAT Total process time 0.000 second(s)
Thu Mar 13 09:49:04 2008 [30104] STAT Total process time 0.000 second(s)
Thu Mar 13 09:49:04 2008 [30103] STAT Total process time 0.656 second(s)
Thu Mar 13 09:49:04 2008 [30098] ERROR fail downloading url http://pics.rbc.ru/1ewm9v2j/ye/a2t/ebgicvpoymk/fhjhbiaohlir/234-200_sareevo_1.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dtop_economics.20080307112043.79718%26lid%3Dtop_economics%26id%3D79718%26code%3D %21http%253A%252F%252Fwww.artgrad.info%252F&seed=51299
Thu Mar 13 09:49:04 2008 [30098] ERROR CURLOPT_ERRORBUFFER: Operation timed out after 60 seconds with 0 bytes received
Thu Mar 13 09:49:04 2008 [30098] STAT Total process time 60.284 second(s)
Thu Mar 13 09:49:04 2008 [30098] STAT Total process time 0.000 second(s)
Thu Mar 13 09:49:04 2008 [30100] STAT Virus Scanning process time 59.955 second(s)
Thu Mar 13 09:49:04 2008 [30100] STAT Total process time 60.240 second(s)
Thu Mar 13 09:49:05 2008 [30101] ERROR fail downloading url http://pics.rbc.ru/img/banners/show_flash.js
Thu Mar 13 09:49:05 2008 [30101] ERROR CURLOPT_ERRORBUFFER: Operation timed out after 60 seconds with 0 bytes received
Thu Mar 13 09:49:05 2008 [30101] STAT Total process time 60.051 second(s)
Thu Mar 13 09:49:05 2008 [30106] STAT Virus Scanning process time 1.669 second(s)
Thu Mar 13 09:49:05 2008 [30106] STAT Total process time 2.323 second(s)
Thu Mar 13 09:49:05 2008 [30105] STAT Virus Scanning process time 1.955 second(s)
Thu Mar 13 09:49:05 2008 [30105] STAT Total process time 2.619 second(s)
Thu Mar 13 09:49:05 2008 [30101] STAT Total process time 0.570 second(s)
Thu Mar 13 09:49:52 2008 [30096] ERROR fail downloading url http://pics.rbc.ru/1ewm9v2j/ye/a2t/ebgicvpoymk/fhjhbiaohlir/234-200_sareevo_1.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dtop_economics.20080307112043.79718%26lid%3Dtop_economics%26id%3D79718%26code%3D %21http%253A%252F%252Fwww.artgrad.info%252F&seed=51299
Thu Mar 13 09:49:52 2008 [30096] ERROR CURLOPT_ERRORBUFFER: couldn't connect to host
Thu Mar 13 09:49:52 2008 [30096] STAT Total process time 48.128 second(s)
Thu Mar 13 09:49:52 2008 [30093] ERROR fail downloading url http://pics.rbc.ru/img/banners/show_flash.js
Thu Mar 13 09:49:52 2008 [30093] ERROR CURLOPT_ERRORBUFFER: couldn't connect to host
Thu Mar 13 09:49:52 2008 [30093] STAT Total process time 47.833 second(s)
Thu Mar 13 09:49:52 2008 [30106] ERROR fail downloading url http://pics.rbc.ru/qe8/9d/j/gya1a1/cddvnpahs/fejcjbyslujp/davidoff_234-100-3.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dfirstpage_graph2.20080311142131.49291%26lid%3Dfirstpage_graph2%26id%3D49291%26c ode%3D%21http%253A%252F%252Fdavidoff-parfums.ru%252F&seed=52835
Thu Mar 13 09:49:52 2008 [30106] ERROR CURLOPT_ERRORBUFFER: couldn't connect to host
Thu Mar 13 09:49:52 2008 [30106] STAT Total process time 46.802 second(s)
Thu Mar 13 09:49:52 2008 [30100] ERROR fail downloading url http://pics.rbc.ru/img/banners/show_flash.js
Thu Mar 13 09:49:52 2008 [30100] ERROR CURLOPT_ERRORBUFFER: couldn't connect to host
Thu Mar 13 09:49:52 2008 [30100] STAT Total process time 47.147 second(s)
Thu Mar 13 09:49:52 2008 [30105] ERROR fail downloading url http://pics.rbc.ru/jev/9/1jzy1/a9n/deefwbdonr/fhjabbqjnmev/100p_60_1.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dbanner_news.20080303143450.79011%26lid%3Dbanner_news%26id%3D79011%26code%3D%21h ttp%253A%252F%252Fwww.megafon.ru%252Fmain%252Ffederaloffer%252F&seed=24671
Thu Mar 13 09:49:52 2008 [30105] ERROR CURLOPT_ERRORBUFFER: couldn't connect to host
Thu Mar 13 09:49:52 2008 [30104] ERROR fail downloading url http://pics.rbc.ru/ge/f90ajfy1ah/dijjygrxqs/fiaceiaaxlbh/baner_950-60_lenta_dynamic.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dfirstpage_end.20080312180149.80248%26lid%3Dfirstpage_end%26id%3D80248%26code%3D %21http%253A%252F%252Fwww.su155.ru%252Fru%252Fservice%252Fsale&seed=155
Thu Mar 13 09:49:52 2008 [30104] ERROR CURLOPT_ERRORBUFFER: Empty reply from server
Thu Mar 13 09:49:52 2008 [30099] ERROR fail downloading url http://pics.rbc.ru/img/banners/show_flash.js
Thu Mar 13 09:49:52 2008 [30104] STAT Total process time 47.740 second(s)
Thu Mar 13 09:49:52 2008 [30099] ERROR CURLOPT_ERRORBUFFER: Empty reply from server
Thu Mar 13 09:49:52 2008 [30099] STAT Total process time 107.520 second(s)
Thu Mar 13 09:49:52 2008 [30102] ERROR fail downloading url http://pics.rbc.ru/pe4/9/7j5ychai/djbefntrbs/fiacfaufccxx/dell_banner_blue_static_server_rbcru_234-200_001.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dtop_left.20080312182236.80250%26lid%3Dtop_left%26id%3D80250%26code%3D%21http%25 3A%252F%252Fwww1.euro.dell.com%252Fcontent%252Fproducts%252Fcategory.aspx%252Fenterprise%253Fc%253Dr u%2526cs%253Drubsdc%2526l%253Dru%2526s%253Dbsd&seed=35047
Thu Mar 13 09:49:52 2008 [30102] ERROR CURLOPT_ERRORBUFFER: Empty reply from server
Thu Mar 13 09:49:52 2008 [30102] STAT Total process time 107.213 second(s)
Thu Mar 13 09:49:52 2008 [30101] ERROR fail downloading url http://yabs.yandex.ru/resource/flashldr003.js
Thu Mar 13 09:49:52 2008 [30101] ERROR CURLOPT_ERRORBUFFER: couldn't connect to host
Thu Mar 13 09:49:52 2008 [30107] ERROR fail downloading url http://pics.rbc.ru/img/banners/show_flash.js
Thu Mar 13 09:49:52 2008 [30101] STAT Total process time 46.501 second(s)
Thu Mar 13 09:49:52 2008 [30107] ERROR CURLOPT_ERRORBUFFER: couldn't connect to host
Thu Mar 13 09:49:52 2008 [30107] STAT Total process time 49.127 second(s)
Thu Mar 13 09:49:52 2008 [30094] ERROR fail downloading url http://pics.rbc.ru/4e29zj/xy9/as3/ebgjgluqvuq/fhgbgdwalscy/mobilitymood_200-600_ru.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dbanner_right.20080130113452.76163%26lid%3Dbanner_right%26id%3D76163%26code%3D%2 1http%253A%252F%252Fbody.imho.ru%252Fclick.ng%252Fimpt%253Dimp%2526place%253Drbc_pixel%2526id%253D24 010841%2526transactionId%253D571178&seed=22603
Thu Mar 13 09:49:52 2008 [30094] ERROR CURLOPT_ERRORBUFFER: Empty reply from server
Thu Mar 13 09:49:52 2008 [30094] STAT Total process time 107.092 second(s)
Thu Mar 13 09:49:52 2008 [30097] ERROR fail downloading url http://yabs.yandex.ru/resource/flashldr003.js
Thu Mar 13 09:49:52 2008 [30097] ERROR CURLOPT_ERRORBUFFER: Empty reply from server
Thu Mar 13 09:49:52 2008 [30097] STAT Total process time 107.534 second(s)
Thu Mar 13 09:49:52 2008 [30095] ERROR fail downloading url http://pics.rbc.ru/5e89k3j/ty5a3/djbefntrbs/fhchfjhqgser/234-200_rbk.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dtop_top.20080307113605.72759%26lid%3Dtop_top%26id%3D72759%26code%3D%21http%3A//ad.adriver.ru/cgi-bin/click.cgi%3Fsid%3D1%26ad%3D121019%26bt%3D37%26pid%3D219377%26bid%3D416304%26bn%3D416304%26rnd%3D8018 11192%26bn%3D416304&seed=35228
Thu Mar 13 09:49:52 2008 [30095] ERROR CURLOPT_ERRORBUFFER: Empty reply from server
Thu Mar 13 09:49:52 2008 [30098] ERROR fail downloading url http://pics.rbc.ru/ge/f90ajfy1ah/dijjygrxqs/fiaceiaaxlbh/baner_950-60_lenta_dynamic.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dfirstpage_end.20080312180149.80248%26lid%3Dfirstpage_end%26id%3D80248%26code%3D %21http%253A%252F%252Fwww.su155.ru%252Fru%252Fservice%252Fsale&seed=23757
Thu Mar 13 09:49:52 2008 [30095] STAT Total process time 48.136 second(s)
Thu Mar 13 09:49:52 2008 [30098] ERROR CURLOPT_ERRORBUFFER: couldn't connect to host
Thu Mar 13 09:49:52 2008 [30098] STAT Total process time 47.204 second(s)
Thu Mar 13 09:49:52 2008 [30105] STAT Total process time 46.505 second(s)
Thu Mar 13 09:49:52 2008 [30103] ERROR fail downloading url http://pics.rbc.ru/9e/9mjm/yoanj/djdhosddbf/fiacaistvwww/234-100.swf?link1=http%3A//banner.rbc.ru/banredir.cgi%3Fsid%3Dfirstpage_top.20080312122255.80208%26lid%3Dfirstpage_top%26id%3D80208%26code%3D %21http%253A%252F%252Fwww.carnival-kia.ru%252F&seed=11663
Thu Mar 13 09:49:52 2008 [30103] ERROR CURLOPT_ERRORBUFFER: couldn't connect to host
Thu Mar 13 09:49:52 2008 [30103] STAT Total process time 47.504 second(s)
Вот тут уже я совсем не разобрался. Почему некоторые урлы не качаются?
Почему ERROR CURLOPT_ERRORBUFFER, и что это значит? Может это и есть причина тормозов?
Или что-то не так в конфигах? Помогите пожалуйста!