DansGuardian Documentation Wiki

You are here: Main Index » common_problems


|

Wiki Information

Differences

This shows you the differences between the selected revision and the current version of the page.

common_problems 2010/04/19 11:18 common_problems 2010/05/25 22:26 current
Line 133: Line 133:
DansGuardian daemon group is sufficient. DansGuardian daemon group is sufficient.
-Incomplete DansGuardian daemon permissions setting can result in the rather mysterious message <color maroon>Unable\ to\ getgrnam():\ Success</color>. The user:group that DansGuardian runs as (possibly nobody:nogroup) must not be forbidden from accessing /etc/group. //For example// you may need to make the userid that DansGuardian runs as a member of group 'daemon'. +Incomplete DansGuardian daemon permissions setting can be another cause of the rather mysterious message <color maroon>Unable\ to\ getgrnam():\ Success</color>. (The most frequent cause is the value of daemongroup=  is not defined in /etc/group, usually because only `useradd` was executed and `groupadd` was forgotten.) The user:group that DansGuardian runs as (possibly nobody:nogroup) must not be forbidden from accessing /etc/group. //For example// you may need to make the userid that DansGuardian runs as a member of group 'daemon'.
==== Don't Prematurely Lock Down == ==== Don't Prematurely Lock Down ==
Line 218: Line 218:
you can by [[Log File Analysis#Using Squid Stub Logs|setting some configuration options]] you can by [[Log File Analysis#Using Squid Stub Logs|setting some configuration options]]
in DansGuardian (and maybe in Squid too). in DansGuardian (and maybe in Squid too).
- 
==== Many Blacklists Actually Categorize Rathern Than Ban ==== ==== Many Blacklists Actually Categorize Rathern Than Ban ====
Many "blacklists" actually categorize websites; Many "blacklists" actually categorize websites;
Line 226: Line 225:
you consider "bad", you consider "bad",
rather than all the website categories. rather than all the website categories.
-For example you probably don't want to ban the "homerepair" category,+For example you probably don't want to ban the "homerepair" category (or maybe you do),
and depending on your environment you may or may not not want to ban the "mail" category. and depending on your environment you may or may not not want to ban the "mail" category.
Line 247: Line 246:
and so tries to match the single most frequently used blacklist, and so tries to match the single most frequently used blacklist,
but DansGuardian configuration can be expanded far beyond the defaults if you wish.) but DansGuardian configuration can be expanded far beyond the defaults if you wish.)
 +
==== Squid Works By Itself, But Not With DansGuardian === ==== Squid Works By Itself, But Not With DansGuardian ===
When an end user computer accesses Squid directly, When an end user computer accesses Squid directly,
Line 318: Line 318:
  - Omit any leading period\\ (this may be different from some other software that won't work right with//out// the leading period)   - Omit any leading period\\ (this may be different from some other software that won't work right with//out// the leading period)
  - Use the longest possible (i.e. most specific) entry that will work yet remain flexible   - Use the longest possible (i.e. most specific) entry that will work yet remain flexible
-  - If shorter entries already exist and they conflict with your new entry, first lengthen the existing entries (without making them inoperative)+  - If shorter entries already exist and they conflict with your new entry, try using both 'banned...' and 'exception... ' lists (the 'exception...' lists take precedence, but only for exactly what's specified in them, for example banning "foobar.org" then excepting "bake.foobar.org" allows any webservers named *.bake.foobar.org but disallows all the rest of the foobar.org webservers)\\ \ another alternative is to try lengthening  the existing 'banned...' entries (without making them inoperative)
==== Operation Under NetBSD/FreeBSD/OpenBSD Is Somewhat Unreliable ==== ==== Operation Under NetBSD/FreeBSD/OpenBSD Is Somewhat Unreliable ====
Line 326: Line 326:
To improve the web search rankings of this important question, its detailed answer has been moved out to [[Operation Under NetBSD/FreeBSD/OpenBSD|its own separate document]]. (Also see questions Installation#26 and Installation#26b in the [[FAQ|Wiki FAQ]].) To improve the web search rankings of this important question, its detailed answer has been moved out to [[Operation Under NetBSD/FreeBSD/OpenBSD|its own separate document]]. (Also see questions Installation#26 and Installation#26b in the [[FAQ|Wiki FAQ]].)
 +
 +==== Eliminate Weird ClamAV Library Dependency ====
 +
 +In some circumstances some DansGuardian executables
 +will refuse to start up after issuing a message something like this:
 +<code>
 +dansguardian: error while loading shared libraries: libclamav.so.5: cannot open
 +shared object file: No such file or directory
 +</code>
 +This strange dependency on ClamAV can manifest //even if//
 +you don't use any anti-virus at all and have configured
 +your dansguardian.conf accordingly.
 +
 +Eliminating this weird ClamAV library dependency is
 +always possible (in fact straightforward);
 +//but __both__// build-time (./configure) and run-time
 +(dansguardian.conf) options may need to be adjusted
 +the first time.
 +The easiest way to correct the build-time options may be
 +to obtain a corrected DansGuardian package.
 +(Another alternative is to //re-build//
 +the dansguardian executable yourself.)
 +
 +When building DansGuardian, use the <color #351>--enable-clamd</color> ./configure option, but //not// the <color #351>--enable-clamav</color>
 +option too.
 +In an ideal world,
 +all DansGuardian packages obtained from distribution repositories
 +should already be built this way.
 +However in the real (not ideal) world, repository errors are possible.
 +Once DansGuardian is bult correctly,
 +you can then control whether or not to use ClamAV
 +purely through the configuration options in dansguardian.conf;
 +in other words once the build/configure options are correct,
 +you will never need to revisit them
 +no matter what you do with anti-virus.
 +
 +In dansguardian.conf, use the 'clamdscan' option rather than the 'clamav' option. The 'clamdscan' option interfaces to ClamAV through the interprocess named pipe socket provided by the clam daemon. (The old 'clamav' option tries to interface to ClamAV through a version dependent library [a *nix "shared object" (.so) is analogous to a Windows "dynamic link library" (.dll)] which is probably no longer supported nor even available.)
 +
 +