DansGuardian Documentation Wiki

You are here: Main Index » faq


|

Wiki Information

Differences

This shows you the differences between the selected revision and the current version of the page.

faq 2010/05/25 08:47 faq 2010/10/22 16:50 current
Line 674: Line 674:
To use Kaspersky anti-virus with DansGuardian, use the ICAP server and the "icap" contentscanner configuration instead. To use Kaspersky anti-virus with DansGuardian, use the ICAP server and the "icap" contentscanner configuration instead.
-//**Installation#22. Which "contentscanner" option should I use with Clam Anti-Virus?**// \\ Use the //second// option, the one that references 'clamdscan.conf', which says 'plugname=clamdscan'. The 'clamdscan' option largely eliminates any sort of version dependency [build-time or run-time] between DansGuardian and ClamAV. +//**Installation#22. Which "contentscanner" option should I use with Clam Anti-Virus?**// \\ Use the //second// option, the one that references 'clamdscan.conf', which says 'plugname=clamdscan'. The 'clamdscan' option largely eliminates any sort of version dependency [build-time or run-time] between DansGuardian and ClamAV. It interfaces with the interprocess named pipe socket provided by the current version of ClamAV, and has no special requirements or restrictions.
-The old 'clamav' runtime option is present mainly for historical reasons (it may not even work at all any more with recent versions of ClamAV); the old 'clamav' runtime option is effectively deprecated. The <color #351><nowiki>--enable-clamav</nowiki></color> build option should __//not//__ be specified (it's not necessary, and probably won't even work any more). Most builds should use __//only//__ the <color #351><nowiki>--enable-clamd</nowiki></color> option. (In fact the unnecessary presence of <color #351><nowiki>--enable-clamav</nowiki></color> will probably cause DansGuardian to emit a weird error message about a ClamAV library version mismatch, then refuse to start up, even if 'clamav' is not actually configured.  Executables //without// the old 'clamav' build option will not experience this problem.) +The old 'clamav' runtime option remains present mainly for historical reasons (it may not even work at all any more with recent versions of ClamAV); the old 'clamav' runtime option is effectively deprecated. The <color #351><nowiki>--enable-clamav</nowiki></color> build option should __//not//__ be specified (it's not necessary, and probably won't even work any more). Most builds should use __//only//__ the <color #351><nowiki>--enable-clamd</nowiki></color> option. (In fact the unnecessary presence of build/configure option <color #351><nowiki>--enable-clamav</nowiki></color> will probably cause DansGuardian to emit a weird error message about a ClamAV library version mismatch, for example 
 +<code> 
 +dansguardian: error while loading shared libraries: libclamav.so.5: cannot open 
 +shared object file: No such file or directory 
 +</code> 
 +then refuse to start up, even if 'clamav' is not being used and so is not configured in dansguardian.conf.  Executables //without// the old 'clamav' build option will not experience this problem.)
-**//Installation#22b. On my system the 'clamdscan' option in dansguardian.conf says //!!Not Compiled!!//, but the 'clamav' option is present. Can I use the 'clamav' option instead? If not, what should I do?//** \\ The 'clamav' option is not exactly the same, may not work at all with recent releases of ClamAV, unneccessarily introduces an over-tight version dependency, can be difficult to install and maintain, and so is not recommended.+**//Installation#22b. On my system the 'clamdscan' option in dansguardian.conf says //!!Not Compiled!!//, but the 'clamav' option is present. Can I use the 'clamav' option instead? If not, what should I do?//** \\ The 'clamav' option is not exactly the same, probably will not work at all with more recent releases of ClamAV, unneccessarily introduces an overly tight version dependency, can be difficult to install and maintain, and for all these reasons is not recommended.
Instead, do one or more of the following: Instead, do one or more of the following:
-  * complain to your distribution about their DansGuardian package having been built inappropriately (builds should use //only// <color #351>--enable-clamd</color>, //not// <color #351>--enable-clamav</color> too)+  * complain to your distribution about their DansGuardian package having been built inappropriately (builds should use //only// ./configure option <color #351>--enable-clamd</color>, //not// <color #351>--enable-clamav</color> too)
  * obtain a more appropriate (and later?) DansGuardian package for your distribution from an "unofficial" repository (most distributions have one or more)   * obtain a more appropriate (and later?) DansGuardian package for your distribution from an "unofficial" repository (most distributions have one or more)
Line 688: Line 693:
  * rebuild DansGuardian from source, adding <color #351>--enable-clamd</color> to (and removing <color #351>--enable-clamav</color> from) its configuration (see Installation#24b for rebuilding "almost" the same)   * rebuild DansGuardian from source, adding <color #351>--enable-clamd</color> to (and removing <color #351>--enable-clamav</color> from) its configuration (see Installation#24b for rebuilding "almost" the same)
-  * forego the use of an Anti-Virus with DansGuardian+  * forego entirely the use of an Anti-Virus with DansGuardian
//**Installation#23. My system already runs the clam daemon. Can I just use the existing clam installation?**// \\ Yes, that's what <color #351>clamdscan</color> does, communicate with a clam daemon through the named pipe socket it provides. //**Installation#23. My system already runs the clam daemon. Can I just use the existing clam installation?**// \\ Yes, that's what <color #351>clamdscan</color> does, communicate with a clam daemon through the named pipe socket it provides.
-//**Installation#23b. I tried to enable clamdscan, but it just says "Could not perform virus scan!" What should I do?**// \\ Start by backing up out of the hole. Debugging clamdscan through DansGuardian is usually needlessly difficult and is seldom necessary. It will work much better to debug clamdscan directly. +//**Installation#23b. I tried to enable clamdscan, but it just says "Could not perform virus scan!" What should I do?**// \\ Start by backing out of your hole. Debugging clamdscan through DansGuardian is usually needlessly difficult and is seldom necessary. It will work much better to debug clamdscan directly.
At a shell prompt you should be able to execute <color #351>clamdscan\ [filename]</color> and get a few lines of output --including an OK and a SCAN\ SUMMARY. Until this direct use of clamdscan works correctly for you, don't even bother trying to use it through DansGuardian. If you have problems, you may find the ClamAV log (follow <color #351>LogFile</color> from /etc/clamd.conf), the ClamAV options related to debugging (probably <color #351>LogClean</color> and <color #351>Debug</color>), and the ClamAV documentation helpful. At a shell prompt you should be able to execute <color #351>clamdscan\ [filename]</color> and get a few lines of output --including an OK and a SCAN\ SUMMARY. Until this direct use of clamdscan works correctly for you, don't even bother trying to use it through DansGuardian. If you have problems, you may find the ClamAV log (follow <color #351>LogFile</color> from /etc/clamd.conf), the ClamAV options related to debugging (probably <color #351>LogClean</color> and <color #351>Debug</color>), and the ClamAV documentation helpful.
Line 929: Line 934:
**//Usage#12b. Should I treat adjustments I have to make to the DansGuardian configuration as "bugs"?//** \\ Not usually. The DansGuardian "default" configuration is __not__ a fixed canned configuration (it's more of a "starting point"). Some tweaking of the DansGuardian "default" configuration to better match your local usage patterns and policies is expected. **//Usage#12b. Should I treat adjustments I have to make to the DansGuardian configuration as "bugs"?//** \\ Not usually. The DansGuardian "default" configuration is __not__ a fixed canned configuration (it's more of a "starting point"). Some tweaking of the DansGuardian "default" configuration to better match your local usage patterns and policies is expected.
-**//Usage#13. DansGuardian doesn't work the way I want it to on my IPCop system.//** \\ Although the Cop+ that runs on the IPCop distribution is derived from DansGuardian+**//Usage#13. DansGuardian doesn't work the way I want it to on my IPCop system.//** \\ The Cop+ Web interface that controls DansGuardian gives you limited ability to edit Dansguardian Configuration files. The configuration files are all in /etc/dansguardian/ and subdirectories. You can edit the configuration files directly with vi from the command line or using WinSCP from a windows workstation. **Care Must be taken to keep the files owned by "nobody" or the Web interface will not be able to edit them anymore.** 
-the configuration tools are specific to Cop+ and are quite different from those used by vanilla DansGuardian.  +For help with Cop+, try [[http://home.earthlink.net/~copplus/dghelp.html]].
-For help with Cop+, try [[http://copfilter.endlich-mail.de/]].+
**//Usage#14. DansGuardian doesn't work the way I want it to on my SmoothWall Express or SmoothWall system.//** \\ For help with the homebrew DansGuardian package for SmoothWall Express, **//Usage#14. DansGuardian doesn't work the way I want it to on my SmoothWall Express or SmoothWall system.//** \\ For help with the homebrew DansGuardian package for SmoothWall Express,