URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID12
Нить номер: 5283
[ Назад ]

Исходное сообщение
"Связка squid+icap+clamav"

Отправлено Timmur , 14-Дек-07 23:48 
При попытке запуска icap вылетает ошибка сегментирования:

[root@Linux bin]# ./c-icap -D
Enabling parameter -D
Setting parameter :PidFile=/var/run/c-icap.pid
Setting parameter :CommandsSocket=/var/run/c-icap/c-icap.ctl
Setting parameter :Timeout=300
Setting parameter :MaxKeepAliveRequests=100
Setting parameter :KeepAliveTimeout=600
Setting parameter :StartServers=3
Setting parameter :MaxServers=10
Setting parameter :MinSpareThreads=10
Setting parameter :MaxSpareThreads=20
Setting parameter :ThreadsPerChild=10
Setting parameter :MaxRequestsPerChild=0
Setting parameter :Port=1344
Setting parameter :User=nobody
Setting parameter :Group=nobody
Setting parameter :TmpDir=/var/tmp
Setting parameter :MaxMemObject=131072
Setting parameter :ServerLog=@prefix@/var/log/server.log
Setting parameter :AccessLog=@prefix@/var/log/access.log
Setting parameter :ModulesDir=/usr/local/c_icap/lib
Loading service :logger path sys_logger.so
Going to search variable Prefix in table sys_logger
Setting parameter :Prefix=C-ICAP:
Going to search variable Facility in table sys_logger
Setting parameter :Logger=sys_logger
Setting parameter :Logger=file_logger
Setting parameter :ServicesDir=/usr/local/c_icap/lib/
Loading service :echo_module path srv_echo.so
Found handler C_handler for service with extension:.so
Ошибка сегментирования


Вот что выдаёт strace, но я в этом не могу разобраться:

[root@Linux bin]# strace ./c-icap
execve("./c-icap", ["./c-icap"], [/* 25 vars */]) = 0
brk(0)                                  = 0x973d000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/usr/local/c_icap/lib/tls/i686/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/local/c_icap/lib/tls/i686", 0xbffe310c) = -1 ENOENT (No such file or directory)
open("/usr/local/c_icap/lib/tls/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/local/c_icap/lib/tls", 0xbffe310c) = -1 ENOENT (No such file or directory)
open("/usr/local/c_icap/lib/i686/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/local/c_icap/lib/i686", 0xbffe310c) = -1 ENOENT (No such file or directory)
open("/usr/local/c_icap/lib/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/local/c_icap/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=43061, ...}) = 0
mmap2(NULL, 43061, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f15000
close(3)                                = 0
open("/lib/libpthread.so.0", O_RDONLY)  = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \3107\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=131528, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f14000
mmap2(0x378000, 98784, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x378000
mmap2(0x38d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14) = 0x38d000
mmap2(0x38f000, 4576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x38f000
close(3)                                = 0
open("/usr/local/c_icap/lib/libicapapi.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200<\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=174119, ...}) = 0
mmap2(NULL, 63716, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x111000
mmap2(0x11f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd) = 0x11f000
close(3)                                = 0
open("/usr/local/c_icap/lib/libz.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/libz.so.1", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0F9\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=74928, ...}) = 0
mmap2(0x393000, 76176, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x393000
mmap2(0x3a5000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11) = 0x3a5000
close(3)                                = 0
open("/usr/local/c_icap/lib/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/libdl.so.2", O_RDONLY)       = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220j4\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=20564, ...}) = 0
mmap2(0x346000, 16504, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x346000
mmap2(0x349000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0x349000
close(3)                                = 0
open("/usr/local/c_icap/lib/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360\24 \0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1692524, ...}) = 0
mmap2(0x1eb000, 1410608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x1eb000
mmap2(0x33e000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x153) = 0x33e000
mmap2(0x341000, 9776, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x341000
close(3)                                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f13000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f12000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f126c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0x33e000, 8192, PROT_READ)     = 0
mprotect(0x349000, 4096, PROT_READ)     = 0
mprotect(0x38d000, 4096, PROT_READ)     = 0
mprotect(0x1e7000, 4096, PROT_READ)     = 0
munmap(0xb7f15000, 43061)               = 0
set_tid_address(0xb7f12708)             = 2025
set_robust_list(0xb7f12710, 0xc)        = 0
futex(0xbffe39d4, FUTEX_WAKE_PRIVATE, 1) = 0
rt_sigaction(SIGRTMIN, {0x37c2c0, [], SA_SIGINFO}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x37c340, [], SA_RESTART|SA_SIGINFO}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=10240*1024, rlim_max=RLIM_INFINITY}) = 0
uname({sys="Linux", node="Linux", ...}) = 0
brk(0)                                  = 0x973d000
brk(0x975e000)                          = 0x975e000
open("/usr/local/c_icap/etc/c-icap.magic", O_RDWR) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=1680, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f1f000
read(3, "# CURRENT GROUPS are :TEXT DATA "..., 4096) = 1680
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0xb7f1f000, 4096)                = 0
open("/usr/local/c_icap/etc/c-icap.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=4232, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f1f000
read(3, "#\n# This file contains the defau"..., 4096) = 4096
futex(0x34a06c, FUTEX_WAKE_PRIVATE, 2147483647) = 0
open("/usr/local/c_icap/lib/sys_logger.so", O_RDONLY) = 4
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\7\0\0004\0\0\0"..., 512) = 512
fstat64(4, {st_mode=S_IFREG|0644, st_size=5708, ...}) = 0
mmap2(NULL, 4576, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x121000
mmap2(0x122000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x1) = 0x122000
close(4)                                = 0
time(NULL)                              = 1197664659
open("/etc/localtime", O_RDONLY)        = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=1914, ...}) = 0
fstat64(4, {st_mode=S_IFREG|0644, st_size=1914, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f1e000
read(4, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\10\0\0\0\0"..., 4096) = 1914
_llseek(4, -30, [1884], SEEK_CUR)       = 0
read(4, "\nKRAT-7KRAST,M3.5.0,M10.5.0/3\n", 4096) = 30
close(4)                                = 0
munmap(0xb7f1e000, 4096)                = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1914, ...}) = 0
socket(PF_FILE, SOCK_DGRAM, 0)          = 4
fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0
connect(4, {sa_family=AF_FILE, path="/dev/log"}, 110) = 0
send(4, "<10>Dec 15 03:37:39 c-icap: gene"..., 75, MSG_NOSIGNAL) = 75
brk(0x9792000)                          = 0x9792000
open("/usr/local/c_icap/lib//srv_echo.so", O_RDONLY) = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260\6\0\0004\0\0\0"..., 512) = 512
fstat64(5, {st_mode=S_IFREG|0644, st_size=4280, ...}) = 0
mmap2(NULL, 7248, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x123000
mmap2(0x124000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0) = 0x124000
close(5)                                = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
[


Конфит icapa:

[root@Linux etc]# more c-icap.conf
#
# This file contains the default settings for c-icap
#


PidFile /var/run/c-icap.pid
CommandsSocket /var/run/c-icap/c-icap.ctl
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
## set KeepAliveTimeout to -1 for no timeout
KeepAliveTimeout 600
StartServers 3
MaxServers 10
MinSpareThreads     10
MaxSpareThreads     20
ThreadsPerChild     10
MaxRequestsPerChild  0


Port 1344
User nobody
Group nobody


#ServerAdmin you@your.address # Not implemented yet
#ServerName localhost:1344 # Not implemented yet

TmpDir /var/tmp
MaxMemObject 131072

ServerLog @prefix@/var/log/server.log
AccessLog @prefix@/var/log/access.log
#DebugLevel 3

ModulesDir /usr/local/c_icap/lib
Module logger sys_logger.so
#Module perl_handler perl_handler.so

sys_logger.Prefix "C-ICAP:"
sys_logger.Facility local1

##Specify wich logger to use......
Logger sys_logger
Logger file_logger

## AclControlers example. The default_acl is the buildin acl controller
## To load an extrernal access controller named my_acl.so use:
#Module access_controller  my_acl.so

## This parameter needed to specify the order of used acl controllers
## If not specified access control will be disabled
#AclControllers default_acl

## An example of acl lists for default_acl controller.
## acl and icap_access  are aliases for default_acl.acl and default_acl.icap_access
#acl localnet_options src 192.168.1.0/255.255.255.0 type options
acl localsquid_respmod src 127.0.0.1 type respmod
acl localsquid src 127.0.0.1
##Use the folllowing to demand use of username ......
##acl localnet src 192.168.1.0/255.255.255.0 user *
acl externalnet src 0.0.0.0/0.0.0.0
#acl barbarian src 192.168.1.5

##An example to specify access to server
#icap_access deny barbarian
#icap_access allow localnet_options
icap_access allow localsquid_respmod
#icap_access allow localsquid
## http_auth mean that the icap server must try to authenticate the request
## using the http headers ....
#icap_access  http_auth localnet
icap_access deny externalnet

#Also you can specify which hosts to log or not.
# Comment out the folowing two lines to log only the external net
#icap_access nolog localnet
#icap_access log externalnet

##An example for authentication methods ....
## To load an extarnal authentication method module named my_authmethod.so  use:
#Module auth_method my_authmethod.so

##The following parameter needed to specify the order of authenticators for
##specific authentication method. file_basic is a buildin authenticator
##for buildin basic authentication method (Not implemented yet......) ......
#AuthMethod basic file_basic


ServicesDir /usr/local/c_icap/lib/
Service echo_module srv_echo.so
Service url_check_module srv_url_check.so
Service antivirus_module srv_clamav.so

##Adding the alias avscan for srv_clamav service.
ServiceAlias  avscan srv_clamav?allow204=on&sizelimit=off&mode=simple


# Antivirus module settings
# For allowed file types or groups of file types look at  c-icap.magic
srv_clamav.ScanFileTypes TEXT DATA EXECUTABLE ARCHIVE GIF JPEG MSOFFICE
#The percentage of data to sent if the downloaded file exceeds the StartSendPercentDataAfter size
srv_clamav.SendPercentData 5
srv_clamav.StartSendPercentDataAfter 2M

##Comment out the following line to enable 204 responces outside previews for srv_clamav
## if your icap client support it. For squid let it off
#srv_clamav.Allow204Responces on

# The Maximum object to be scanned.
srv_clamav.MaxObjectSize  5M
#The directory which clamav library will use as temporary.
srv_clamav.ClamAvTmpDir /var/tmp
#Sets the maximum number of files in archive.)i Set it to 0 to disable it
srv_clamav.ClamAvMaxFilesInArchive 0
#Sets the maximal archived file size. Set it to 0 to disable it.
srv_clamav.ClamAvMaxFileSizeInArchive 100M
#The maximal recursion level.Set it to 0 to disable it.
srv_clamav.ClamAvMaxRecLevel 5

# And here the viralator-like mode.
# where to save documents
srv_clamav.VirSaveDir /var/infected/
# from where the documents can be retrieved (you can find the get_file.pl script in contrib dir)
srv_clamav.VirHTTPServer "DUMMY"
# The refresh  rate....
srv_clamav.VirUpdateTime   15
# For which filetypes the "virelator like mode" will be used.
srv_clamav.VirScanFileTypes ARCHIVE EXECUTABLE
[


Стоит Fedora8...


Содержание

Сообщения в этом обсуждении
"Связка squid+icap+clamav"
Отправлено Аноним , 17-Дек-07 13:42 
лично у меня сложилось чёткое впечатление, что squid + icap есть пока что весьма сырое решение, которое даже если заведётся будет иметь проблемы при эксплуатации.

"Связка squid+icap+clamav"
Отправлено Maksud , 15-Май-08 23:12 
>лично у меня сложилось чёткое впечатление, что squid + icap есть пока
>что весьма сырое решение, которое даже если заведётся будет иметь проблемы
>при эксплуатации.

Да Чайники Вы все!
Все пашет! и превосходно!
Было бы желание, придут к тебе и знания .......

Короче Debian 4.0+Squid 3 (собран из сорцов или пересобранный deb пакет)+Clamav (из репозитария)+C-ICAP Server. Работает на ура! Вся контора в инет ходит через него.


"Связка squid+icap+clamav"
Отправлено Maksud , 15-Май-08 23:16 
>[оверквотинг удален]
>>что весьма сырое решение, которое даже если заведётся будет иметь проблемы
>>при эксплуатации.
>
>Да Чайники Вы все!
>Все пашет! и превосходно!
>Было бы желание, придут к тебе и знания .......
>
>Короче Debian 4.0+Squid 3 (собран из сорцов или пересобранный deb пакет)+Clamav (из
>репозитария)+C-ICAP Server. Работает на ура! Вся контора в инет ходит через
>него.

Хотя справедливости ради, должен сказать что мучался долго. Дня 2.
гы-гы-гы....
Но муки стоили того! Решение идеальное! Вирусы ловит, глюков нету. Тормозов то же нету.
Сервак с запущенным Bind+sendmail+clamav+mimedefang+squid3 с icap и clamav`ом жрет всего 400 метров оперативки. Это не считая кучи всего остального по мелочи из запущенного.


"Связка squid+icap+clamav"
Отправлено Ma_X_X , 04-Янв-08 20:23 
>access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such
>file or directory)
>open("/usr/local/c_icap/lib/tls/i686/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
>stat64("/usr/local/c_icap/lib/tls/i686", 0xbffe310c) = -1 ENOENT (No such file or directory) ............

Может с этого и начать? Есть там эти файлы, которые "No such file or directory"?


"Связка squid+icap+clamav"
Отправлено Анонимус , 06-Июн-08 13:21 
>>access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such
>>file or directory)
>>open("/usr/local/c_icap/lib/tls/i686/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
>>stat64("/usr/local/c_icap/lib/tls/i686", 0xbffe310c) = -1 ENOENT (No such file or directory) ............
>
>Может с этого и начать? Есть там эти файлы, которые "No such
>file or directory"?

и права проверить


"Связка squid+icap+clamav"
Отправлено Анонимус , 06-Июн-08 13:22 
>>>access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such
>>>file or directory)
>>>open("/usr/local/c_icap/lib/tls/i686/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
>>>stat64("/usr/local/c_icap/lib/tls/i686", 0xbffe310c) = -1 ENOENT (No such file or directory) ............
>>
>>Может с этого и начать? Есть там эти файлы, которые "No such
>>file or directory"?
>
>и права проверить

User nobody
Group nobody

демон от них запускается.. а инсталлил наверное под рутом ?? =)