Clamav Probleme

User avatar
tsom
Posts: 65
Location: Husum / NF

Re: Clamav Probleme

Postby tsom » February 18th, 2017, 11:47 am

Tja, schade!
Das muß ich jetzt erstmal so hin nehmen. Aber es geht für mich derzeit nicht anders. :'(

Positiv ist aber, das ja anscheinend nicht viele das Problem haben. (Seiten und user).
pfSense läuft bei mir derzeit stabil, aber ich werde euch im Auge behalten.

Image von IpFire liegt gut gesichert und wartet auf Reaktivierung. ;)

Liebe Grüße
Peter
Image
Image

armageddon
Posts: 19
Contact:

Re: Clamav Probleme

Postby armageddon » May 13th, 2017, 8:43 am

Hallo,

Gibt es inzwischen eine Lösung?

Tschau

User avatar
tsom
Posts: 65
Location: Husum / NF

Re: Clamav Probleme

Postby tsom » May 13th, 2017, 5:15 pm

Hi armageddon,
wenn ich "FischerM" richtig verstehe wird es da auch so schnell keine Lösung geben nur die von "Roberto Peña" hier im thread.
Für einzelne Seiten immer hin eine Lösung die Funktioniert.

Schöne Grüße

Peter
Image
Image

armageddon
Posts: 19
Contact:

Re: Clamav Probleme

Postby armageddon » May 14th, 2017, 11:34 am

Da scheint sich was zu tun bei H&M.

Wenn man explizit über https geht, funzt alles.
Attachments
http_hm.png
https_hm.png

User avatar
Roberto Peña
Posts: 469
Location: Bilbao
Contact:

Re: Clamav Probleme

Postby Roberto Peña » May 14th, 2017, 4:05 pm

Hi armageddon.

Is with exclussion put in squidclamav.conf?. That is, what happens to the Squidclamav module activated? If you turn it off, does it work? If so, make an exclusion in the Squidclamav.conf file located in /etc/squidclamav.conf.

Without this also disabled, the solution (yes, temporary) is to do a bypass squid. To me, all the problems I have had, have been solved like this.

I think I have put the how is done in the forum. If you can not find it, tell me.

If still done, it still does not work, maybe some developer can help us.

Let's see if we can solve the problem. :)

Regards..
Image
Image

fredym
Posts: 138

Re: Clamav Probleme

Postby fredym » May 15th, 2017, 5:15 am

armageddon wrote:Da scheint sich was zu tun bei H&M.

Wenn man explizit über https geht, funzt alles.

Jawoll.... dann geht es eben ohne den Proxy direkt durch!
Vermutlich (aber danachch hast du auch geschaut?) wieder mit den "1000 Werberückmeldungen"!
[Nein - habe mir diese Seite nicht extra angetan, kanne sowas ähnliches aber von anderen Seiten, wo der Webserver "ewig" auf Werberückmeldungen wartet...]. Steht dann im Log...
Und - Clamav kann eh keinen verschlüsselten Context sinnvoll scannen...

Fred

armageddon
Posts: 19
Contact:

Re: Clamav Probleme

Postby armageddon » May 15th, 2017, 6:32 am

Und - Clamav kann eh keinen verschlüsselten Context sinnvoll scannen...


Hier schon. viewtopic.php?f=17&t=18667

Code: Select all

1494837712.868   1947 192.168.1.65 TCP_MISS/200 9607 GET https://lp.hm.com/hmprod?set=key[source],value[/model/2017/E00%200478674%20025%2074%203029.jpg]&set=key[rotate],value[]&set=key[width],value[]&set=key[height],value[]&set=key[x],value[]&set=key[y],value[]&set=key[type],value[STILL_LIFE_FRONT]&set=key[hmver],value[1]&set=key[quality],value[80]&set=key[size],value[346x405]&call=url[file:/mobile/v2/product] - ORIGINAL_DST/104.86.37.233 image/jpeg
1494837712.909      8 192.168.1.65 TCP_HIT/200 6842 GET https://s1-cdn.hm.com/global/hm-pattern-lib/5.11.4/images/favicon.ico - HIER_NONE/- image/x-icon
1494837713.567    597 192.168.1.65 TAG_NONE/200 0 CONNECT 54.229.75.228:443 - ORIGINAL_DST/54.229.75.228 -
1494837713.577    609 192.168.1.65 TAG_NONE/200 0 CONNECT 54.229.75.228:443 - ORIGINAL_DST/54.229.75.228 -
1494837713.947  36824 127.0.0.1 TCP_TUNNEL/200 6760 CONNECT commsrv-b.vergic.com:443 - HIER_DIRECT/213.180.75.182 -
1494837713.954    366 192.168.1.65 TCP_HIT/200 3420 GET https://handm.demdex.net/dest5.html?d_nsid=0 - HIER_NONE/- text/html
1494837761.863  58320 127.0.0.1 TCP_TUNNEL/200 6580 CONNECT connect.facebook.net:443 - HIER_DIRECT/31.13.92.14 -
1494837762.049    545 192.168.1.65 TCP_MISS/200 609 GET https://commsrv-b.vergic.com/api/v1/Group/Status/C71E35D6-503B-48C6-80D9-4355BB48B2B4/?json=true&groupId=5D51C88D-E8E8-4B39-B82E-AA9841A04760&groupId=8D0F931D-F234-4DE8-9E5D-F615FD89CCDB - ORIGINAL_DST/213.180.75.180 text/plain
1494837776.109  75951 127.0.0.1 TCP_TUNNEL/200 5702 CONNECT commsrv-b.vergic.com:443 - HIER_DIRECT/213.180.75.182 -
1494837779.329  65672 127.0.0.1 TCP_TUNNEL/200 3593 CONNECT handm.demdex.net:443 - HIER_DIRECT/54.171.4.69 -
1494837815.559    291 192.168.1.65 TCP_MISS/200 18099 GET https://www.hm.com/de/ - ORIGINAL_DST/104.86.55.240 text/html
1494837815.911    301 192.168.1.65 TCP_MEM_HIT/200 59702 GET https://s1-cdn.hm.com/libs/headjs/0.2.12/js/head.min.js - HIER_NONE/- application/x-javascript
1494837815.960     33 192.168.1.65 TCP_MEM_HIT/200 54129 GET https://s1-cdn.hm.com/global/hm-pattern-lib/5.11.4/js/hm.com.min.js - HIER_NONE/- application/x-javascript
1494837815.979      9 192.168.1.65 TCP_MEM_HIT/200 13424 GET https://s1-cdn.hm.com/global/bottomjs/1.4.9/js/bottom.min.js - HIER_NONE/- application/x-javascript
1494837816.011     24 192.168.1.65 TCP_MEM_HIT/200 83202 GET https://s1-cdn.hm.com/hm.com/hm-comp-navigation/2.0.5/js/navigation.min.js - HIER_NONE/- application/x-javascript
1494837816.031      9 192.168.1.65 TCP_MEM_HIT/200 19364 GET https://s1-cdn.hm.com/hm.com/hm-comp-message/1.7.0/js/message.min.js - HIER_NONE/- application/x-javascript
1494837816.391    693 192.168.1.65 TAG_NONE/200 0 CONNECT 104.86.37.233:443 - ORIGINAL_DST/104.86.37.233 -
1494837816.392    663 192.168.1.65 TAG_NONE/200 0 CONNECT 104.86.37.233:443 - ORIGINAL_DST/104.86.37.233 -
1494837816.394    663 192.168.1.65 TAG_NONE/200 0 CONNECT 104.86.37.233:443 - ORIGINAL_DST/104.86.37.233 -
1494837816.394    666 192.168.1.65 TAG_NONE/200 0 CONNECT 104.86.37.233:443 - ORIGINAL_DST/104.86.37.233 -
1494837816.396    634 192.168.1.65 TAG_NONE/200 0 CONNECT 104.86.37.233:443 - ORIGINAL_DST/104.86.37.233 -
1494837816.421      5 192.168.1.65 TCP_MEM_HIT/200 704 GET https://s1-cdn.hm.com/global/hm-fonts/1.25.10/css/icon-fonts.css - HIER_NONE/- text/css
1494837816.435     16 192.168.1.65 TCP_MEM_HIT/200 25044 GET https://s1-cdn.hm.com/hm.com/hm-comp-navigation/2.0.5/css/navigation.min.css - HIER_NONE/- text/css
1494837816.442     10 192.168.1.65 TCP_MEM_HIT/200 1207 GET https://s1-cdn.hm.com/global/hm-fonts/1.25.10/css/fonts_de_de.css - HIER_NONE/- text/css
1494837816.447     12 192.168.1.65 TCP_MEM_HIT/200 15854 GET https://s1-cdn.hm.com/hm.com/hm-comp-message/1.7.0/css/message.min.css - HIER_NONE/- text/css
1494837816.465    803 192.168.1.65 TAG_NONE/200 0 CONNECT 95.101.241.136:443 - ORIGINAL_DST/95.101.241.136 -
1494837816.472    809 192.168.1.65 TAG_NONE/200 0 CONNECT 95.101.241.136:443 - ORIGINAL_DST/95.101.241.136 -
1494837816.481    865 192.168.1.65 TCP_MISS/200 103085 GET https://www.hm.com/etc/designs/product/scripts.0ca43e8bd7ba9a09544a7122ffd8cbc5.js - ORIGINAL_DST/104.86.55.240 application/javascript
1494837816.506    891 192.168.1.65 TCP_MISS/200 149254 GET https://www.hm.com/etc/designs/teaser/scripts.ea49b7dac6be70e3eb4fa664655e332d.js - ORIGINAL_DST/104.86.55.240 application/javascript
1494837816.545     95 192.168.1.65 TCP_MEM_HIT/200 197619 GET https://s1-cdn.hm.com/global/hm-pattern-lib/5.11.4/css/hm.com.min.css - HIER_NONE/- text/css
1494837816.761    259 192.168.1.65 TCP_REFRESH_MODIFIED/200 1963 GET https://cdn.optimizely.com/js/2125530039.js - HIER_DIRECT/192.168.1.110 text/html
1494837817.252    267 192.168.1.65 TCP_MISS/200 4480 GET https://www.hm.com/content/dam/hm/Season%20Entrances%20Mobile/SALE_Tab_Start_EN.jpg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837817.540    624 192.168.1.65 TAG_NONE/200 0 CONNECT 213.180.75.182:443 - ORIGINAL_DST/213.180.75.182 -
1494837817.909    533 192.168.1.65 TCP_MEM_HIT/200 45982 GET https://tags.tiqcdn.com/utag/hm/de/prod/utag.js - HIER_NONE/- application/x-javascript
1494837818.041    696 192.168.1.65 TCP_MISS/200 2917 GET https://api.hm.com/v2/de/de/products/fetchDAWithFallback?articleCodes=67663-C,67413-A,68669-B,69419-B&deviceType=DESKTOP&categories=ladies/new,ladies/new,ladies/new,ladies/new - ORIGINAL_DST/104.86.55.240 application/json
1494837818.432   1457 192.168.1.65 TCP_MISS/200 112081 GET https://www.hm.com/content/dam/hm/Season%20Entrances%20Mobile/1137_Season5_MEN.jpg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837818.678    185 192.168.1.65 TCP_MEM_HIT/200 1999 GET https://lp.hm.com/hmprod?set=source[/fabric/2017/679AF5EA-20D4-40EC-ACF6-91E2CCF061C9.jpg]&call=url[file:/mobile/v1/fabric/sprite] - HIER_NONE/- image/png
1494837818.678    188 192.168.1.65 TCP_MEM_HIT/200 1630 GET https://lp.hm.com/hmprod?set=source[/fabric/2017/A356E07F-30BE-4282-8995-885F75A37CFA.jpg]&call=url[file:/mobile/v1/fabric/sprite] - HIER_NONE/- image/png
1494837818.708   1289 192.168.1.65 TAG_NONE/200 0 CONNECT 104.86.55.240:443 - ORIGINAL_DST/104.86.55.240 -
1494837818.745    777 192.168.1.65 TCP_MEM_HIT/200 6055 GET https://tags.tiqcdn.com/utag/hm/de/prod/utag.1310.js?utv=201705081240 - HIER_NONE/- text/javascript
1494837818.748    258 192.168.1.65 TCP_MEM_HIT/200 16517 GET https://lp.hm.com/hmprod?set=key[source],value[/model/2017/E00%200487702%20001%2015%202839.jpg]&set=key[rotate],value[]&set=key[width],value[]&set=key[height],value[]&set=key[x],value[]&set=key[y],value[]&set=key[type],value[STILL_LIFE_FRONT]&set=key[hmver],value[1]&set=key[quality],value[80]&set=key[size],value[346x405]&call=url[file:/mobile/v2/product] - HIER_NONE/- image/jpeg
1494837818.751    265 192.168.1.65 TCP_MEM_HIT/200 14935 GET https://lp.hm.com/hmprod?set=key[source],value[/model/2017/E00%200490217%20005%2062%203252.jpg]&set=key[rotate],value[]&set=key[width],value[]&set=key[height],value[]&set=key[x],value[]&set=key[y],value[]&set=key[type],value[STILL_LIFE_FRONT]&set=key[hmver],value[3]&set=key[quality],value[80]&set=key[size],value[346x405]&call=url[file:/mobile/v2/product] - HIER_NONE/- image/jpeg
1494837818.837   1274 192.168.1.65 TCP_MISS/200 82762 GET https://hm-content.vergic.com/9815BE97-340C-4510-8280-38558217092F/engage.js - ORIGINAL_DST/213.180.75.182 application/javascript
1494837818.862    174 192.168.1.65 TCP_MEM_HIT/200 1636 GET https://lp.hm.com/hmprod?set=source[/fabric/2017/F06CF39A-C89E-4AA8-B371-3DBAA6994B93.jpg]&call=url[file:/mobile/v1/fabric/sprite] - HIER_NONE/- image/png
1494837818.880    187 192.168.1.65 TCP_MEM_HIT/200 15840 GET https://lp.hm.com/hmprod?set=key[source],value[/model/2017/E00%200516950%20002%2069%203249.jpg]&set=key[rotate],value[]&set=key[width],value[]&set=key[height],value[]&set=key[x],value[]&set=key[y],value[]&set=key[type],value[STILL_LIFE_FRONT]&set=key[hmver],value[1]&set=key[quality],value[80]&set=key[size],value[346x405]&call=url[file:/mobile/v2/product] - HIER_NONE/- image/jpeg
1494837818.882    892 192.168.1.65 TAG_NONE/200 0 CONNECT 95.100.181.71:443 - ORIGINAL_DST/95.100.181.71 -
1494837818.911    148 192.168.1.65 TCP_MEM_HIT/200 2181 GET https://lp.hm.com/hmprod?set=source[/fabric/2017/2933349A-2BF7-432B-8853-2F6952683D5B.jpg]&call=url[file:/mobile/v1/fabric/sprite] - HIER_NONE/- image/png
1494837819.002   1586 192.168.1.65 TAG_NONE/200 0 CONNECT 104.86.55.240:443 - ORIGINAL_DST/104.86.55.240 -
1494837819.035    135 192.168.1.65 TCP_MEM_HIT/200 3640 GET https://tags.tiqcdn.com/utag/hm/de/prod/utag.1322.js?utv=201705020719 - HIER_NONE/- text/javascript
1494837819.090   1669 192.168.1.65 TAG_NONE/200 0 CONNECT 104.86.55.240:443 - ORIGINAL_DST/104.86.55.240 -
1494837819.099    601 192.168.1.65 TAG_NONE/200 0 CONNECT 104.86.37.233:443 - ORIGINAL_DST/104.86.37.233 -
1494837819.170    679 192.168.1.65 TCP_MEM_HIT/200 10708 GET https://lp.hm.com/hmprod?set=key[source],value[/model/2017/E00%200497821%20004%2089%203134.jpg]&set=key[rotate],value[]&set=key[width],value[]&set=key[height],value[]&set=key[x],value[]&set=key[y],value[]&set=key[type],value[STILL_LIFE_FRONT]&set=key[hmver],value[1]&set=key[quality],value[80]&set=key[size],value[346x405]&call=url[file:/mobile/v2/product] - HIER_NONE/- image/jpeg
1494837819.236    118 192.168.1.65 TCP_MEM_HIT/200 1868 GET https://lp.hm.com/hmprod?set=source[/fabric/2017/E7F56862-1DC5-4B1B-8E2B-B7545F9CCA24.jpg]&call=url[file:/mobile/v1/fabric/sprite] - HIER_NONE/- image/png
1494837819.346   2390 192.168.1.65 TCP_MISS/200 40653 GET https://www.hm.com/content/dam/hm/TOOLBOX/PRE_SEASON/2016_04/S170_W37_7NA_CD_Banner.jpg/_jcr_content/renditions/cq5dam.web.2000.2000.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837819.355   2382 192.168.1.65 TCP_MISS/200 151099 GET https://www.hm.com/content/dam/hm/Season%20Entrances%20Mobile/1137_Season5_LADIES.jpg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837819.371    134 192.168.1.65 TCP_MEM_HIT/200 10155 GET https://connect.facebook.net/en_US/fbevents.js - HIER_NONE/- application/x-javascript
1494837819.529   1541 192.168.1.65 TAG_NONE/200 0 CONNECT 95.100.181.71:443 - ORIGINAL_DST/95.100.181.71 -
1494837819.553   1564 192.168.1.65 TAG_NONE/200 0 CONNECT 95.100.181.71:443 - ORIGINAL_DST/95.100.181.71 -
1494837819.669    641 192.168.1.65 TCP_MISS/200 855 GET https://commsrv-b.vergic.com/api/v1/session/bucket/visitor?json=true&sessionId=c4cedc9b-8e04-47ea-952c-a05181c759ef%2BFnfXG29MPd74d9cdXZu6tLa9yAORPgULTxFDSCaKv4%3D - ORIGINAL_DST/213.180.75.180 text/plain
1494837820.050    495 192.168.1.65 TCP_MEM_HIT/200 6051 GET https://tags.tiqcdn.com/utag/hm/de/prod/utag.1312.js?utv=201705081240 - HIER_NONE/- text/javascript
1494837820.053   3078 192.168.1.65 TCP_MISS/200 191325 GET https://www.hm.com/content/dam/hm/Season%20Entrances%20Mobile/1137_Season5_KIDS.jpg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837820.097    523 192.168.1.65 TCP_MEM_HIT/200 20956 GET https://tags.tiqcdn.com/utag/hm/de/prod/utag.1314.js?utv=201705081240 - HIER_NONE/- text/javascript
1494837820.130   2135 192.168.1.65 TAG_NONE/200 0 CONNECT 95.100.181.71:443 - ORIGINAL_DST/95.100.181.71 -
1494837820.150      5 192.168.1.65 TCP_MEM_HIT/200 368 GET https://hm.d3.sc.omtrdc.net/b/ss/hmglobal/10/JS-1.8.0/s09635451719315?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=15%2F4%2F2017%2010%3A43%3A40%201%20-120&d.&nsid=0&jsonv=1&.d&sdid=356DC9A4DC35B318-176EE2BB6F22D639&mid=79327503987192485314387804902901992258&aamlh=6&ce=UTF-8&ns=hm&pageName=Start&g=https%3A%2F%2Fwww.hm.com%2Fde%2F&cc=USD&events=event1&aamb=hmk_Lq6TPIBMW925SPhw3Q&c1=DE&v1=DE&c2=Web%7CDE&v2=D%3Dc2&c3=DESKTOP&v3=D%3Dc3&c4=JOSHUA&v4=JOSHUA&c11=D%3Dg&v11=Start&c12=START&v12=START&c18=10%3A43%20AM%7CMonday&v18=D%3Dc18&c19=2017-05-15&v19=D%3Dc19&s=1280x1024&c=24&j=1.8.5&v=N&k=Y&bw=1280&bh=841&AQE=1 - HIER_NONE/- image/gif
1494837820.302   1272 192.168.1.65 TCP_MISS/200 4973 GET https://api.hm.com/v2/de/de/search/guide?https-mode=true - ORIGINAL_DST/104.86.55.240 application/json
1494837820.357   2366 192.168.1.65 TAG_NONE/200 0 CONNECT 95.100.181.71:443 - ORIGINAL_DST/95.100.181.71 -
1494837820.393   3045 192.168.1.65 TCP_MISS/200 3199 GET https://api.hm.com/v2/de/de/products/fetchDA?productNumbers=66550-B,66722-A,66660-C,67593-A&deviceType=DESKTOP&concealSoldOut=true - ORIGINAL_DST/104.86.55.240 application/json
1494837820.444   1709 192.168.1.65 TCP_MISS/200 9473 GET https://api.hm.com/v2/de/de/navigation?deviceType=desktop&https-mode=true - ORIGINAL_DST/104.86.55.240 application/json
1494837820.503      5 192.168.1.65 TCP_MEM_HIT/200 2155 GET https://s1-cdn.hm.com/hm.com/ecom-image-static/1.67.0-5/desktop/logotype.png - HIER_NONE/- image/png
1494837820.827   1906 192.168.1.65 TAG_NONE/200 0 CONNECT 172.217.16.174:443 - ORIGINAL_DST/172.217.16.174 -
1494837821.420   1426 192.168.1.65 TAG_NONE/200 0 CONNECT 213.180.75.180:443 - ORIGINAL_DST/213.180.75.180 -
1494837821.440   1057 192.168.1.65 TCP_MEM_HIT/200 1845 GET https://tags.tiqcdn.com/utag/hm/de/prod/utag.1327.js?utv=201705020719 - HIER_NONE/- text/javascript
1494837821.440   2068 127.0.0.1 TCP_TUNNEL/200 3627 CONNECT www.hm.com:443 - HIER_DIRECT/104.86.55.240 -
1494837821.447   2044 127.0.0.1 TCP_TUNNEL/200 3522 CONNECT connect.facebook.net:443 - HIER_DIRECT/185.60.216.19 -
1494837821.548   1026 192.168.1.65 TCP_MEM_HIT/200 1441 GET https://lp.hm.com/hmprod?set=source[/fabric/2016/AA62804C-F1EF-4C1B-B3B6-8613C7F29B56.jpg]&call=url[file:/mobile/v1/fabric/sprite] - HIER_NONE/- image/png
1494837821.548   1026 192.168.1.65 TCP_MEM_HIT/200 2509 GET https://lp.hm.com/hmprod?set=source[/fabric/2015/30B3A9CC-DBEF-4F8C-A6D3-B9B0B10EDC05.jpg]&call=url[file:/mobile/v1/fabric/sprite] - HIER_NONE/- image/png
1494837821.558   1864 192.168.1.65 TAG_NONE/200 0 CONNECT 213.180.75.180:443 - ORIGINAL_DST/213.180.75.180 -
1494837821.562   4303 192.168.1.65 TCP_MISS/200 163895 GET https://www.hm.com/content/dam/hm/Season%20Entrances%20Mobile/JOSHUA-Mobile-Magazine-Entrance-Image-2017.jpg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837821.562   1040 192.168.1.65 TCP_MEM_HIT/200 14578 GET https://lp.hm.com/hmprod?set=key[source],value[/environment/2017/8MZ_0114_005R.jpg]&set=key[rotate],value[0]&set=key[width],value[4100]&set=key[height],value[4795]&set=key[x],value[0]&set=key[y],value[-1]&set=key[type],value[FASHION_FRONT]&set=key[hmver],value[0]&set=key[quality],value[80]&set=key[size],value[346x405]&call=url[file:/mobile/v2/product] - HIER_NONE/- image/jpeg
1494837821.566   1044 192.168.1.65 TCP_MEM_HIT/200 19660 GET https://lp.hm.com/hmprod?set=key[source],value[/environment/2016/8AZ_0200_002R.jpg]&set=key[rotate],value[0.15]&set=key[width],value[3863]&set=key[height],value[4517]&set=key[x],value[653]&set=key[y],value[74]&set=key[type],value[FASHION_FRONT]&set=key[hmver],value[0]&set=key[quality],value[80]&set=key[size],value[346x405]&call=url[file:/mobile/v2/product] - HIER_NONE/- image/jpeg
1494837821.572   2203 192.168.1.65 TCP_MISS/200 130547 GET https://www.hm.com/content/dam/hm/TOOLBOX/IN_SEASON/2017_05/w16/0448262019_MEN_TOP_CEUM%20045-s5_LB_3x2.jpg/_jcr_content/renditions/cq5dam.web.2000.2000.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837821.574   1052 192.168.1.65 TCP_MEM_HIT/200 22329 GET https://lp.hm.com/hmprod?set=key[source],value[/environment/2016/8IZ_0019_020R.jpg]&set=key[rotate],value[0.05]&set=key[width],value[2354]&set=key[height],value[2752]&set=key[x],value[1502]&set=key[y],value[220]&set=key[type],value[FASHION_FRONT]&set=key[hmver],value[0]&set=key[quality],value[80]&set=key[size],value[346x405]&call=url[file:/mobile/v2/product] - HIER_NONE/- image/jpeg
1494837821.585   4606 192.168.1.65 TCP_MISS/200 250774 GET https://www.hm.com/content/dam/hm/Season%20Entrances%20Mobile/1137_Season_Choose_Department_960x330_Home.jpg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837821.585     99 192.168.1.65 TCP_DENIED/403 3801 GET https://www.google-analytics.com/analytics.js - HIER_NONE/- text/html
1494837821.597   1497 192.168.1.65 TCP_MISS/200 91038 GET https://www.hm.com/content/dam/hm/TOOLBOX/IN_SEASON/2017_05/w16/0448262019_MEN_TOP_CEUM%20045-s5_LB_2x3_CROP1.jpg/_jcr_content/renditions/cq5dam.web.2000.2000.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837822.361   1445 192.168.1.65 TCP_MEM_HIT/200 2155 GET https://s1-cdn.hm.com/hm.com/hm-comp-navigation/2.0.5/images/hm-logo-desktop.png - HIER_NONE/- image/png
1494837822.374    902 192.168.1.65 TCP_DENIED/403 4227 GET https://bat.bing.com/bat.js - HIER_NONE/- text/html
1494837822.374   2689 192.168.1.65 TCP_MISS/200 609 GET https://commsrv-b.vergic.com/api/v1/Group/Status/?json=true&sessionId=c4cedc9b-8e04-47ea-952c-a05181c759ef%2BFnfXG29MPd74d9cdXZu6tLa9yAORPgULTxFDSCaKv4%3D&groupId=5D51C88D-E8E8-4B39-B82E-AA9841A04760&groupId=8D0F931D-F234-4DE8-9E5D-F615FD89CCDB - ORIGINAL_DST/213.180.75.180 text/plain
1494837822.374    848 192.168.1.65 TCP_MISS/200 507 POST https://commsrv-b.vergic.com/api/v1/batch/?json=true&sessionId=c4cedc9b-8e04-47ea-952c-a05181c759ef%2BFnfXG29MPd74d9cdXZu6tLa9yAORPgULTxFDSCaKv4%3D - ORIGINAL_DST/213.180.75.180 text/plain
1494837822.391    825 192.168.1.65 TCP_MEM_HIT/200 5115 GET https://lp.hm.com/hmprod?set=source[/fabric/2016/C4FF6CA6-B5BE-4A9C-A342-3B500B5F5C93.jpg]&call=url[file:/mobile/v1/fabric/sprite] - HIER_NONE/- image/png
1494837822.391    825 192.168.1.65 TCP_MEM_HIT/200 1656 GET https://lp.hm.com/hmprod?set=source[/fabric/2017/7225B418-4152-47EB-8DAB-D2E5809CFBA3.jpg]&call=url[file:/mobile/v1/fabric/sprite] - HIER_NONE/- image/png
1494837822.398   1484 192.168.1.65 TCP_MEM_HIT/200 16716 GET https://s1-cdn.hm.com/hm.com/hm-comp-navigation/2.0.5/images/hm-desktop-nav-shoppingbag.png - HIER_NONE/- image/png
1494837822.398      7 192.168.1.65 TCP_DENIED/403 4263 GET https://bat.bing.com/bat.js - HIER_NONE/- text/html
1494837822.440   3520 192.168.1.65 TAG_NONE/200 0 CONNECT 172.217.16.174:443 - ORIGINAL_DST/172.217.16.174 -
1494837822.447    843 192.168.1.65 TCP_MEM_HIT/200 4832 GET https://lp.hm.com/hmprod?set=source[/fabric/2017/1B360355-BA74-4AD4-A5BC-0F097C6846B8.jpg]&call=url[file:/mobile/v1/fabric/sprite] - HIER_NONE/- image/png
1494837822.506    875 192.168.1.65 TCP_MEM_HIT/200 5292 GET https://lp.hm.com/hmprod?set=source[/fabric/2017/76B0B7F6-89E5-4BB9-B446-8F07C870D5B5.jpg]&call=url[file:/mobile/v1/fabric/sprite] - HIER_NONE/- image/png
1494837822.509    915 192.168.1.65 TCP_MEM_HIT/200 19218 GET https://lp.hm.com/hmprod?set=key[source],value[/environment/2017/8TZ_0363_012R.jpg]&set=key[rotate],value[0]&set=key[width],value[3846]&set=key[height],value[4498]&set=key[x],value[0]&set=key[y],value[-1]&set=key[type],value[FASHION_FRONT]&set=key[hmver],value[0]&set=key[quality],value[80]&set=key[size],value[346x405]&call=url[file:/mobile/v2/product] - HIER_NONE/- image/jpeg
1494837822.528    897 192.168.1.65 TCP_MISS/200 507 POST https://commsrv-b.vergic.com/api/v1/batch/?json=true&sessionId=c4cedc9b-8e04-47ea-952c-a05181c759ef%2BFnfXG29MPd74d9cdXZu6tLa9yAORPgULTxFDSCaKv4%3D - ORIGINAL_DST/213.180.75.180 text/plain
1494837822.639   2378 192.168.1.65 TAG_NONE/200 0 CONNECT 54.72.182.106:443 - ORIGINAL_DST/54.72.182.106 -
1494837822.686    238 192.168.1.65 TCP_MEM_HIT/200 3796 GET https://lp.hm.com/hmprod?set=source[/fabric/2017/25F8C6F2-1A4E-43B6-BEDA-40D0B9734335.jpg]&call=url[file:/mobile/v1/fabric/sprite] - HIER_NONE/- image/png
1494837822.697    249 192.168.1.65 TCP_MEM_HIT/200 4140 GET https://lp.hm.com/hmprod?set=source[/fabric/2017/EDB3F7C5-4203-49F4-B680-D3B83EAABDAB.jpg]&call=url[file:/mobile/v1/fabric/sprite] - HIER_NONE/- image/png
1494837822.715    211 192.168.1.65 TCP_MEM_HIT/200 9615 GET https://lp.hm.com/hmprod?set=key[source],value[/model/2017/E00%200478674%20025%2074%203029.jpg]&set=key[rotate],value[]&set=key[width],value[]&set=key[height],value[]&set=key[x],value[]&set=key[y],value[]&set=key[type],value[STILL_LIFE_FRONT]&set=key[hmver],value[1]&set=key[quality],value[80]&set=key[size],value[346x405]&call=url[file:/mobile/v2/product] - HIER_NONE/- image/jpeg
1494837822.742    215 192.168.1.65 TCP_MEM_HIT/200 1995 GET https://lp.hm.com/hmprod?set=source[/fabric/2017/BE8F3648-5BFA-43E5-9735-5545C72ACD88.jpg]&call=url[file:/mobile/v1/fabric/sprite] - HIER_NONE/- image/png
1494837822.742    218 192.168.1.65 TCP_MEM_HIT/200 3607 GET https://lp.hm.com/hmprod?set=source[/fabric/2017/DD76EF4D-FB9F-4CAB-BEF3-F929503DA6BF.jpg]&call=url[file:/mobile/v1/fabric/sprite] - HIER_NONE/- image/png
1494837822.862    195 192.168.1.65 TCP_DENIED/403 6356 GET https://dpm.demdex.net/id?d_visid_ver=2.0.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=32B2238B555215F50A4C98A4%40AdobeOrg&d_nsid=0&d_mid=79327503987192485314387804902901992258&d_blob=hmk_Lq6TPIBMW925SPhw3Q&ts=1494837820100 - HIER_NONE/- text/html
1494837822.896    196 192.168.1.65 TCP_MEM_HIT/200 1585 GET https://lp.hm.com/hmprod?set=source[/fabric/2017/75C81FFB-7F9A-490E-B358-996E41C974E6.jpg]&call=url[file:/mobile/v1/fabric/sprite] - HIER_NONE/- image/png
1494837822.901    194 192.168.1.65 TCP_MEM_HIT/200 1763 GET https://lp.hm.com/hmprod?set=source[/fabric/2017/12345CA6-99B0-4A61-81A7-301FE7727E44.jpg]&call=url[file:/mobile/v1/fabric/sprite] - HIER_NONE/- image/png
1494837822.957    210 192.168.1.65 TCP_MEM_HIT/200 3567 GET https://lp.hm.com/hmprod?set=source[/fabric/2015/827FEE5A-C04D-4244-AC6F-2C74117DC4C1.jpg]&call=url[file:/mobile/v1/fabric/sprite] - HIER_NONE/- image/png
1494837822.963    211 192.168.1.65 TCP_MEM_HIT/200 5337 GET https://lp.hm.com/hmprod?set=source[/fabric/2016/358066C3-B991-4A8C-96A1-FBF257F33244.jpg]&call=url[file:/mobile/v1/fabric/sprite] - HIER_NONE/- image/png
1494837823.038   3642 192.168.1.65 TCP_MISS/200 994 GET https://connect.facebook.net/signals/config/230562670650431?v=2.7.9 - ORIGINAL_DST/31.13.92.14 application/x-javascript
1494837823.056   4616 192.168.1.65 TCP_MISS/200 380908 GET https://www.hm.com/content/dam/hm/Ladies_S05/8TB/8TB-The-Art-Of-Party-CPD-1.jpg/_jcr_content/renditions/cq5dam.web.2000.2000.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837823.101    199 192.168.1.65 TCP_MEM_HIT/200 1791 GET https://lp.hm.com/hmprod?set=source[/fabric/2016/C9AEBB5F-9CA7-4F9F-8037-879947313ADD.jpg]&call=url[file:/mobile/v1/fabric/sprite] - HIER_NONE/- image/png
1494837823.111    204 192.168.1.65 TCP_MEM_HIT/200 1957 GET https://lp.hm.com/hmprod?set=source[/fabric/2016/1C232598-326F-47B9-8A8F-ED71060281F0.jpg]&call=url[file:/mobile/v1/fabric/sprite] - HIER_NONE/- image/png
1494837823.114    724 192.168.1.65 TAG_NONE/200 0 CONNECT 204.79.197.200:443 - ORIGINAL_DST/204.79.197.200 -
1494837823.149   2628 192.168.1.65 TCP_MEM_HIT/200 1725 GET https://lp.hm.com/hmprod?set=source[/fabric/2016/AD6C48A7-2745-4F65-9AFE-AA525F295690.jpg]&call=url[file:/mobile/v1/fabric/sprite] - HIER_NONE/- image/png
1494837823.166    200 192.168.1.65 TCP_MEM_HIT/200 19435 GET https://lp.hm.com/hmprod?set=key[source],value[/environment/2017/8VO_0095_022R.jpg]&set=key[rotate],value[0]&set=key[width],value[4334]&set=key[height],value[5067]&set=key[x],value[0]&set=key[y],value[-1]&set=key[type],value[FASHION_FRONT]&set=key[hmver],value[0]&set=key[quality],value[80]&set=key[size],value[346x405]&call=url[file:/mobile/v2/product] - HIER_NONE/- image/jpeg
1494837823.173    198 192.168.1.65 TCP_MEM_HIT/200 16406 GET https://lp.hm.com/hmprod?set=key[source],value[/environment/2017/8MZ_0116_019R.jpg]&set=key[rotate],value[0]&set=key[width],value[4141]&set=key[height],value[4841]&set=key[x],value[0]&set=key[y],value[-1]&set=key[type],value[FASHION_FRONT]&set=key[hmver],value[0]&set=key[quality],value[80]&set=key[size],value[346x405]&call=url[file:/mobile/v2/product] - HIER_NONE/- image/jpeg
1494837823.316    645 192.168.1.65 TCP_MISS/200 507 POST https://commsrv-b.vergic.com/api/v1/batch/?json=true&sessionId=c4cedc9b-8e04-47ea-952c-a05181c759ef%2BFnfXG29MPd74d9cdXZu6tLa9yAORPgULTxFDSCaKv4%3D - ORIGINAL_DST/213.180.75.180 text/plain
1494837823.319    213 192.168.1.65 TCP_MEM_HIT/200 4842 GET https://lp.hm.com/hmprod?set=source[/fabric/2017/4BF38D96-B1AC-4D13-9344-AEAA8E220B3D.jpg]&call=url[file:/mobile/v1/fabric/sprite] - HIER_NONE/- image/png
1494837823.458    737 192.168.1.65 TCP_MEM_HIT/200 19479 GET https://lp.hm.com/hmprod?set=key[source],value[/environment/2016/8IZ_0019_005R.jpg]&set=key[rotate],value[-0.2]&set=key[width],value[3746]&set=key[height],value[4380]&set=key[x],value[869]&set=key[y],value[165]&set=key[type],value[FASHION_FRONT]&set=key[hmver],value[0]&set=key[quality],value[80]&set=key[size],value[346x405]&call=url[file:/mobile/v2/product] - HIER_NONE/- image/jpeg
1494837823.882   2275 192.168.1.65 TCP_MISS/200 125726 GET https://www.hm.com/content/dam/hm/TOOLBOX/IN_SEASON/2017_05/w14/0469898001_KIDS_TOP_SEUK49_LBM_2x3_CROP1.jpg/_jcr_content/renditions/cq5dam.web.2000.2000.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837824.113   1674 192.168.1.65 TAG_NONE/200 0 CONNECT 204.79.197.200:443 - ORIGINAL_DST/204.79.197.200 -
1494837824.137      2 192.168.1.65 TCP_DENIED/403 4263 GET https://bat.bing.com/bat.js - HIER_NONE/- text/html
1494837824.277   2686 192.168.1.65 TCP_MISS/200 175071 GET https://www.hm.com/content/dam/hm/TOOLBOX/IN_SEASON/2017_05/w14/0469898001_KIDS_TOP_SEUK49_LBM_3x2.jpg/_jcr_content/renditions/cq5dam.web.2000.2000.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837825.152   1260 192.168.1.65 TCP_MISS/200 127469 GET https://www.hm.com/content/dam/hm/Ladies_S05/8TC/8TC-all-things-white-CPD-1.jpg/_jcr_content/renditions/cq5dam.web.2000.2000.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837825.167   3534 192.168.1.65 TCP_MISS/200 61604 GET https://www.hm.com/content/dam/hm/TOOLBOX/IN_SEASON/2017_05/w16/0355072032_HOME_TOP_CEUL15_s5_LB_2x3_CROP1.jpg/_jcr_content/renditions/cq5dam.web.2000.2000.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837825.445   2197 192.168.1.65 TAG_NONE/200 0 CONNECT 31.13.92.36:443 - ORIGINAL_DST/31.13.92.36 -
1494837825.633   4001 192.168.1.65 TCP_MISS/200 110036 GET https://www.hm.com/content/dam/hm/TOOLBOX/IN_SEASON/2017_05/w16/0355072032_HOME_TOP_CEUL15_s5_LB_3x2.jpg/_jcr_content/renditions/cq5dam.web.2000.2000.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837825.680   2434 192.168.1.65 TAG_NONE/200 0 CONNECT 31.13.92.36:443 - ORIGINAL_DST/31.13.92.36 -
1494837825.812   6453 192.168.1.65 TCP_MISS/200 106531 GET https://www.hm.com/content/dam/hm/TOOLBOX/PRE_SEASON/2016_05/8TD-run-for-it-TB-3x1.jpg/_jcr_content/renditions/cq5dam.web.2000.2000.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837825.861    397 192.168.1.65 TCP_MISS_ABORTED/200 1967 GET https://www.facebook.com/tr/?id=230562670650431&ev=PageView&dl=https%3A%2F%2Fwww.hm.com%2Fde%2F&rl=&if=false&ts=1494837823029&v=2.7.9&a=tmtealium&ec=0&o=4 - HIER_DIRECT/192.168.1.110 text/html
1494837826.594   3526 192.168.1.65 TCP_MISS/200 170745 GET https://www.hm.com/content/dam/hm/Men_S05/8TD/8TD-run-for-it-CPD.jpg/_jcr_content/renditions/cq5dam.web.2000.2000.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837826.638   1479 192.168.1.65 TCP_MISS/200 123168 GET https://www.hm.com/content/dam/hm/Kids_S05/8TG/8TG-Baby-Exlusive-CPD-1-New.jpg/_jcr_content/renditions/cq5dam.web.2000.2000.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837826.648   2361 192.168.1.65 TCP_MISS/200 111436 GET https://www.hm.com/content/dam/hm/Ladies_S05/8TC/8TC-all-things-white-M.jpg/_jcr_content/renditions/cq5dam.web.2000.2000.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837826.830   1009 192.168.1.65 TCP_MISS/200 45369 GET https://www.hm.com/content/dam/hm/TOOLBOX/PRE_SEASON/Loyalty_TB_3x2.jpg/_jcr_content/renditions/cq5dam.web.2000.2000.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837827.105    500 192.168.1.65 TCP_MISS/200 27684 GET https://www.hm.com/content/dam/hm/TOOLBOX/PRE_SEASON/Loyalty_TB_2x3.jpg/_jcr_content/renditions/cq5dam.web.2000.2000.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837827.250   2074 192.168.1.65 TCP_MISS/200 157802 GET https://www.hm.com/content/dam/hm/Kids_S05/8TG/8TG-Baby-Exlusive-M.jpg/_jcr_content/renditions/cq5dam.web.2000.2000.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837828.478   1365 192.168.1.65 TCP_MISS/200 79113 GET https://www.hm.com/content/dam/hm/TOOLBOX/PRE_SEASON/app-download-S5-2x3.jpg/_jcr_content/renditions/cq5dam.web.2000.2000.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837828.938   3298 192.168.1.65 TCP_MISS/200 136711 GET https://www.hm.com/content/dam/hm/Home_S05/8TE/8TE-cushion-crush-CPD.jpg/_jcr_content/renditions/cq5dam.web.2000.2000.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837829.123   2286 192.168.1.65 TCP_MISS/200 139720 GET https://www.hm.com/content/dam/hm/TOOLBOX/PRE_SEASON/app-download-S5-3x2.jpg/_jcr_content/renditions/cq5dam.web.2000.2000.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837829.220   2576 192.168.1.65 TCP_MISS/200 195963 GET https://www.hm.com/content/dam/hm/Ladies_S05/8EB/1107_Garment_Teaser_CPD_2.jpg/_jcr_content/renditions/cq5dam.web.2000.2000.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837829.721   3057 192.168.1.65 TCP_MISS/200 179183 GET https://www.hm.com/content/dam/hm/Ladies_S05/8EB/1107_Garment_M_2.jpg/_jcr_content/renditions/cq5dam.web.2000.2000.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837829.948   2687 192.168.1.65 TCP_MISS/200 148616 GET https://www.hm.com/content/dam/hm/magazine/marta-3-2.jpg/_jcr_content/renditions/cq5dam.web.2000.2000.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837830.675   1543 192.168.1.65 TCP_MISS/200 113624 GET https://www.hm.com/content/dam/life/expert-corner/APRB4-17-TL-experts-glitter_gold_STILL.jpg/_jcr_content/renditions/cq5dam.web.1920.1280.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837830.743   2254 192.168.1.65 TCP_MISS/200 217552 GET https://www.hm.com/content/dam/life/tryout/MAJ-B1-17-TL-tryout-leather.jpg/_jcr_content/renditions/cq5dam.web.1920.1280.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837830.770   1822 192.168.1.65 TCP_MISS/200 162146 GET https://www.hm.com/content/dam/life/editors-picks/MAJB2-17-TLeditors_picks_19.jpg/_jcr_content/renditions/cq5dam.web.1920.1280.jpeg - ORIGINAL_DST/104.86.55.240 image/jpeg
1494837831.021    226 192.168.1.65 TAG_NONE/200 0 CONNECT 54.229.75.228:443 - ORIGINAL_DST/54.229.75.228 -
1494837831.324 131650 127.0.0.1 TCP_TUNNEL/200 49244 CONNECT api.hm.com:443 - HIER_DIRECT/104.86.55.240 -
1494837831.327    285 192.168.1.65 TCP_MEM_HIT/200 3420 GET https://handm.demdex.net/dest5.html?d_nsid=0 - HIER_NONE/- text/html

armageddon
Posts: 19
Contact:

Re: Clamav Probleme

Postby armageddon » May 15th, 2017, 9:36 am

To Roberto Peña

Is with exclussion put in squidclamav.conf?. That is, what happens to the Squidclamav module activated? If you turn it off, does it work? If so, make an exclusion in the Squidclamav.conf file located in /etc/squidclamav.conf.


The magic word is: Feature: Squid-in-the-middle SSL Bump > http://wiki.squid-cache.org/Features/SslBump

fredym
Posts: 138

Re: Clamav Probleme

Postby fredym » May 15th, 2017, 12:27 pm

Hallo,
also ssl wieder abschaffen, weils ja eh nicht wirklich verschlüsselt :)

Du kannst ja in der Mitte entschlüsseln, kriegst es nur sehr unwahrscheinlich wieder mit dem originalen private Key wieder hin. Wenn der Enpunkt (Browser) zu doof ist so was zu merken, gehts ja noch für Dummies.
Original scannen ( = mitlesen) -> davon täumen alle Geheimdienste (und noch paar mehr).
O.K. DU hast die Lösung...bist dann fast steinreich damit geworden ;)
Header (eh unverschlüsslt) lesen ist eh keine Kunst - dafür gibts eigentlich den nicht-transparenten Modus.

Fred

armageddon
Posts: 19
Contact:

Re: Clamav Probleme

Postby armageddon » May 16th, 2017, 11:18 am

Code: Select all

Tue May 16 13:10:31 2017 [23664] DEBUG Received HTTP-HEADER: X-Cache: MISS from Internet
Tue May 16 13:10:31 2017 [23664] DEBUG Received HTTP-HEADER: X-Cache-Lookup: MISS from Internet:800
Tue May 16 13:10:31 2017 [23664] DEBUG Received HTTP-HEADER: Connection: keep-alive
Tue May 16 13:10:31 2017 [23664] DEBUG Received HTTP-HEADER:
Tue May 16 13:10:31 2017 [23664] DEBUG File size is -1.00
Tue May 16 13:10:31 2017 [23664] DEBUG abortcontent (^image\/.*$) matched: image/gif
Tue May 16 13:10:31 2017 [23664] DEBUG No antivir check (ABORTCONTENT match) for content-type: image/gif
Tue May 16 13:10:32 2017 [23664] DEBUG Parsed request: http://www.eicar.org/favicon.ico 192.168.1.65/192.168.1.65 - GET
Tue May 16 13:10:32 2017 [23664] DEBUG abort (^.*\.(ico|gif|png|jpg)$) matched: http://www.eicar.org/favicon.ico
Tue May 16 13:10:32 2017 [23664] DEBUG No antivir check (ABORT match) for url: http://www.eicar.org/favicon.ico
Tue May 16 13:10:44 2017 [23664] DEBUG Parsed request: 213.211.198.58:443 192.168.1.65/192.168.1.65 - CONNECT
Tue May 16 13:10:44 2017 [23664] DEBUG in_buff.method not "GET" (CONNECT)
Tue May 16 13:10:44 2017 [23664] DEBUG method is not GET skipping virus scan.
Tue May 16 13:10:50 2017 [23664] DEBUG Parsed request: 213.211.198.58:443 192.168.1.65/192.168.1.65 - CONNECT
Tue May 16 13:10:50 2017 [23664] DEBUG in_buff.method not "GET" (CONNECT)
Tue May 16 13:10:50 2017 [23664] DEBUG method is not GET skipping virus scan.
Tue May 16 13:10:50 2017 [23664] DEBUG Parsed request: http://analytics.eicar.org/piwik.php?download=https%3A%2F%2Fsecure.eicar.org%2Feicarcom2.zip&idsite=1&rec=1&r=792156&h=13&m=10&s=50&url=http%3A%2F%2Fwww.eicar.org%2F85-0-Download.html&urlref=https%3A%2F%2Fduckduckgo.com%2F&_id=5c8936b597424dea&_idts=1492702810&_idvc=28&_idn=0&_refts=1494932609&_viewts=1494932609&_ref=https%3A%2F%2Fduckduckgo.com%2F&send_image=1&pdf=0&qt=0&realp=0&wma=0&dir=0&fla=1&java=0&gears=0&ag=0&cookie=1&res=1280x1024&gt_ms=150&pv_id=IQbQ2i 192.168.1.65/192.168.1.65 - GET
Tue May 16 13:10:50 2017 [23664] DEBUG Curl will use proxy: http://127.0.0.1:800
Tue May 16 13:10:50 2017 [23664] DEBUG looking for Content-Type of url http://analytics.eicar.org/piwik.php?download=https%3A%2F%2Fsecure.eicar.org%2Feicarcom2.zip&idsite=1&rec=1&r=792156&h=13&m=10&s=50&url=http%3A%2F%2Fwww.eicar.org%2F85-0-Download.html&urlref=https%3A%2F%2Fduckduckgo.com%2F&_id=5c8936b597424dea&_idts=1492702810&_idvc=28&_idn=0&_refts=1494932609&_viewts=1494932609&_ref=https%3A%2F%2Fduckduckgo.com%2F&send_image=1&pdf=0&qt=0&realp=0&wma=0&dir=0&fla=1&java=0&gears=0&ag=0&cookie=1&res=1280x1024&gt_ms=150&pv_id=IQbQ2i
Tue May 16 13:10:50 2017 [23664] DEBUG Received HTTP-HEADER: HTTP/1.1 200 OK
Tue May 16 13:10:50 2017 [23664] DEBUG Received HTTP-HEADER: Date: Tue, 16 May 2017 11:10:50 GMT
Tue May 16 13:10:50 2017 [23664] DEBUG Received HTTP-HEADER: Server: Apache/2.4.10 (Debian)
Tue May 16 13:10:50 2017 [23664] DEBUG Received HTTP-HEADER: Access-Control-Allow-Origin: *
Tue May 16 13:10:50 2017 [23664] DEBUG Received HTTP-HEADER: Access-Control-Allow-Credentials: true
Tue May 16 13:10:50 2017 [23664] DEBUG Received HTTP-HEADER: Content-Type: image/gif
Tue May 16 13:10:50 2017 [23664] DEBUG Received HTTP-HEADER: X-Cache: MISS from Internet
Tue May 16 13:10:50 2017 [23664] DEBUG Received HTTP-HEADER: X-Cache-Lookup: MISS from Internet:800
Tue May 16 13:10:50 2017 [23664] DEBUG Received HTTP-HEADER: Connection: keep-alive
Tue May 16 13:10:50 2017 [23664] DEBUG Received HTTP-HEADER:
Tue May 16 13:10:50 2017 [23664] DEBUG File size is -1.00
Tue May 16 13:10:50 2017 [23664] DEBUG abortcontent (^image\/.*$) matched: image/gif
Tue May 16 13:10:50 2017 [23664] DEBUG No antivir check (ABORTCONTENT match) for content-type: image/gif
Tue May 16 13:10:51 2017 [23664] DEBUG Parsed request: https://secure.eicar.org/eicarcom2.zip 192.168.1.65/192.168.1.65 - GET
Tue May 16 13:10:51 2017 [23664] DEBUG Curl will use proxy: http://127.0.0.1:800
Tue May 16 13:10:51 2017 [23664] DEBUG looking for Content-Type of url https://secure.eicar.org/eicarcom2.zip
Tue May 16 13:10:51 2017 [23664] DEBUG Received HTTP-HEADER: HTTP/1.1 200 Connection established

 11:10:50 GMT
Server: Apache/2.4.10 (Debian)
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Type: image/gif
X-Cache: MISS from Internet
X-Cache-Lookup: MISS from Internet:800
Connection: keep-alive

Tue May 16 13:10:51 2017 [23664] DEBUG Received HTTP-HEADER:
 11:10:50 GMT
Server: Apache/2.4.10 (Debian)
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Type: image/gif
X-Cache: MISS from Internet
X-Cache-Lookup: MISS from Internet:800
Connection: keep-alive

Tue May 16 13:10:51 2017 [23664] DEBUG Received HTTP-HEADER: HTTP/1.1 200 OK
Tue May 16 13:10:51 2017 [23664] DEBUG Received HTTP-HEADER: Date: Tue, 16 May 2017 11:10:51 GMT
Tue May 16 13:10:51 2017 [23664] DEBUG Received HTTP-HEADER: Server: Apache/2.4.10 (Debian)
Tue May 16 13:10:51 2017 [23664] DEBUG Received HTTP-HEADER: Content-disposition: attachment; filename="eicarcom2.zip"
Tue May 16 13:10:51 2017 [23664] DEBUG Received HTTP-HEADER: Cache-control: private
Tue May 16 13:10:51 2017 [23664] DEBUG Received HTTP-HEADER: Content-length: 308
Tue May 16 13:10:51 2017 [23664] DEBUG Received HTTP-HEADER: Content-Type: application/octet-stream
Tue May 16 13:10:51 2017 [23664] DEBUG Received HTTP-HEADER:
Tue May 16 13:10:51 2017 [23664] DEBUG File size is 308.00
Tue May 16 13:10:51 2017 [23664] DEBUG Content-Type: application/octet-stream will be scanned
Tue May 16 13:10:51 2017 [23664] DEBUG Sending zINSTREAM to clamd socket.
Tue May 16 13:10:51 2017 [23664] DEBUG Received HTTP-HEADER: HTTP/1.1 200 OK
Tue May 16 13:10:51 2017 [23664] DEBUG Received HTTP-HEADER: Date: Tue, 16 May 2017 11:10:51 GMT
Tue May 16 13:10:51 2017 [23664] DEBUG Received HTTP-HEADER: Server: Apache/2.4.10 (Debian)
Tue May 16 13:10:51 2017 [23664] DEBUG Received HTTP-HEADER: Content-disposition: attachment; filename="eicarcom2.zip"
Tue May 16 13:10:51 2017 [23664] DEBUG Received HTTP-HEADER: Cache-control: private
Tue May 16 13:10:51 2017 [23664] DEBUG Received HTTP-HEADER: Content-length: 308
Tue May 16 13:10:51 2017 [23664] DEBUG Received HTTP-HEADER: Content-Type: application/octet-stream
Tue May 16 13:10:51 2017 [23664] DEBUG Received HTTP-HEADER:
Tue May 16 13:10:51 2017 [23664] DEBUG Sending data to clamd, 308/8192
Tue May 16 13:10:51 2017 [23664] DEBUG Writing chunk size as 872480768
Tue May 16 13:10:51 2017 [23664] DEBUG Write 312 bytes on 308 to socket
Tue May 16 13:10:51 2017 [23664] DEBUG Reading clamd scan result.
Tue May 16 13:10:51 2017 [23664] DEBUG received from Clamd: stream: Eicar-Test-Signature FOUND
Tue May 16 13:10:51 2017 [23664] LOG Redirecting URL to: http://127.0.0.1:81/clwarn.cgi?url=https://secure.eicar.org/eicarcom2.zip&source=192.168.1.65/192.168.1.65&user=-&virus=stream:+Eicar-Test-Signature+FOUND
Tue May 16 13:10:51 2017 [23664] DEBUG Virus found, trying to purge Squid Cache.
Tue May 16 13:10:51 2017 [23664] DEBUG Purge squid answer: 404
Tue May 16 13:10:51 2017 [23664] Squid Cache purged of url https://secure.eicar.org/eicarcom2.zip.
Tue May 16 13:10:51 2017 [23664] DEBUG Virus found, redirection sent to Squid.
Tue May 16 13:10:51 2017 [23664] DEBUG End reading clamd scan result.


Return to “Addons allgemein”



Who is online

Users browsing this forum: No registered users and 1 guest