Package: squid3
Version: 3.4.8-6
Severity: important
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate
***
* What led up to the situation?
> Squid works correctly without c-icap.
> I installed c-icap server and I add to squid.conf the following
lines :
>
> icap_enable on
> icap_service service_avi_req reqmod_precache
icap://localhost:1344/virus_scan bypass=off
> icap_service service_avi_resp respmod_precache
icap://localhost:1344/virus_scan bypass=on
> adaptation_access service_avi_req allow all
> adaptation_access service_avi_resp allow all
* What exactly did you do (or not do) that was effective (or
ineffective)?
> c-icap server is up and running
>
> ● c-icap.service - LSB: c-icap Server
> Loaded: loaded (/etc/init.d/c-icap)
> Active: active (running) since Tue 2015-05-26 08:03:58 CEST;
34min ago
> CGroup: /system.slice/c-icap.service
> ├─591 /usr/bin/c-icap
> ├─593 /usr/bin/c-icap
> ├─594 /usr/bin/c-icap
> └─595 /usr/bin/c-icap
>
> c-icap listen on 1344
>
> netstat -nap | grep -i "c-icap"
> tcp 0 0 0.0.0.0:1344 0.0.0.0:*
LISTEN 591/c-icap
>
> c-icap seems to work fine
>
> c-icap-client -f /bin/ls -s
"srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple"
> ICAP server:localhost, ip:127.0.0.1, port:1344
>
> No modification needed (Allow 204 response)
* What was the outcome of this action?
> "squid3 -k parse" output :
> 2015/05/26 08:21:14| Processing: icap_enable on
> 2015/05/26 08:21:14| Processing: icap_service service_avi_req
reqmod_precache icap://localhost:1344/virus_scan bypass=off
> 2015/05/26 08:21:14| Processing: icap_service service_avi_resp
respmod_precache icap://localhost:1344/virus_scan bypass=on
> 2015/05/26 08:21:14| Processing: adaptation_access service_avi_req
allow all
> 2015/05/26 08:21:14| Processing: adaptation_access service_avi_resp
allow all
> Aborted
>
> "/var/log/squid3/cache.log" output :
> 2015/05/26 08:14:09 kid1| Squid Cache (Version 3.4.8): Exiting
normally.
> 2015/05/26 08:14:09 kid1| assertion failed: mem.cc:282: "size ==
StrPoolsAttrs[i].obj_size"
> 2015/05/26 08:14:09| assertion failed: mem.cc:282: "size ==
StrPoolsAttrs[i].obj_size"
> 2015/05/26 08:21:14| assertion failed: mem.cc:282: "size ==
StrPoolsAttrs[i].obj_size"
* What outcome did you expect instead?
*** End of the template - remove these template lines ***
-- System Information:
Debian Release: 8.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages squid3 depends on:
ii adduser 3.113+nmu3
ii libc6 2.19-18
ii libcap2 1:2.24-8
ii libcomerr2 1.42.12-1.1
ii libdb5.3 5.3.28-9
ii libecap2 0.2.0-3
ii libexpat1 2.1.0-6+b3
ii libgcc1 1:4.9.2-10
ii libgssapi-krb5-2 1.12.1+dfsg-19
ii libk5crypto3 1.12.1+dfsg-19
ii libkrb5-3 1.12.1+dfsg-19
ii libldap-2.4-2 2.4.40+dfsg-1
ii libltdl7 2.4.2-1.11
ii libnetfilter-conntrack3 1.0.4-1
ii libnettle4 2.7.1-5
ii libpam0g 1.1.8-3.1
ii libsasl2-2 2.1.26.dfsg1-13
ii libstdc++6 4.9.2-10
ii libxml2 2.9.1+dfsg1-5
ii logrotate 3.8.7-1+b1
ii lsb-base 4.1+Debian13+nmu1
ii netbase 5.3
ii squid3-common 3.4.8-6
squid3 recommends no packages.
Versions of packages squid3 suggests:
pn resolvconf <none>
pn smbclient <none>
pn squid-cgi <none>
ii squid-purge 3.4.8-6
ii squidclient 3.4.8-6
pn ufw <none>
pn winbindd <none>
-- Configuration Files:
/etc/squid3/squid.conf changed:
pid_filename /var/run/squid3.pid
http_port 3128
icp_port 0
snmp_port 3401
ftp_user anonymous@anonymous.anonymous
icon_directory /usr/share/squid3/icons
mime_table /usr/share/squid3/mime.conf
coredump_dir /var/spool/squid3
cache_effective_user proxy
cache_dir ufs /var/spool/squid3 1024 16 256
cache_mem 256 MB
cache_mgr c...@pasubiogroup.it
hierarchy_stoplist cgi-bin ?
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
logformat customFormat %ts.%03tu %tg | %un %>A %>a | %la %lp %Sh/%<A %Ss |
%{Host}>h | %rm %ru %rv %mt %03>Hs %{Referer}>h | %<st %>st %st | %tr %dt |
"%{User-Agent}>h" "%{Server}<h"
access_log /var/log/squid3/access.log customFormat
cache_log /var/log/squid3/cache.log
cache_store_log none
icap_log none
debug_options ALL,1
log_icp_queries off
log_mime_hdrs off
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 15 startup=5 idle=1
auth_param ntlm keep_alive on
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5 startup=5 idle=1
auth_param basic realm SGCProxy Server
auth_param basic credentialsttl 2 hours
acl auth proxy_auth REQUIRED
external_acl_type ad-group children-max=15 children-startup=5
children-idle=1 %LOGIN /usr/lib/squid3/ext_wbinfo_group_acl
acl allow-group external ad-group InternetEnabled
acl snmp-community snmp_community Arag0rn!
acl snmp-server srcdomain pgmonitor01.retegas.it
acl safe-ports port 21 # ftp
acl safe-ports port 22 # ssh
acl safe-ports port 70 # gopher
acl safe-ports port 80 # http
acl safe-ports port 210 # wais
acl safe-ports port 280 # http-mgmt
acl safe-ports port 443 444 4443 # https
acl safe-ports port 488 # gss-http
acl safe-ports port 591 # filemaker
acl safe-ports port 777 # multiling http
acl safe-ports port 1025-65535 # unregistered ports
acl safe-ports port 81 # http
acl ssl-ports port 443 444 22 8443 4443
acl FTP proto FTP
acl HTTP proto HTTP
acl purge method PURGE
acl Messenger req_mime_type application/x-msn-messenger
acl java_jvm browser Java/1.4 Java/1.5 Java/1.6 Java/5.0
acl CONNECT method CONNECT
acl loopback src 127.0.0.0/8
acl to-loopback dst 127.0.0.0/8
acl local-nets src 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
acl local-nets-auth src 172.23.30.0/24 172.23.39.106
acl to-servicedomain dstdomain .update.microsoft.com .
download.windowsupdate.com .download.microsoft.com
acl to-servicedomain dstdomain .url.trendmicro.com .
activeupdate.trendmicro.com .akamai.net ftp.nai.com
acl to-servicedomain dstdomain .sophosupd.com .sophosxl.net
acl to-servicedomain dstdomain liveupdate.symantec.com
liveupdate.symantecliveupdate.com
acl to-servicedomain dstdomain .tile.openstreetmap.org .virtualearth.net .
dataentrygas.ccse.cc .sistri.it .dropbox.com
acl to-servicedomain dstdomain packages.linuxmint.com extra.linuxmint.com
archive.ubuntu.com security.ubuntu.com archive.canonical.com
cinnamon-spices.linuxmint.com ppa.launchpad.net archive.getdeb.net
acl to-servicedomain dstdomain .ol3js.org .snamretegas.it
acl to-serviceurl url_regex ^http://go.microsoft.com/fwlink/?LinkID=4723$ ^
https://SLS.microsoft.com/$ ^https://SLS.microsoft.com:443$ ^
http://CRL.microsoft.com/PKI/CRL/Products/MicrosoftRootAuthority.CRL$ ^
http://CRL.microsoft.com/PKI/CRL/Products/MicrosoftProductSecureCommunications.CRL$
^
http://www.microsoft.com/PKI/CRL/Products/MicrosoftProductSecureCommunications.CRL$
^http://CRL.microsoft.com/PKI/CRL/Products/MicrosoftProductSecureServer.CRL$
^http://www.microsoft.com/PKI/CRL/Products/MicrosoftProductSecureServer.CRL$
^https://Activation.SLS.microsoft.com$
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access allow loopback
http_access allow to-loopback
http_access deny !local-nets
http_access allow to-servicedomain
http_access allow to-serviceurl
http_access allow FTP
http_access deny !safe-ports
http_access deny CONNECT !ssl-ports
http_access deny Messenger
http_access allow java_jvm
http_access allow local-nets-auth auth
http_access allow local-nets
http_access deny all
snmp_access allow snmp-community snmp-server
snmp_access deny all
icp_access deny all
cache deny to-servicedomain
cache deny FTP
cache deny ssl-ports
icap_enable on
icap_service service_avi_req reqmod_precache
icap://localhost:1344/virus_scan bypass=off
icap_service service_avi_resp respmod_precache
icap://localhost:1344/virus_scan bypass=on
adaptation_access service_avi_req allow all
adaptation_access service_avi_resp allow all
-- no debconf information
