Comments (6)
Hello @leezhihui can you please share your config.toml file, please remove API keys from it first, thank you.
from icapeg.
title = "ICAPEG configuration file"
[app]
log_level = "debug" # the log levels for tha app, available values: info-->logging the overall progress of the app, debug --> log everything including errors, error --> log infos and just errors
port = 1344
max_filesize = 10000000 #bytes
resp_scanner_vendor = "virustotal" # Supported vendors for respmod of ICAP: "virustotal", "metadefender" , "vmray" , "clamav" , "none"- none specifies, respmod will be bypassing everything
req_scanner_vendor = "none" # Supported vendors for reqmod of ICAP: "virustotal" , "vmray",
resp_scanner_vendor_shadow = "none"
req_scanner_vendor_shadow = "none"
bypass_extensions = ["*"]
process_extensions = ["txt" , "pdf" , "dmg" , "exe" , "com", "rar" , "unknown"] # * = everything except the ones in bypass, unknown = system couldn't find out the type of the file
preview_bytes = "0" #bytes
propagate_error = true
[icap_something]
base_url = "icap://127.0.0.1:1345"
reqmod_endpoint = "/reqmod-icapeg"
respmod_endpoint = "/respmod-icapeg"
options_endpoint = ""
timeout = 50# seconds, the whole allowed life span of an ICAP request
[icap_somethingelse]
base_url = "icap://127.0.0.1:1346"
reqmod_endpoint = "/reqmod-icapeg"
respmod_endpoint = "/respmod-icapeg"
options_endpoint = ""
timeout = 50# seconds, the whole allowed life span of an ICAP request
[virustotal]
base_url = "https://www.virustotal.com/vtapi/v2"
file_scan_endpoint = "/file/scan"
url_scan_endpoint = "/url/scan"
file_report_endpoint = "/file/report?apikey=%s&resource=%s"
url_report_endpoint = "/url/report?apikey=%s&resource=%s"
api_key = ""
timeout = 50 #seconds
fail_threshold = 2
status_check_interval = 2 #seconds, the time interval after which the submission status check will be called
status_check_timeout = 300 #seconds, the total time duration after which the the status check should be stopped, if not finished
bad_file_status = ["malicious"]
ok_file_status = ["ok"]
[metadefender]
base_url = "https://api.metadefender.com/v4"
scan_endpoint = "/file"
report_endpoint = "/file"
api_key = ""
timeout = 10 #seconds
fail_threshold = 2
status_check_interval = 2 #seconds, the time interval after which the submission status check will be called
status_check_timeout = 300 #seconds, the total time duration after which the the status check should be stopped, if not finished
bad_file_status = ["malicious"]
ok_file_status = ["clean"]
[vmray]
base_url = "https://cloud.vmray.com/rest"
submit_endpoint = "/sample/submit"
get_sample_endpoint= "/sample"
submission_status_endpoint = "/submission"
timeout = 10 #seconds , the timeout duration for all the api calls for vmray
status_check_interval = 2 #seconds, the time interval after which the submission status check will be called
status_check_timeout = 300 #seconds, the total time duration after which the the status check should be stopped, if not finished
bad_file_status = ["malicious", "suspicious", "blacklisted"]
ok_file_status = ["not_suspicious" , "whitelisted", "unknown"]
api_key = ""
[clamav]
socket_path = "/var/run/clamav/clamd.ctl"
wait_timeout = 10 #seconds, the time upto which the server will wait for clamav to scan the results
bad_file_status = ["malicious"]
ok_file_status = ["ok"]
from icapeg.
// preparing the file meta informations
filename := utils.GetFileName(req.Request)
fileExt := utils.GetFileExtension(req.Request)
fmi := dtos.FileMetaInfo{
FileName: filename,
FileType: fileExt,
FileSize: float64(buf.Len()),
}
in func ToICAPEGResp(w icap.ResponseWriter, req *icap.Request) {}
why we get null filename and fileExt?
from icapeg.
i clone an old commit branch, the commit id is 347b859
below is the squid.conf, I guess the req.request is the url in squid.conf icap://127.0.0.1:1344/respmod-icapeg
acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
include /etc/squid/conf.d/*.conf
http_access allow localhost
http_access allow localnet
http_access deny all
icap_enable on
icap_service service_resp respmod_precache icap://127.0.0.1:1344/respmod-icapeg
adaptation_access service_resp allow all
http_port 3128 ssl-bump cert=/etc/squid/squid.pem generate-host-certificates=on dynamic_cert_mem_cache_size=8MB
sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 8MB
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all
sslproxy_cert_error deny all
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern /(Packages|Sources)(|.bz2|.gz|.xz)$ 0 0% 0 refresh-ims
refresh_pattern /Release(|.gpg)$ 0 0% 0 refresh-ims
refresh_pattern /InRelease$ 0 0% 0 refresh-ims
refresh_pattern /(Translation-.*)(|.bz2|.gz|.xz)$ 0 0% 0 refresh-ims
refresh_pattern . 0 20% 4320
dns_v4_first on
cache_mem 512 MB
cache deny all
from icapeg.
from icapeg.
Hi, I know some about the null Filename,
the reason is we deploy the squid service and icap service on the same server.
from icapeg.
Related Issues (20)
- Known issue: error page in reqmod
- Error: txt extension not recognized HOT 1
- go report badge Error
- Preview not working with zero file byte
- invalid memory address or nil pointer dereference
- I test ICAPeg with echo service by squid version 5.7 browsing this url "https://www.google.com/search?client=firefox-b-d&q=lenovo"
- Test ICAPeg with OPNsense in response mode and preview size=0 ,by browsing this site " https://file-examples.com/index.php/sample-documents-download/sample-doc-download/" gives me this error
- How ICAPeg will inform our ICAP client of the AV scanning results of an infected file HOT 5
- Adding embedded Yara rules service
- Uploaded βeicarβ files
- Upload files
- Clamav Service uploading virus file
- Clamav uploading files
- Clamav Response mode
- Clamav with doc files
- Clamav with Google drive
- icapeg different behavior when running as non-root
- ICAGeg has it difficult to process Multipart/form-data containing multiple uploaded files HOT 2
- Does icapeg has dependency on Squid? Can it work with other load balancers like F5, for example?
- Confusing ADDING-NEW-VENDOR.md manual
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from icapeg.