So I said I’d keep an eye on c-icap, and I have, kinda. The initial installation went well and I was happy to have a nice new service on my LAN but a couple of ‘niggles’ have appeared.
The first is this.
Here’s the output from Safari when an attempted virus download occurs
I get the same from Firefox. IE on the other hand gets this –
A slight niggle then. Nothing big, just enough to make a tinkerer sweat :)
So, my first thought was that IE didn’t like the 403 Forbidden response it gets from c-icap which is weird as pcaps from both showed the same response being sent.
IE:
Now Firefox:
I should say that Proxies aren’t the cause here. The effect is the same whether you use a ProxySG from Blue Coat and the free Squid-Cache, believe me, I’ve tried. The response sent from c-icap to the client causes one browser to display the page correctly.
I submitted a post to the c-icap mailing list at SourceForge asking about the problem and received a response very quickly from Christos Tsantilas, the maintainter of the software. IE doesn’t handle the 403 response well (it’s too strict) so he suggested changing the source code so that a ‘200 OK’ response is sent from c-icap instead of the usual 403.
The code changed was located in the /services/clamav/srv_clamav.c file of the install source directory:
ci_respmod_add_header(req, "HTTP/1.1 403 Forbidden");
Changed too:
ci_respmod_add_header(req, "HTTP/1.1 200 OK");
I recompiled the code (after make and make clean were run to start afresh) with ‘./configure –with-clamav && make && make install’.
Once that was done I restarted my c-icap service and voila!
Confirmed via a pcap.
My thanks to Tsantilas Christos for his assistance on resolving the problem. I hope that c-icap continues to grow as a package in both features and popularity.