Back to proxy main Page

Squidclamav and the problems with video- or webradiostreams


Note: SquidClamAV was removed from the pakfire add-ons with Core Update 177. SquidClamAV has not been updated in IPFire since 2012. SquidClamAV is no longer an effective tool in stopping viruses through the Web Proxy as the vast majority of traffic is encrypted https and SquidClamav only works with http traffic.


If you watch videos on youtube or listen to webradio there could be problems and dropouts.

A whitelist entry in /etc/squidclamav.conf is a simple workaround of this problem.

A major disadvantage of this approach is that you have to know the server from which the stream is coming.

In this examples, streams from .akamaistream.net, .googlevideo.com, .youtube.com, Internetradio, Tagesschau-News, Arte-Mediathek are excluded from virus scanning and so they will played without problems.

whitelist .*\.akamaistream.net
whitelist .*\.googlevideo.com
whitelist .*\.youtube.com
whitelist .*\.radiobob.de
whitelist ^.*bob.hoerradar.de.*$
whitelist .*\.xxl-radio.de:8000
whitelist .*\.tagesschau-lh.akamaihd.net
whitelist .*\.arte.tv

Here are exclusions for Web content such as Flash, MP4 and MPEG:

# Do not scan streaming videos
abortcontent ^video\/mp4$
abortcontent ^.*audio\/mp4.*$
abortcontent ^video\/x-flv$
abortcontent ^audio/mpeg$
abortcontent ^application/x-apple-plist$

Debug Streams

Streams are not at all or only play with long delays , this can be determined in order to find a stream link for the whitelist as follows.

Over the Terminal or SSH connecting to IPFire.

Logging must be enabled for the Proxy.

Stop the Proxy:

/etc/init.d/squid stop

Change in the file "squidclamav.conf" the value "debug 0" to "debug 3".

Start the Proxy:

/etc/init.d/squid start

Search and play the Stream and look in the debug output "squidclamav.log"

tail -f /var/log/squid/squidclamav.log

Search now for the line "DEBUG Content-Type: (null) will be scanned" and look in the front row by the called URL. Looks e.g. as follows:

Sat Dec 21 21:12:37 2013 [1873] DEBUG Parsed request: http://62.27.47.15:8000/radioffh/livestream.mp3 192.168.2.21/- - GET
Sat Dec 21 21:12:37 2013 [1873] DEBUG Curl will use proxy: http://127.0.0.1:800
Sat Dec 21 21:12:37 2013 [1873] DEBUG looking for Content-Type of url http://62.27.47.15:8000/radioffh/livestream.mp3
Sat Dec 21 21:12:37 2013 [1873] DEBUG bad header (22: The requested URL returned error: 400 Bad Request)
Sat Dec 21 21:12:37 2013 [1873] DEBUG bad header (22: The requested URL returned error: 400 Bad Request)
Sat Dec 21 21:12:37 2013 [1873] DEBUG File size is -1.00
Sat Dec 21 21:12:37 2013 [1873] DEBUG Content-Type: (null) will be scanned

It is then the whitelist entry:

whitelist 62.27.47.15:8000

After work, stop the proxy, change in the file " squidclamav.conf " entry "debug 3 " in " debug 0 " and start the new proxy.

Back to proxy main Page