# squid + c-icap + squidclamav creates i-cap protocol error



## fl0w3b (Oct 21, 2018)

I am trying to run squid (version 4.1) with squidclamav. This used to work fine but broke with an update to the current c-icap (0.5.5) version. When I try to access a webpage, I get the following error:

```
The following error was encountered while trying to retrieve the URL: http://www.eicar.com/
ICAP protocol error.

The system returned: [No Error]
```
This means that some aspect of the ICAP communication failed.

Some possible problems are:


_The ICAP server is not reachable._
_An Illegal response was received from the ICAP server._
The c-icap server is however running:

```
/usr/local/bin/c-icap-client -i 127.0.0.1 -p 1344 -d 10
OK done with options!
ICAP server:127.0.0.1, ip:127.0.0.1, port:1344

OPTIONS:
    Allow 204: Yes
    Preview: 1024
    Keep alive: Yes

ICAP HEADERS:
    ICAP/1.0 200 OK
    Methods: RESPMOD, REQMOD
    Service: C-ICAP/0.5.5 server - Echo demo service
    ISTag: CI0001-XXXXXXXXX
    Transfer-Preview: *
    Options-TTL: 3600
    Date: Sun, 21 Oct 2018 18:56:34 GMT
    Preview: 1024
    Allow: 204
    X-Include: X-Authenticated-User, X-Authenticated-Groups
    Encapsulated: null-body=0
```

I am not sure what is causing the issue. The redirect in the squid.conf looks like this:


```
icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_encode off
icap_client_username_header X-Authenticated-User
icap_preview_enable on
icap_preview_size 1024
adaptation_send_client_ip on
adaptation_send_username on
icap_service squidclamav1 reqmod_precache icap://127.0.0.1:1344/squidclamav bypass=0
icap_service squidclamav2 respmod_precache icap://127.0.0.1:1344/squidclamav bypass=0
adaptation_service_chain svcRequest squidclamav1
adaptation_service_chain svcResponse squidclamav2            
adaptation_access svcRequest allow all
adaptation_access svcResponse allow all
```

Really appreciate any ideas what might help. 
Thank you


----------



## CompDrClovis (May 15, 2019)

I know this is kind of old, but it came up when I searched for the same issue, so it's worth answering I guess.

Most likely issue is that squidclamav.conf says

```
clamd_local /var/run/clamav/clamd.ctl
```

but by default, clamd is set up for /var/run/clamav/clamd.sock. Just change the ctl to sock, restart c-icap and squid, and you should be good to go.


----------



## mfaridi (May 15, 2019)

make compile again c-icap.


----------

