How to Set Up an HTTP Anti-Virus Proxy Using pfSense and HAVP

In this hub I'll be demonstrating how to configure a pfSense router to function as an anti-virus proxy using the HAVP package.

Anti-virus proxies act like traditional web proxies except they scan all content passing through the proxy for virus or malware signatures. If the proxy identifies the content as malicious the download will be blocked and the client computer will be redirected to an error page.

The biggest advantage of scanning for viruses directly on the router or gateway is that viruses can be blocked before they ever enter your network. This feature is especially useful for public networks or wireless hotspots or other situations where you can't be sure all computers have an antivirus application installed.

Even though my computers all have antivirus programs installed I like to add another layer of protection to my network, HAVP works great for this.

Prerequisites for HAVP

If you've never installed pfSense before check out the guide how to install pfSense.

In order to get the HAVP package working you need to already have a functioning transparent squid proxy running on pfSense.

Installing the HAVP Package

To get started you'll need to install the HAVP package. Click on the packages menu item in the system menu to load the pfSense package manager. Locate the HAVP package and click the plus symbol on the right side of the package description to install it.

Install the HAVP package using the pfSense package manager.
Install the HAVP package using the pfSense package manager.

Configuring HAVP

Once you have installed HAVP there are a few settings that need to be changed before it will function properly. Click on the antivirus entry in the services menu to access the HAVP settings.

Next click on the HTTP proxy tab and check the first check box to enable the proxy. For the proxy mode setting select parent for squid. By setting squid as the parent proxy traffic will flow as indicated below

Client <-> pfSense Gateway <-> Squid Proxy <-> HAVP <-> Internet

Make sure the proxy interface is set to LAN, the default port number will work fine. You will probably need to change the language setting since English is not the default. The language you choose affects what language the client error messages will be displayed in.

Next scroll all the way down to the bottom and click the save button.

The HAVP configuration page is found in the antivirus page of the services menu.
The HAVP configuration page is found in the antivirus page of the services menu.

Automatic Definition Updates

To enable automatic updates of the virus definitions click on the settings tab. I recommend setting the AV base update to occur every 24 hours. If you're really paranoid of zero day threats you can set the updates to occur more often although you will be using more of your internet bandwidth if you do.

It's also a good idea to choose a regional download mirror that is located near you, selecting a close mirror will allow the definitions to download much quicker.

If your having trouble downloading updates you can enable logging to help figure out what the problem is.

HAVP can be configured to automatically download definition updates.
HAVP can be configured to automatically download definition updates.

Checking the Status of the Services

At this point HAVP should be up and running. I like to check the status just to make sure all of the services started and the definition file was downloaded. On the HAVP general page you should see green arrows next to both the proxy service and the antivirus server.

In the version field you should see ClamAV followed by the date of the virus definition file you are using. If the file is out of date go to the settings tab and click the Update_AV button to manually start the update process.

If HAVP is working both the proxy and antivirus server should have green status icons.
If HAVP is working both the proxy and antivirus server should have green status icons.
Users who attempt to download a malicious file will be redirected to an error page.
Users who attempt to download a malicious file will be redirected to an error page.

Testing Virus Detection

If you want to see what your users will experience when they attempt to download a virus you can download the EICAR virus test file from

The test file is not an actual virus, the file contains a standardized signature that is used to test antivirus software.

If HAVP is working properly then you should be redirected to a page with an access denied message. If you don't see the warning page go back and check the status of the services on the main HAVP settings page.

Customizing the Error Pages

To give your error pages a more professional look I recommend customizing the HTML pages, or even replacing them entirely. You can add your company name and logo, contact information for your IT department, or any other information that you think might be useful.

The HTML files for the default pages are located in /usr/local/share/examples/havp/templates. You can edit these files directly by connecting to the console with SSH, or you can use WinSCP to copy the files to another machine, edit them, and then replace the existing files.

Within the templates directory there is a folder for each of the supported languages. The language you select on the settings page will determine which HTML files will be used.

If you do decide to use your own HTML files you still need to use the same file names.

© 2011 Sam Kear

More by this Author

Comments 7 comments

karanik 3 years ago

Hello ,

I have problem with that. After seconds stop squid service.

What is wrong ?

Francois 2 years ago


I like your solution. Its light, simple and efficient.

However, on my side, I never managed to install HAVP on my alix 2d13 (235MB of RAM available). Whatever the version of pfSense (2.0, 2.0.3, 2.1), I always had some bug (swap space, read-only /var, fresh clam bug, etc.).

Do you know if it exists compact-flash image of pfSense with pre-installed HAVP ?


zon 21 months ago

Its old look at the date in the picture.

akinti kole 16 months ago

Hi. Thanks for the information provided. I was able to installed the HAVP successful but after some minutes of installations, it disconnect itself and an error read " read only/file/http/havp/" . Please what should do?

mrcharles 8 months ago

Thank you very much for the writeup.

I have a problem, i followed your guide to setup Squid and HAVP, unfortunately, the HAVP Service remains stopped and when i check the logs i get the error below, kindly support me:

php-fpm[61497]: /antivirus.php: HAVP: RAMDisk not used. Diagnostic: system MB, available MB, calculated MB. Try reducing 'MAXSCANSIZE' value.

Ben 5 months ago

HAVP not listed in available updates on my pf system, there are however other packages showing available that is not shown on that screenshot... strange.

skear profile image

skear 5 months ago from Kansas City Author


The HAVP package is not present in pfSense 2.3. Antivirus support is now integrated in the Squid proxy server package via C-ICAP.

After installing Squid you'll notice there is an Antivirus tab in the Squid service settings package. This allows you to enable ClamAV antivirus scanning through the proxy.

    Sign in or sign up and post using a HubPages Network account.

    0 of 8192 characters used
    Post Comment

    No HTML is allowed in comments, but URLs will be hyperlinked. Comments are not for promoting your articles or other sites.

    Click to Rate This Article