Собрал из сырцов Squid-3.0.STABLE1, c_imap-180407, clamav-0.92. Настроил по статье https://www.opennet.ru/base/net/clamav_icap_squid.txt.html, по HTTP на eiсar(http://www.eicar.org/anti_virus_test_file.htm#) Squid отработал на ура, но когда пытаюсь соединиться по HTTPS, squid разрешает скачать\просмотреть вирус не на что при этом не ругаясь. Подскажите в чем может быть проблема?

Сборка squid
./configure  --bindir=/bin --sbindir=/sbin --sysconfdir=/etc/squid3 --enable-delay-pools --enable-icap-client --enable-auth=basic,digest,ntlm  --enable-ntlm-auth-helpers=SMB  --enable-basic-auth-helpers=SMB --disable-unlinkd --enable-stacktracess

Конфиг squid
http_port 192.168.2.1:3128
cache_dir ufs /var/cache/squid 100 32 512
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
refresh_pattern ^ftp:         &n... 1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
acl user src 192.168.2.2/255.255.255.255
http_access allow user
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
icap_enable on
icap_preview_enable on
icap_preview_size 128
icap_send_client_ip on
icap_service service_1 reqmod_precache 0 icap://localhost:1344/srv_clamav
icap_service service_0 respmod_precache 1 icap://localhost:1344/srv_clamav
icap_class class_antivirus service_0 service_1
icap_access class_antivirus allow all
cache_mgr squid@romashka.ru
coredump_dir /var/cache/squid
acl local-servers dstdomain .romashka.local
always_direct allow local-servers

Изменения в c_icap и clamav по документации:

c_icap:

User nobody
TmpDir /tmp - ваш каталог временных файлов.
acl localsquid_respmod src 127.0.0.1 type respmod
acl localsquid src 127.0.0.1
acl externalnet src 0.0.0.0/0.0.0.0
icap_access allow localsquid_respmod
icap_access allow localsquid
icap_access deny externalnet
srv_clamav.ClamAvTmpDir /tmp
srv_clamav.VirSaveDir /var/infected/
srv_clamav.VirHTTPServer  "DUMMY"

clamav:

LogFile /var/log/clamd.log
TemporaryDirectory /tmp
DatabaseDirectory /var/lib/clamav
LocalSocket /tmp/clamd
User clamav

PS: над темой подумал только после того как отправил сообщение, имел ввиду Squid + ClamAV по HTTPS НЕ проверяет на вирусы