hi, i don't know if you already had this problem with pfSense 1.2.3 but my havp or better said, clamd quits sometimes unexpectly. I searched the internet for some solutions but i couldn't find any. Some people were reporting that they had a hardware problem and that the freezing was solved after replacing e.g. the hard drive. Well, because i'm using a relatively new drive (or new compact flash as a drive), i wasn't too satisfied with this and wrote my own script to test the clamd socket and restart havp if needed.

My logs showed some of the following errors:

/var/log/havp/access.log:
{DATE} {IP} GET 200 {URL} 331+951 SCANERROR Detected dead scanner

/var/log/havp/havp.log:
{DATE} Scanner errors: Clamd: Could not read from scanner socket (lasturl: {URL})

So here is my script:

#! /usr/local/bin/php -qC
<?php
# open clamd socket
$socket = @fsockopen("localhost", 3310, $errno, $errstr, 1);
# if socket connection fails, restart clamd and havp
if (!$socket) {
    print "Unable to connect to CLAMD… socket down?\n";
    print "Stopping HAVP…\n";
    system("/usr/local/etc/rc.d/havp stop");
    print "Restarting CLAMD…\n";
    system("/usr/local/etc/rc.d/clamd stop");
    system("/usr/local/etc/rc.d/clamd start");
    print "Starting HAVP…\n";
    system("/usr/local/etc/rc.d/havp start");
}
# close socket
else fclose($socket);
?>

Save this to a file on the pfSense filesystem, set executable permissions on that file (chmod 755 <script>), add following lines to /etc/crontab and replace the <path_to_file> with your path and scriptname:

# check for havp every minute
*/1 * * * * root <path_to_file>

From then on, my pfSense box ran smoothly again.