Fedora 26
Sponsored Link

Squid + SquidClamav
2017/07/23
 
Install SquidClamav and Configure Proxy Server to scan downloaded files to protect from virus.
[1]
[2] Install Clamav Scanner.
[root@prox ~]#
dnf -y install clamav-scanner clamav-scanner-systemd
[root@prox ~]#
vi /etc/clamd.d/scan.conf
# line 8: comment out

#
Example
# line 14: uncomment

LogFile /var/log/clamd.scan
# line 66: uncomment

PidFile /var/run/clamd.scan/clamd.pid
# line 70: uncomment

TemporaryDirectory /var/tmp
# line 85: uncomment

LocalSocket /var/run/clamd.scan/clamd.sock
# line 101: uncomment

TCPSocket 3310
[root@prox ~]#
touch /var/log/clamd.scan

[root@prox ~]#
chown clamscan. /var/log/clamd.scan

[root@prox ~]#
systemctl start clamd@scan

[root@prox ~]#
systemctl enable clamd@scan

[3] If SELinux is enabled on your server, configure like follows.
[root@prox ~]#
restorecon -v /var/log/clamd.scan
[4] Install c-icap.
[root@prox ~]#
dnf -y install gcc make

[root@prox ~]#
curl -L -O https://sourceforge.net/projects/c-icap/files/c-icap/0.5.x/c_icap-0.5.2.tar.gz
[root@prox ~]#
tar zxvf c_icap-0.5.2.tar.gz

[root@prox ~]#
cd c_icap-0.5.2

[root@prox c_icap-0.5.2]#
./configure

[root@prox c_icap-0.5.2]#
[root@prox c_icap-0.5.2]#
make install

[root@prox c_icap-0.5.2]#
[root@prox ~]#
cp /usr/local/etc/c-icap.conf /etc

[root@prox ~]#
vi /etc/c-icap.conf
# line 223: change admin address

ServerAdmin
root@srv.world
# line 232: change hostname

ServerName
prox.srv.world
# line 673: add

Service squidclamav squidclamav.so
[root@prox ~]#
vi /etc/tmpfiles.d/c-icap.conf
# create new

d /var/run/c-icap 0755 root root -
[root@prox ~]#
vi /usr/lib/systemd/system/c-icap.service
# create new

[Unit]
Description=c-icap service
After=network.target

[Service]
Type=forking
PIDFile=/var/run/c-icap/c-icap.pid
ExecStart=/usr/local/bin/c-icap -f /etc/c-icap.conf
KillMode=process

[Install]
WantedBy=multi-user.target
[5] Install SquidClamav ( Download latest version of it from the following link ).
http://sourceforge.net/projects/squidclamav/files/squidclamav/
[root@prox ~]#
curl -L -O http://downloads.sourceforge.net/project/squidclamav/squidclamav/6.16/squidclamav-6.16.tar.gz

[root@prox ~]#
tar zxvf squidclamav-6.16.tar.gz

[root@prox ~]#
cd squidclamav-6.16

[root@prox squidclamav-6.16]#
./configure --with-c-icap

[root@prox squidclamav-6.16]#
[root@prox squidclamav-6.16]#
make install

[root@prox squidclamav-6.16]#
[root@prox ~]#
ln -s /usr/local/etc/squidclamav.conf /etc/squidclamav.conf

[root@prox ~]#
vi /etc/squidclamav.conf
# line 18: change( destination URL for redirect. Create it first )

redirect
http://www.srv.world/error.html
# line 27: change( same with clamd )

clamd_local
/var/run/clamd.scan/clamd.sock
[6] Configure Squid.
[root@prox ~]#
vi /etc/squid/squid.conf
# add to the end

icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_header X-Authenticated-User
icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_req allow all
icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_resp allow all
[root@prox ~]#
systemctl start c-icap

[root@prox ~]#
systemctl enable c-icap

[root@prox ~]#
systemctl restart squid

[7] It's OK all.
Next, try to access to the site below from a ClientPC with Web browser,
http://eicar.org/85-0-Download.html
then, click the test Virus "eicar.com" to make sure to redirect the site you configured.
 
Tweet