|
Squid + SquidClamav
2017/07/23 |
|
Install SquidClamav and Configure Proxy Server to scan downloaded files to protect from virus.
|
|
| [1] | |
| [2] | Install Clamav Scanner. |
|
[root@prox ~]#
dnf -y install clamav-scanner clamav-scanner-systemd
[root@prox ~]#
vi /etc/clamd.d/scan.conf # line 8: comment out # Example
# line 14: uncomment LogFile /var/log/clamd.scan # line 66: uncomment PidFile /var/run/clamd.scan/clamd.pid # line 70: uncomment TemporaryDirectory /var/tmp # line 85: uncomment LocalSocket /var/run/clamd.scan/clamd.sock # line 101: uncomment TCPSocket 3310 touch /var/log/clamd.scan [root@prox ~]# chown clamscan. /var/log/clamd.scan [root@prox ~]# systemctl start clamd@scan [root@prox ~]# systemctl enable clamd@scan |
| [3] | If SELinux is enabled on your server, configure like follows. |
|
[root@prox ~]# restorecon -v /var/log/clamd.scan
|
| [4] | Install c-icap. |
|
[root@prox ~]#
[root@prox ~]# dnf -y install gcc make [root@prox ~]# curl -L -O https://sourceforge.net/projects/c-icap/files/c-icap/0.5.x/c_icap-0.5.2.tar.gz
tar zxvf c_icap-0.5.2.tar.gz [root@prox ~]# cd c_icap-0.5.2 [root@prox c_icap-0.5.2]# ./configure [root@prox c_icap-0.5.2]# [root@prox c_icap-0.5.2]# make install [root@prox c_icap-0.5.2]# [root@prox ~]# cp /usr/local/etc/c-icap.conf /etc
[root@prox ~]#
vi /etc/c-icap.conf # line 223: change admin address ServerAdmin root@srv.world
# line 232: change hostname ServerName prox.srv.world
# line 673: add Service squidclamav squidclamav.so
[root@prox ~]#
vi /etc/tmpfiles.d/c-icap.conf # create new d /var/run/c-icap 0755 root root -
[root@prox ~]#
vi /usr/lib/systemd/system/c-icap.service # create new [Unit] Description=c-icap service After=network.target [Service] Type=forking PIDFile=/var/run/c-icap/c-icap.pid ExecStart=/usr/local/bin/c-icap -f /etc/c-icap.conf KillMode=process [Install] WantedBy=multi-user.target |
| [5] | Install SquidClamav ( Download latest version of it from the following link ). http://sourceforge.net/projects/squidclamav/files/squidclamav/ |
|
[root@prox ~]# curl -L -O http://downloads.sourceforge.net/project/squidclamav/squidclamav/6.16/squidclamav-6.16.tar.gz [root@prox ~]# tar zxvf squidclamav-6.16.tar.gz [root@prox ~]# cd squidclamav-6.16 [root@prox squidclamav-6.16]# ./configure --with-c-icap [root@prox squidclamav-6.16]# [root@prox squidclamav-6.16]# make install [root@prox squidclamav-6.16]# [root@prox ~]# ln -s /usr/local/etc/squidclamav.conf /etc/squidclamav.conf
[root@prox ~]#
vi /etc/squidclamav.conf # line 18: change( destination URL for redirect. Create it first ) redirect http://www.srv.world/error.html
# line 27: change( same with clamd ) clamd_local /var/run/clamd.scan/clamd.sock
|
| [6] | Configure Squid. |
|
[root@prox ~]#
vi /etc/squid/squid.conf # add to the end
icap_enable on
icap_send_client_ip on icap_send_client_username on icap_client_username_header X-Authenticated-User icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access service_req allow all icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access service_resp allow all systemctl start c-icap [root@prox ~]# systemctl enable c-icap [root@prox ~]# systemctl restart squid |
| [7] | It's OK all. Next, try to access to the site below from a ClientPC with Web browser, http://eicar.org/85-0-Download.html then, click the test Virus "eicar.com" to make sure to redirect the site you configured. |
|