Debian 9 Stretch
Sponsored Link

Squid + SquidClamav
2017/06/26
 
Install SquidClamav and Configure Proxy Server to scan download files to protect from Virus.
Install Clamav first.
[1] Install Clamd.
root@prox:~#
apt -y install clamav-daemon
[2] Download the latest version of Squidclamav from the link below.
⇒ http://sourceforge.net/projects/squidclamav/files/squidclamav/
# install some required packages first

root@prox:~#
apt -y install gcc make curl libcurl4-gnutls-dev c-icap libicapapi-dev
root@prox:~#
wget --trust-server-names https://sourceforge.net/projects/squidclamav/files/squidclamav/6.16/squidclamav-6.16.tar.gz/download

root@prox:~#
tar zxvf squidclamav-6.16.tar.gz

root@prox:~#
cd squidclamav-6.16

root@prox:~/squidclamav-6.16#
./configure --with-c-icap

root@prox:~/squidclamav-6.16#
root@prox:~/squidclamav-6.16#
make install

root@prox:~/squidclamav-6.16#
root@prox:~#
ln -s /etc/c-icap/squidclamav.conf /etc/squidclamav.conf

root@prox:~#
vi /etc/squidclamav.conf
# line 18: change ( create a error page that is redirected to )

redirect
http://www.srv.world/error.html
[3] Configure c-icap and Squid.
root@prox:~#
vi /etc/default/c-icap
# line 6: change

START=
yes
root@prox:~#
vi /etc/c-icap/c-icap.conf
# line 163: change to the admin email

ServerAdmin
root@srv.world
# line 172: change to the hostname

ServerName
prox.srv.world
# line 570: add

Service squidclamav squidclamav.so
root@prox:~#
vi /etc/squid/squid.conf
# line 6912: add

icap_enable on
# line 7033: add

adaptation_send_client_ip on
# line 7043: add

adaptation_send_username on
# line 7048: add

icap_client_username_header X-Authenticated-User
# line 7144: add follows

icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_req allow all
icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_resp allow all
root@prox:~#
systemctl restart clamav-daemon c-icap squid
[4] It's OK all.
Next, try to access to the site below from a ClientPC with Web browser,
http://eicar.org/85-0-Download.html
then, click the test Virus [eicar.com] to make sure to redirect the site you configured.
 
Tweet