Run with Clamav - Squidclamav
2015/01/15 |
Configure Proxy server in order to scan download files to protect from virus.
Install Clamav first.
|
|
[1] | Install Clamd. |
[root@lan ~]# /etc/rc.d/init.d/clamd start Starting Clam AntiVirus Daemon: Bytecode: Security mode set to "TrustSigned". [ OK ] [root@lan ~]# chkconfig clamd on
|
[2] | Install Squidclamav. Download squidclamav 5.x from the link below. 6.x needs Squid 3.x, but Squid on CentOS 5 is Squid 2.x, so use Squidclamav 5.x. http://sourceforge.net/projects/squidclamav/files/squidclamav/ |
[root@lan ~]#
[root@lan ~]# yum -y install gcc make curl-devel wget http://ftp.jaist.ac.jp/pub/sourceforge/s/project/sq/squidclamav/squidclamav/5.11/squidclamav-5.11.tar.gz [root@lan ~]# tar zxvf squidclamav-5.11.tar.gz [root@lan ~]# cd squidclamav-5.11 [root@lan squidclamav-5.11]# ./configure [root@lan squidclamav-5.11]# [root@lan squidclamav-5.11]# make install [root@lan squidclamav-5.11]#
[root@lan ~]#
squid_ip 127.0.0.1vi /usr/local/etc/squidclamav.conf # change ( Squid port ) squid_port 8080 logfile /var/log/squid/squidclamav.log maxsize 5000000 # change ( reditected URL ) redirect http://www.srv.world/error.html #squidguard /usr/local/squidGuard/bin/squidGuard debug 0 stat 0 maxredir 30 # change ( same with clamd's one ) clamd_local /var/run/clamav/clamd.sock # uncomment and change clamd_ip 127.0.0.1 # uncomment clamd_port 3310 timeout 60 useragent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) trust_cache 1 logredir 0 |
[3] | Configure Squid. |
[root@lan ~]#
vi /etc/squid/squid.conf # add follows to the end
url_rewrite_access deny localhost
redirect_program /usr/local/bin/squidclamav redirect_children 15 touch /var/log/squid/squidclamav.log [root@lan ~]# chown squid. /var/log/squid/squidclamav.log
[root@lan ~]#
vi /etc/logrotate.d/squid # add follows to the end
/var/log/squid/squidclamav.log {
weekly rotate 5 copytruncate compress notifempty missingok } /etc/rc.d/init.d/squid restart Stopping squid: ................[ OK ] Starting squid: .[ OK ] |
[4] | It's OK all.
Next, try to access to the site below from a ClientPC with Web browser, http://eicar.org/85-0-Download.html then, click the test Virus "eicar.com" to make sure to redirect the site you configured. |