CentOS 5
Sponsored Link

Run with Clamav - Squidclamav
2015/01/15
 
Configure Proxy server in order to scan download files to protect from virus. Install Clamav first.
[1] Install Clamd.
[root@lan ~]#
yum --enablerepo=epel -y install clamd
 
# install from EPEL
[root@lan ~]#
/etc/rc.d/init.d/clamd start

Starting Clam AntiVirus Daemon: Bytecode: Security mode set to "TrustSigned".
[ OK ]
[root@lan ~]#
chkconfig clamd on
[2] Install Squidclamav.
Download squidclamav 5.x from the link below. 6.x needs Squid 3.x, but Squid on CentOS 5 is Squid 2.x, so use Squidclamav 5.x.
http://sourceforge.net/projects/squidclamav/files/squidclamav/
[root@lan ~]#
yum -y install gcc make curl-devel
[root@lan ~]#
wget http://ftp.jaist.ac.jp/pub/sourceforge/s/project/sq/squidclamav/squidclamav/5.11/squidclamav-5.11.tar.gz

[root@lan ~]#
tar zxvf squidclamav-5.11.tar.gz

[root@lan ~]#
cd squidclamav-5.11

[root@lan squidclamav-5.11]#
./configure

[root@lan squidclamav-5.11]#
[root@lan squidclamav-5.11]#
make install

[root@lan squidclamav-5.11]#
[root@lan ~]#
vi /usr/local/etc/squidclamav.conf
squid_ip 127.0.0.1
# change ( Squid port )

squid_port
8080

logfile /var/log/squid/squidclamav.log
maxsize 5000000
# change ( reditected URL )

redirect
http://www.srv.world/error.html

#squidguard /usr/local/squidGuard/bin/squidGuard
debug 0
stat 0
maxredir 30
# change ( same with clamd's one )

clamd_local
/var/run/clamav/clamd.sock

# uncomment and change

clamd_ip
127.0.0.1

# uncomment

clamd_port 3310
timeout 60
useragent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
trust_cache 1
logredir 0
[3] Configure Squid.
[root@lan ~]#
vi /etc/squid/squid.conf
# add follows to the end

url_rewrite_access deny localhost
redirect_program /usr/local/bin/squidclamav
redirect_children 15
[root@lan ~]#
touch /var/log/squid/squidclamav.log

[root@lan ~]#
chown squid. /var/log/squid/squidclamav.log

[root@lan ~]#
vi /etc/logrotate.d/squid
# add follows to the end

/var/log/squid/squidclamav.log {
   weekly
   rotate 5
   copytruncate
   compress
   notifempty
   missingok
}
[root@lan ~]#
/etc/rc.d/init.d/squid restart

Stopping squid: ................[ OK ]
Starting squid: .[ OK ]
[4] It's OK all. Next, try to access to the site below from a ClientPC with Web browser,
http://eicar.org/85-0-Download.html
then, click the test Virus "eicar.com" to make sure to redirect the site you configured.
 
Tweet