Fedora 22
Sponsored Link

Squid + SquidClamav
2015/06/01
 
Install SquidClamav and Configure Proxy Server to scan downloaded files to protect from virus.
[1]
Install Clamav first, refer to here.
[2] Install Clamav Server.
[root@prox ~]#
dnf -y install clamav-server clamav-server-systemd
[root@prox ~]#
cp /usr/share/doc/clamav-server*/clamd.conf /etc/clamd.d/squid.conf

[root@prox ~]#
vi /etc/clamd.d/squid.conf
# line 8: comment out

#
Example
# line 14: uncomment and change

LogFile
/var/log/clamd.squid
# line 66: uncomment and change

PidFile
/var/run/clamd.squid/clamd.pid
# line 70: uncomment

TemporaryDirectory /var/tmp
# line 85: uncomment and change

LocalSocket
/var/run/clamd.squid/clamd.sock
# line 101: uncomment

TCPSocket 3310
# line 195: change

User
squidclamav
[root@prox ~]#
useradd -d /var/tmp -M -s /sbin/nologin squidclamav

[root@prox ~]#
mkdir /var/run/clamd.squid

[root@prox ~]#
chown squidclamav. /var/run/clamd.squid

[root@prox ~]#
cp /usr/share/doc/clamav-server*/clamd.sysconfig /etc/sysconfig/clamd.squid

[root@prox ~]#
vi /etc/sysconfig/clamd.squid
# line 1, 2: uncomment and change

CLAMD_CONFIGFILE=/etc/clamd.d/
squid.conf

CLAMD_SOCKET=/var/run/
clamd.squid
/clamd.sock
[root@prox ~]#
vi /etc/tmpfiles.d/clamd.squid.conf
# create new

d /var/run/clamd.squid 0755 squidclamav squidclamav -
[root@prox ~]#
vi /usr/lib/systemd/system/clamd@.service
# add follows to the end

[Install]
WantedBy=multi-user.target
[root@prox ~]#
touch /var/log/clamd.squid

[root@prox ~]#
chown squidclamav. /var/log/clamd.squid

[root@prox ~]#
chmod 600 /var/log/clamd.squid

[root@prox ~]#
systemctl start clamd@squid

[root@prox ~]#
systemctl enable clamd@squid

[3] Install c-icap.
[root@prox ~]#
dnf -y install gcc make

[root@prox ~]#
curl -L -O http://downloads.sourceforge.net/project/c-icap/c-icap/0.3.x/c_icap-0.3.5.tar.gz
[root@prox ~]#
tar zxvf c_icap-0.3.5.tar.gz

[root@prox ~]#
cd c_icap-0.3.5

[root@prox c_icap-0.3.5]#
./configure

[root@prox c_icap-0.3.5]#
make

[root@prox c_icap-0.3.5]#
make install

[root@prox c_icap-0.3.5]#
cd

[root@prox ~]#
cp /usr/local/etc/c-icap.conf /etc

[root@prox ~]#
vi /etc/c-icap.conf
# line 140: change admin address

ServerAdmin
root@srv.world
# line 149: change hostname

ServerName
prox.srv.world
# line 517: add

Service squidclamav squidclamav.so
[root@prox ~]#
vi /etc/tmpfiles.d/c-icap.conf
# create new

d /var/run/c-icap 0755 root root -
[root@prox ~]#
vi /usr/lib/systemd/system/c-icap.service
# create new

[Unit]
Description=c-icap service
After=network.target

[Service]
Type=forking
PIDFile=/var/run/c-icap/c-icap.pid
ExecStart=/usr/local/bin/c-icap -f /etc/c-icap.conf
KillMode=process

[Install]
WantedBy=multi-user.target
[4] Install SquidClamav ( Download latest version of it from the following link ).
http://sourceforge.net/projects/squidclamav/files/squidclamav/
[root@prox ~]#
curl -L -O http://downloads.sourceforge.net/project/squidclamav/squidclamav/6.13/squidclamav-6.13.tar.gz

[root@prox ~]#
tar zxvf squidclamav-6.13.tar.gz

[root@prox ~]#
cd squidclamav-6.13

[root@prox squidclamav-6.13]#
./configure --with-c-icap

[root@prox squidclamav-6.13]#
make

[root@prox squidclamav-6.13]#
make install

[root@prox squidclamav-6.13]#
cd

[root@prox ~]#
ln -s /usr/local/etc/squidclamav.conf /etc/squidclamav.conf

[root@prox ~]#
vi /etc/squidclamav.conf
# line 18: change( destination URL for redirect. Create it first )

redirect
http://www.srv.world/error.html
# line 27: change( same with clamd )

clamd_local
/var/run/clamd.squid/clamd.sock
[5] Configure Squid.
[root@prox ~]#
vi /etc/squid/squid.conf
# add follows to the end

icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_header X-Authenticated-User
icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_req allow all
icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_resp allow all
[root@prox ~]#
systemctl start c-icap

[root@prox ~]#
systemctl enable c-icap

[root@prox ~]#
systemctl restart squid

[6] It's OK all.
Next, try to access to the site below from a ClientPC with Web browser,
http://eicar.org/85-0-Download.html
then, click the test Virus "eicar.com" to make sure to redirect the site you configured.
 
Tweet