Fedora 14 - Proxy Server - Run with Clamav - SquidClamav : Server World

Run with Clamav - SquidClamav

2010/11/11

Install SquidClamav and Configure Proxy Server in order to scan download files to protect from virus. Install clamav first.

[1]	Install Clamav-server first.

[root@lan03 ~]#

yum -y install clamav-server

[root@lan03 ~]#

cp /usr/share/doc/clamav-server-0.96.3/clamd.conf /etc/clamd.d/squid.conf

[root@lan03 ~]#

vi /etc/clamd.d/squid.conf

# line 8: make it comment

Example

# line 14: uncomment and change

LogFile

/var/log/clamd.squid

# line 62: uncomment and change

PidFile

/var/run/clamd.squid/clamd.pid

# line 66: uncomment

TemporaryDirectory /var/tmp

# line 81: uncomment and change

LocalSocket

/var/run/clamd.squid/clamd.sock

# line 97: uncomment

TCPSocket 3310

# line 191: change

User

squidclamav

[root@lan03 ~]#

useradd -d /var/tmp -s /sbin/nologin squidclamav

useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
[root@lan03 ~]#

mkdir /var/run/clamd.squid

[root@lan03 ~]#

chown squidclamav. /var/run/clamd.squid

[root@lan03 ~]#

cp /usr/share/doc/clamav-server-0.96.3/clamd.sysconfig /etc/sysconfig/clamd.squid

[root@lan03 ~]#

vi /etc/sysconfig/clamd.squid

# line 1,2: uncomment and change

CLAMD_CONFIGFILE=/etc/clamd.d/

squid.conf

CLAMD_SOCKET=/var/run/

clamd.squid

/clamd.sock

[root@lan03 ~]#

cp /usr/share/doc/clamav-server-0.96.3/clamd.init /etc/rc.d/init.d/clamd.squid

[root@lan03 ~]#

vi /etc/rc.d/init.d/clamd.squid

# line 6: change

CLAMD_SERVICE=

squid

[root@lan03 ~]#

chmod 755 /etc/rc.d/init.d/clamd.squid

[root@lan03 ~]#

touch /var/log/clamd.squid

[root@lan03 ~]#

chown squidclamav. /var/log/clamd.squid

[root@lan03 ~]#

chmod 600 /var/log/clamd.squid

[root@lan03 ~]#

/etc/rc.d/init.d/clamd.squid start

Starting clamd.squid:

[ OK ]

[root@lan03 ~]#

chkconfig --add clamd.squid

[root@lan03 ~]#

chkconfig clamd.squid on

[2]	Install SquidClamav

[root@lan03 ~]#

yum -y install curl-devel

[root@lan03 ~]#

wget http://ftp.jaist.ac.jp/pub/sourceforge/s/project/sq/squidclamav/squidclamav/5.6/squidclamav-5.6.tar.gz

[root@lan03 ~]#

tar zxvf squidclamav-5.6.tar.gz

[root@lan03 ~]#

cd squidclamav-5.6

[root@lan03 squidclamav-5.6]#

./configure

[root@lan03 squidclamav-5.6]#

make

[root@lan03 squidclamav-5.6]#

make install

[root@lan03 squidclamav-5.6]#

[root@lan03 ~]#

rm -rf squidclamav-5.6

[root@lan03 ~]#

vi /etc/squidclamav.conf

# line 12: change

squid_port

8080

# line 15: change ( destination URL for redirect. Create it first )

redirect

http://www03.srv.world/error.html

# line 20: change

clamd_local

/var/run/clamd.squid/clamd.sock

# line 21: uncomment and change

clamd_ip 127.0.0.1

# line 22: uncomment

clamd_port 3310

# line 35 and later: make it comment all (but never make it comment if you'd like to enable to scan a kind of file)

# Do not scan images

abort ^.*\.(ico|gif|png|jpg)$

abortcontent ^image\/.*$

[3]	Configure Squid

[root@lan03 ~]#

vi /etc/squid/squid.conf

# line 7: add

acl purge method PURGE

# line 46: uncomment

http_access deny to_localhost

# line 57: add

# http_access allow localnet
http_access allow localhost

http_access allow purge localhost
http_access deny purge

http_access allow lan

# add at the last line

url_rewrite_access deny localhost
url_rewrite_program /usr/local/bin/squidclamav
url_rewrite_children 15

[root@lan03 ~]#

touch /var/log/squid/squidclamav.log

[root@lan03 ~]#

chown squid. /var/log/squid/squidclamav.log

[root@lan03 ~]#

/etc/rc.d/init.d/squid restart

Stopping squid: .............

[ OK ]

Starting squid: .

[ OK ]

[4]	Try to access to a page that has trial virus from here. http://www.eicar.org/anti_virus_test_file.htm Click 'eicar.com' and rty to download it. Then, the error page that is set in the config of squidclamav. Virus is blocked normally.