Run with Clamav - SquidClamav
2011/05/05 |
Install SquidClamav and Configure Proxy Server in order to scan download files to protect from virus.
Install clamav first.
|
|
[1] | Install Clamd |
root@lan:~# aptitude -y install clamav-daemon root@lan:~# /etc/init.d/clamav-daemon start * Starting ClamAV daemon clamd ...done. |
[2] | Download latest version of Squidclamav from the link below with wget. http://sourceforge.net/projects/squidclamav/files/squidclamav/ |
# install some required packages first root@lan:~# aptitude -y install gcc make curl libcurl4-gnutls-dev c-icap libicapapi-dev root@lan:~# wget http://ftp.jaist.ac.jp/pub/sourceforge/s/project/sq/squidclamav/squidclamav/6.2/squidclamav-6.2.tar.gz root@lan:~# tar zxvf squidclamav-6.2.tar.gz root@lan:~# cd squidclamav-6.2 root@lan:~/squidclamav-6.2# ./configure --with-c-icap root@lan:~/squidclamav-6.2# root@lan:~/squidclamav-6.2# make install root@lan:~/squidclamav-6.2# root@lan:~# vi /etc/squidclamav.conf # line 17: change ( destination URL for redirect. Create it first ) redirect http://www.srv.world/error.html # line 25: change ( same with clamd ) clamd_local /var/run/clamav/clamd.ctl |
[3] | Configure c-icap and Squid |
root@lan:~# vi /etc/default/c-icap # line 6: change START= yes root@lan:~# vi /etc/c-icap/c-icap.conf # line 142: change to admin's address ServerAdmin root@srv.world # line 151: change to your servername ServerName lan.srv.world # line 499: add Service squidclamav squidclamav.so root@lan:~# vi /etc/init.d/c-icap # line 107: add '!' because it is a mistake if ! running ; thenecho "$NAME." else echo " ERROR." fi root@lan:~# /etc/init.d/c-icap start Starting c-icap: c-icap. root@lan:~# vi /etc/squid3/squid.conf # line 4761: add icap_enable on # line 4848: add icap_send_client_ip on # line 4856: add icap_send_client_username on # line 4861: add icap_client_username_header X-Authenticated-User # line 4932: add follows
icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access service_req allow all icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access service_resp allow all root@lan:~# /etc/init.d/squid3 restart * Restarting Squid HTTP Proxy 3.x squid3 * Waiting... ...done. * Creating Squid HTTP Proxy 3.x cache structure 2011/05/05 03:31:41| Creating Swap Directories ...done. |
[4] | Try to access to a page that has trial virus from here. http://www.eicar.org/anti_virus_test_file.htm Click 'eicar.com' and rty to download it. Then, Virus will be detected and accessing is redirected to the page you set. |