|
Run with Clamav - squidclamav
2010/06/03 |
| Configure Proxy Server in order to scan download files to protect from virus.
Install clamav first (the procedure on [2] in the link).
|
| [1] | Install squidclamav |
|
[root@lan ~]# yum -y install curl-devel [root@lan ~]# wget http://www.darold.net/projects/squidclamav/squidclamav-4.1.tar.gz [root@lan ~]# tar zxvf squidclamav-4.1.tar.gz [root@lan ~]# cd squidclamav-4.1 [root@lan squidclamav-4.1]# ./configure [root@lan squidclamav-4.1]# [root@lan squidclamav-4.1]# make install [root@lan squidclamav-4.1]# cp squidclamav.conf.dist /etc/squidclamav.conf [root@lan squidclamav-4.1]# [root@lan ~]# vi /etc/squidclamav.conf # uncomment all from line 55 except the line "squidguard ***" squid_ip 127.0.0.1 # change( Proxy port ) squid_port 8080 logfile /var/log/squidclamav.log # change ( destination URL for redirect. Create it first ) redirect http://www.srv.world/error.html #squidguard /usr/local/squidGuard/bin/squidGuard debug 0 force 1 stat 1 maxredir 10 # change( same with clamd's setting ) clamd_local /var/run/clamav/clamd.sock # change clamd_ip 127.0.0.1 clamd_port 3310 timeout 60 useragent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) trust_cache 0 abort ^.*\.pdf$ abort ^.*\.js$ abort ^.*\.html$ abort ^.*\.css$ abort ^.*\.xml$ abort ^.*\.xsl$ abort ^.*\.js$ abort ^.*\.html$ abort ^.*\.css$ abort ^.*\.xml$ abort ^.*\.xsl$ abort ^.*\.js$ abort ^.*\.jsp$ abort ^.*\.jsp?.*$ aborti ^.*servlet.*$ abort ^.*\.ico$ aborti ^.*\.gif$ aborti ^.*\.png$ aborti ^.*\.jpg$ aborti ^.*\.swf$ abortcontenti ^.*application\/x-mms-framed.*$ abortcontenti ^.*application\/x-javascript.*$ content ^.*application\/.*$ # set white list whitelist www.google.com # Scan all files content ^.*\/.*$ [root@lan ~]# /etc/rc.d/init.d/clamd start Starting Clam AntiVirus Daemon: [ OK ] [root@lan ~]# chkconfig clamd on
|
| [3] | Configure Squid |
|
[root@lan ~]# vi /etc/squid/squid.conf # line 49: uncomment http_access deny to_localhost # add at the bottom url_rewrite_access deny localhost redirect_program /usr/local/bin/squidclamav redirect_children 15 [root@lan ~]# touch /var/log/squid/squidclamav.log [root@lan ~]# chown squid. /var/log/squid/squidclamav.log [root@lan ~]# /etc/rc.d/init.d/squid restart Stopping squid: ............. [ OK ] Starting squid: . [ OK ]
|
| [4] | Try to access to a page that has trial virus from here. http://www.eicar.org/anti_virus_test_file.htm Click 'eicar.com' and rty to download it. Then, the error page that is set in the config of squidclamav. Virus is blocked normally. |
|