|
Run with Clamav - squidclamav
|
| Configure Proxy Server in order to scan download files to protect from virus. Install clamav first.
|
|
| [1] | Install clamd first |
|
[root@lan ~]# yum -y install clamav-server [root@lan ~]# vi /etc/clamd.conf # create new
LogFile /var/log/clamav/clamd.log LogFileMaxSize 0 LogTime yes LogSyslog yes PidFile /var/run/clamav/clamd.pid TemporaryDirectory /var/tmp DatabaseDirectory /var/lib/clamav LocalSocket /var/run/clamav/clamd.sock FixStaleSocket yes TCPSocket 3310 TCPAddr 127.0.0.1 MaxConnectionQueueLength 30 ReadTimeout 300 User clamav AllowSupplementaryGroups yes ScanPE yes ScanELF yes DetectBrokenExecutables yes ScanOLE2 yes ScanArchive yes [root@lan ~]# mkdir /var/run/clamav [root@lan ~]# chown clamav. /var/run/clamav [root@lan ~]# mkdir /var/log/clamav [root@lan ~]# chown clamav. /var/log/clamav [root@lan ~]# vi /etc/rc.d/init.d/clamd # create init script # create new
#!/bin/sh # # Startup script for the Clam AntiVirus Daemon # # chkconfig: 2345 61 39 # description: Clam AntiVirus Daemon is a TCP/IP or socket protocol # server. # processname: clamd # pidfile: /var/run/clamav/clamd.pid # config: /etc/clamav.conf . /etc/rc.d/init.d/functions . /etc/sysconfig/network [ -x /usr/sbin/clamd ] || exit 0 case "$1" in start) echo -n "Starting Clam AntiVirus Daemon: " daemon clamd RETVAL=$? echo [ $RETVAL -eq 0 ] && touch /var/lock/subsys/clamd ;; stop) echo -n "Stopping Clam AntiVirus Daemon: " killproc clamd rm -f /var/clamav/clamd.socket rm -f /var/run/clamav/clamav.pid RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/clamd ;; status) status clamd RETVAL=$? ;; restart|reload) $0 stop $0 start RETVAL=$? ;; condrestart) [ -e /var/lock/subsys/clamd ] && restart RETVAL=$? ;; *) echo "Usage: clamd {start|stop|status|restart|reload|condrestart}" exit 1 esac exit $RETVAL [root@lan ~]# chmod 755 /etc/rc.d/init.d/clamd [root@lan ~]# /etc/rc.d/init.d/clamd start Starting Clam AntiVirus Daemon: [ OK ] [root@lan ~]# chkconfig --add clamd [root@lan ~]# chkconfig clamd on
|
| [2] | Install squidclamav |
|
[root@lan ~]# yum -y install curl-devel [root@lan ~]# wget http://www.samse.fr/GPL/squidclamav/squidclamav-3.8.tar.gz [root@lan ~]# tar zxvf squidclamav-3.8.tar.gz [root@lan ~]# cd squidclamav-3.8 [root@lan squidclamav-3.8]# ./configure [root@lan squidclamav-3.8]# [root@lan squidclamav-3.8]# make install [root@lan squidclamav-3.8]# cp squidclamav.conf.dist /etc/squidclamav.conf [root@lan squidclamav-3.8]# [root@lan ~]# vi /etc/squidclamav.conf # uncomment from line 49 to the end except line 52 # change ( Proxy port ) proxy http://127.0.0.1:8080/ # change( log file ) logfile /var/log/squid/squidclamav.log # change ( destination URL for redirect ) redirect http://www.google.co.jp/ # squidguard /usr/local/squidGuard/bin/squidGuard debug 0 force 1 stat 1 # change ( same with clamd's setting ) clamd_local /var/run/clamav/clamd.sock # change clamd_ip 127.0.0.1 clamd_port 3310 timeout 60 abort ^.*\.gz$ abort ^.*\.bz2$ abort ^.*\.pdf$ abort ^.*\.js$ abort ^.*\.html$ abort ^.*\.css$ abort ^.*\.xml$ abort ^.*\.xsl$ abort ^.*\.js$ abort ^.*\.ico$ aborti ^.*\.gif$ aborti ^.*\.png$ aborti ^.*\.jpg$ aborti ^.*\.swf$ content ^.*application\/.*$ whitelist .*google\.com |
| [3] | Configure Squid |
|
[root@lan ~]# vi /etc/squid/squid.conf # line 639: uncomment http_access deny to_localhost # add at the bottom url_rewrite_access deny localhost redirect_program /usr/local/bin/squidclamav redirect_children 15 [root@lan ~]# touch /var/log/squid/squidclamav.log [root@lan ~]# chown squid. /var/log/squid/squidclamav.log [root@lan ~]# vi /etc/logrotate.d/squid # add at the bottom
/var/log/squid/squidclamav.log { weekly rotate 5 copytruncate compress notifempty missingok } [root@lan ~]# /etc/rc.d/init.d/squid restart Stopping squid: ............. [ OK ] Starting squid: . [ OK ]
|
| [4] | Try to access to a page that has trial virus from here. http://www.eicar.org/anti_virus_test_file.htm Click 'eicar.com' and rty to download it. Then, the error page that is set in the config of squidclamav. Virus is blocked normally. |
|