CentOS 6
Sponsored Link

Squid + SquidClamav
2014/08/12
 
Install SquidClamav and Configure Proxy Server to scan downloaded files to protect from virus.
[1]
[2] Install Clamd.
# install from EPEL

[root@prox ~]#
yum --enablerepo=epel -y install clamd
[root@prox ~]#
/etc/rc.d/init.d/clamd start

Starting Clam AntiVirus Daemon: [ OK ]
[root@prox ~]#
chkconfig clamd on
[3] If SELinux is enabled, change rules to run Clamd.
[root@prox ~]#
setsebool -P antivirus_can_scan_system on

[root@prox ~]#
setsebool -P antivirus_use_jit on
[4] Install c-icap.
[root@prox ~]#
yum -y install gcc make

[root@prox ~]#
curl -L -O http://downloads.sourceforge.net/project/c-icap/c-icap/0.4.x/c_icap-0.4.2.tar.gz
[root@prox ~]#
tar zxvf c_icap-0.4.2.tar.gz

[root@prox ~]#
cd c_icap-0.4.2

[root@prox c_icap-0.4.2]#
./configure

[root@prox c_icap-0.4.2]#
[root@prox c_icap-0.4.2]#
make install

[root@prox c_icap-0.4.2]#
[root@prox ~]#
cp /usr/local/etc/c-icap.conf /etc

[root@prox ~]#
vi /etc/c-icap.conf
# line 161: specify admin's email

ServerAdmin
root@srv.world
# line 170: change to your hostname

ServerName
prox.srv.world
# line 568: add

Service squidclamav squidclamav.so
# create an init script

[root@prox ~]#
vi /etc/rc.d/init.d/c-icap
#!/bin/bash

# c-icap: Start/Stop c-icap
# chkconfig: - 70 30
# description: c-icap is an implementation of an ICAP server.
# processname: c-icap
# pidfile: /var/run/c-icap/c-icap.pid

. /etc/rc.d/init.d/functions
. /etc/sysconfig/network

CONFIG_FILE=/etc/c-icap.conf
PID_DIR=/var/run/c-icap

RETVAL=0
start() {
   echo -n $"Starting c-icap: "
   daemon /usr/local/bin/c-icap -f $CONFIG_FILE
   RETVAL=$?
   echo
   [ $RETVAL -eq 0 ] && touch /var/lock/subsys/c-icap
   return $RETVAL
}
stop() {
   echo -n $"Stopping c-icap: "
   killproc c-icap
   rm -f /var/run/c-icap/c-icap.ctl
   RETVAL=$?
   echo
   [ $RETVAL -eq 0 ] && rm -f $PID_DIR/c-icap.pid /var/lock/subsys/c-icap
   return $RETVAL
}
case "$1" in
   start)
      start
   ;;
   stop)
      stop
   ;;
   status)
      status c-icap
   ;;
   restart)
      stop
      start
   ;;
   *)
      echo $"Usage: $0 {start|stop|status|restart}"
   exit 1
esac
exit $?

[root@prox ~]#
chmod 755 /etc/rc.d/init.d/c-icap

[5] Install SquidClamav ( Download latest version of it from the following link ).
http://sourceforge.net/projects/squidclamav/files/squidclamav/
[root@prox ~]#
curl -L -O http://downloads.sourceforge.net/project/squidclamav/squidclamav/6.14/squidclamav-6.14.tar.gz

[root@prox ~]#
tar zxvf squidclamav-6.14.tar.gz

[root@prox ~]#
cd squidclamav-6.14

[root@prox squidclamav-6.14]#
./configure --with-c-icap

[root@prox squidclamav-6.14]#
[root@prox squidclamav-6.14]#
make install

[root@prox squidclamav-6.14]#
[root@prox ~]#
ln -s /usr/local/etc/squidclamav.conf /etc/squidclamav.conf

[root@prox ~]#
vi /etc/squidclamav.conf
# line 18: change( destination URL for redirect. Create it first )

redirect
http://www.srv.world/error.html
# line 27: change( same with clamd )

clamd_local
/var/run/clamav/clamd.sock
[root@prox ~]#
/etc/rc.d/init.d/c-icap start

Starting c-icap:     [ OK ]
[root@prox ~]#
chkconfig --add c-icap

[root@prox ~]#
chkconfig c-icap on

[6] Change settings for Squid.
[root@prox ~]#
vi /etc/squid/squid.conf
# add to the end

icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_header X-Authenticated-User
icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_req allow all
icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_resp allow all
[root@prox ~]#
/etc/rc.d/init.d/squid restart

Stopping squid: ................             [  OK  ]
Starting squid: .                            [  OK  ]
[7] It's OK all.
Next, try to access to the site below from a ClientPC with Web browser,
http://eicar.org/85-0-Download.html
then, click the test Virus "eicar.com" to make sure to redirect the site you configured.
 
Tweet