|
Squid + SquidClamav
2014/08/12 |
|
Install SquidClamav and Configure Proxy Server to scan downloaded files to protect from virus.
|
|
| [1] | |
| [2] | Install Clamd. |
|
[root@prox ~]# /etc/rc.d/init.d/clamd start Starting Clam AntiVirus Daemon: [ OK ] [root@prox ~]# chkconfig clamd on
|
| [3] | If SELinux is enabled, change rules to run Clamd. |
|
[root@prox ~]# setsebool -P antivirus_can_scan_system on [root@prox ~]# setsebool -P antivirus_use_jit on
|
| [4] | Install c-icap. |
|
[root@prox ~]#
[root@prox ~]# yum -y install gcc make [root@prox ~]# curl -L -O http://downloads.sourceforge.net/project/c-icap/c-icap/0.4.x/c_icap-0.4.2.tar.gz
tar zxvf c_icap-0.4.2.tar.gz [root@prox ~]# cd c_icap-0.4.2 [root@prox c_icap-0.4.2]# ./configure [root@prox c_icap-0.4.2]# [root@prox c_icap-0.4.2]# make install [root@prox c_icap-0.4.2]# [root@prox ~]# cp /usr/local/etc/c-icap.conf /etc
[root@prox ~]#
vi /etc/c-icap.conf # line 161: specify admin's email ServerAdmin root@srv.world
# line 170: change to your hostname ServerName prox.srv.world
# line 568: add Service squidclamav squidclamav.so
#!/bin/bash
# c-icap: Start/Stop c-icap
# chkconfig: - 70 30
# description: c-icap is an implementation of an ICAP server.
# processname: c-icap
# pidfile: /var/run/c-icap/c-icap.pid
. /etc/rc.d/init.d/functions
. /etc/sysconfig/network
CONFIG_FILE=/etc/c-icap.conf
PID_DIR=/var/run/c-icap
RETVAL=0
start() {
echo -n $"Starting c-icap: "
daemon /usr/local/bin/c-icap -f $CONFIG_FILE
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/c-icap
return $RETVAL
}
stop() {
echo -n $"Stopping c-icap: "
killproc c-icap
rm -f /var/run/c-icap/c-icap.ctl
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $PID_DIR/c-icap.pid /var/lock/subsys/c-icap
return $RETVAL
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status c-icap
;;
restart)
stop
start
;;
*)
echo $"Usage: $0 {start|stop|status|restart}"
exit 1
esac
exit $?
chmod 755 /etc/rc.d/init.d/c-icap |
| [5] | Install SquidClamav ( Download latest version of it from the following link ). http://sourceforge.net/projects/squidclamav/files/squidclamav/ |
|
[root@prox ~]# curl -L -O http://downloads.sourceforge.net/project/squidclamav/squidclamav/6.14/squidclamav-6.14.tar.gz [root@prox ~]# tar zxvf squidclamav-6.14.tar.gz [root@prox ~]# cd squidclamav-6.14 [root@prox squidclamav-6.14]# ./configure --with-c-icap [root@prox squidclamav-6.14]# [root@prox squidclamav-6.14]# make install [root@prox squidclamav-6.14]# [root@prox ~]# ln -s /usr/local/etc/squidclamav.conf /etc/squidclamav.conf
[root@prox ~]#
vi /etc/squidclamav.conf # line 18: change( destination URL for redirect. Create it first ) redirect http://www.srv.world/error.html
# line 27: change( same with clamd ) clamd_local /var/run/clamav/clamd.sock
/etc/rc.d/init.d/c-icap start Starting c-icap: [ OK ] [root@prox ~]# chkconfig --add c-icap [root@prox ~]# chkconfig c-icap on |
| [6] | Change settings for Squid. |
|
[root@prox ~]#
vi /etc/squid/squid.conf # add to the end
icap_enable on
icap_send_client_ip on icap_send_client_username on icap_client_username_header X-Authenticated-User icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access service_req allow all icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access service_resp allow all /etc/rc.d/init.d/squid restart Stopping squid: ................ [ OK ] Starting squid: . [ OK ] |
| [7] | It's OK all. Next, try to access to the site below from a ClientPC with Web browser, http://eicar.org/85-0-Download.html then, click the test Virus "eicar.com" to make sure to redirect the site you configured. |
|