Fedora 14
Sponsored Link

Run with Clamav - SquidClamav
2010/11/11
  Install SquidClamav and Configure Proxy Server in order to scan download files to protect from virus. Install clamav first.

[1] Install Clamav-server first.
[root@lan03 ~]#
yum -y install clamav-server


[root@lan03 ~]#
cp /usr/share/doc/clamav-server-0.96.3/clamd.conf /etc/clamd.d/squid.conf

[root@lan03 ~]#
vi /etc/clamd.d/squid.conf


# line 8: make it comment

#
Example

# line 14: uncomment and change

LogFile
/var/log/clamd.squid


# line 62: uncomment and change

PidFile
/var/run/clamd.squid/clamd.pid


# line 66: uncomment

TemporaryDirectory /var/tmp

# line 81: uncomment and change

LocalSocket
/var/run/clamd.squid/clamd.sock


# line 97: uncomment

TCPSocket 3310

# line 191: change

User
squidclamav


[root@lan03 ~]#
useradd -d /var/tmp -s /sbin/nologin squidclamav

useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
[root@lan03 ~]#
mkdir /var/run/clamd.squid

[root@lan03 ~]#
chown squidclamav. /var/run/clamd.squid

[root@lan03 ~]#
cp /usr/share/doc/clamav-server-0.96.3/clamd.sysconfig /etc/sysconfig/clamd.squid

[root@lan03 ~]#
vi /etc/sysconfig/clamd.squid


# line 1,2: uncomment and change

CLAMD_CONFIGFILE=/etc/clamd.d/
squid.conf

CLAMD_SOCKET=/var/run/
clamd.squid
/clamd.sock

[root@lan03 ~]#
cp /usr/share/doc/clamav-server-0.96.3/clamd.init /etc/rc.d/init.d/clamd.squid

[root@lan03 ~]#
vi /etc/rc.d/init.d/clamd.squid


# line 6: change

CLAMD_SERVICE=
squid


[root@lan03 ~]#
chmod 755 /etc/rc.d/init.d/clamd.squid

[root@lan03 ~]#
touch /var/log/clamd.squid

[root@lan03 ~]#
chown squidclamav. /var/log/clamd.squid

[root@lan03 ~]#
chmod 600 /var/log/clamd.squid

[root@lan03 ~]#
/etc/rc.d/init.d/clamd.squid start

Starting clamd.squid:
[ OK ]

[root@lan03 ~]#
chkconfig --add clamd.squid

[root@lan03 ~]#
chkconfig clamd.squid on

[2] Install SquidClamav
[root@lan03 ~]#
yum -y install curl-devel


[root@lan03 ~]#
wget http://ftp.jaist.ac.jp/pub/sourceforge/s/project/sq/squidclamav/squidclamav/5.6/squidclamav-5.6.tar.gz

[root@lan03 ~]#
tar zxvf squidclamav-5.6.tar.gz

[root@lan03 ~]#
cd squidclamav-5.6

[root@lan03 squidclamav-5.6]#
./configure

[root@lan03 squidclamav-5.6]#
[root@lan03 squidclamav-5.6]#
make install

[root@lan03 squidclamav-5.6]#
[root@lan03 ~]#
rm -rf squidclamav-5.6

[root@lan03 ~]#
vi /etc/squidclamav.conf


# line 12: change

squid_port
8080


# line 15: change ( destination URL for redirect. Create it first )

redirect
http://www03.srv.world/error.html


# line 20: change

clamd_local
/var/run/clamd.squid/clamd.sock


# line 21: uncomment and change

clamd_ip 127.0.0.1

# line 22: uncomment

clamd_port 3310

# line 35 and later: make it comment all (but never make it comment if you'd like to enable to scan a kind of file)

# Do not scan images
#
abort ^.*\.(ico|gif|png|jpg)$
#
abortcontent ^image\/.*$
#

[3] Configure Squid
[root@lan03 ~]#
vi /etc/squid/squid.conf


# line 7: add

acl purge method PURGE


# line 46: uncomment

http_access deny to_localhost

# line 57: add

# http_access allow localnet
http_access allow localhost
http_access allow purge localhost
http_access deny purge

http_access allow lan

# add at the last line

url_rewrite_access deny localhost
url_rewrite_program /usr/local/bin/squidclamav
url_rewrite_children 15


[root@lan03 ~]#
touch /var/log/squid/squidclamav.log

[root@lan03 ~]#
chown squid. /var/log/squid/squidclamav.log

[root@lan03 ~]#
/etc/rc.d/init.d/squid restart

Stopping squid: .............
[  OK  ]

Starting squid: .
[  OK  ]
[4] Try to access to a page that has trial virus from here.
http://www.eicar.org/anti_virus_test_file.htm
Click 'eicar.com' and rty to download it. Then, the error page that is set in the config of squidclamav. Virus is blocked normally.
 
Matched Content