Run with Clamav - SquidClamav2010/11/11 |
Install SquidClamav and
Configure Proxy Server in order to scan download files to protect from virus.
Install clamav first. |
[1] | Install Clamav-server first. |
[root@lan03 ~]# yum -y install clamav-server [root@lan03 ~]# cp /usr/share/doc/clamav-server-0.96.3/clamd.conf /etc/clamd.d/squid.conf [root@lan03 ~]# vi /etc/clamd.d/squid.conf # line 8: make it comment # Example# line 14: uncomment and change LogFile /var/log/clamd.squid # line 62: uncomment and change PidFile /var/run/clamd.squid/clamd.pid # line 66: uncomment TemporaryDirectory /var/tmp # line 81: uncomment and change LocalSocket /var/run/clamd.squid/clamd.sock # line 97: uncomment TCPSocket 3310 # line 191: change User squidclamav [root@lan03 ~]# useradd -d /var/tmp -s /sbin/nologin squidclamav useradd: warning: the home directory already exists. Not copying any file from skel directory into it. [root@lan03 ~]# mkdir /var/run/clamd.squid [root@lan03 ~]# chown squidclamav. /var/run/clamd.squid [root@lan03 ~]# cp /usr/share/doc/clamav-server-0.96.3/clamd.sysconfig /etc/sysconfig/clamd.squid [root@lan03 ~]# vi /etc/sysconfig/clamd.squid # line 1,2: uncomment and change CLAMD_CONFIGFILE=/etc/clamd.d/ squid.conf CLAMD_SOCKET=/var/run/ clamd.squid /clamd.sock[root@lan03 ~]# cp /usr/share/doc/clamav-server-0.96.3/clamd.init /etc/rc.d/init.d/clamd.squid [root@lan03 ~]# vi /etc/rc.d/init.d/clamd.squid # line 6: change CLAMD_SERVICE= squid [root@lan03 ~]# chmod 755 /etc/rc.d/init.d/clamd.squid [root@lan03 ~]# touch /var/log/clamd.squid [root@lan03 ~]# chown squidclamav. /var/log/clamd.squid [root@lan03 ~]# chmod 600 /var/log/clamd.squid [root@lan03 ~]# /etc/rc.d/init.d/clamd.squid start Starting clamd.squid: [ OK ] [root@lan03 ~]# chkconfig --add clamd.squid [root@lan03 ~]# chkconfig clamd.squid on |
[2] | Install SquidClamav |
[root@lan03 ~]# yum -y install curl-devel [root@lan03 ~]# wget http://ftp.jaist.ac.jp/pub/sourceforge/s/project/sq/squidclamav/squidclamav/5.6/squidclamav-5.6.tar.gz [root@lan03 ~]# tar zxvf squidclamav-5.6.tar.gz [root@lan03 ~]# cd squidclamav-5.6 [root@lan03 squidclamav-5.6]# ./configure [root@lan03 squidclamav-5.6]# [root@lan03 squidclamav-5.6]# make install [root@lan03 squidclamav-5.6]# [root@lan03 ~]# rm -rf squidclamav-5.6 [root@lan03 ~]# vi /etc/squidclamav.conf # line 12: change squid_port 8080 # line 15: change ( destination URL for redirect. Create it first ) redirect http://www03.srv.world/error.html # line 20: change clamd_local /var/run/clamd.squid/clamd.sock # line 21: uncomment and change clamd_ip 127.0.0.1 # line 22: uncomment clamd_port 3310 # line 35 and later: make it comment all (but never make it comment if you'd like to enable to scan a kind of file) # Do not scan images # abort ^.*\.(ico|gif|png|jpg)$# abortcontent ^image\/.*$# |
[3] | Configure Squid |
[root@lan03 ~]# vi /etc/squid/squid.conf # line 7: add acl purge method PURGE # line 46: uncomment http_access deny to_localhost # line 57: add # http_access allow localnet http_access allow localhost http_access allow purge localhost http_access deny purge http_access allow lan # add at the last line url_rewrite_access deny localhost url_rewrite_program /usr/local/bin/squidclamav url_rewrite_children 15 [root@lan03 ~]# touch /var/log/squid/squidclamav.log [root@lan03 ~]# chown squid. /var/log/squid/squidclamav.log [root@lan03 ~]# /etc/rc.d/init.d/squid restart Stopping squid: ............. [ OK ] Starting squid: . [ OK ]
|
[4] | Try to access to a page that has trial virus from here. http://www.eicar.org/anti_virus_test_file.htm Click 'eicar.com' and rty to download it. Then, the error page that is set in the config of squidclamav. Virus is blocked normally. |
Sponsored Link |
|