티스토리 뷰

Fedora 18 Proxy Server Run with Clamav


Run with Clamav - SquidClamav

Install SquidClamav and Configure Proxy Server in order to scan download files to protect from virus. Install Clamav first.




1. Install Clamd


[root@lan ~]# yum -y install clamav-server clamav-server-systemd clamav-server-sysvinit


[root@lan ~]# cp /usr/share/doc/clamav-server-*/clamd.conf /etc/clamd.d/squid.conf 


[root@lan ~]# vi /etc/clamd.d/squid.conf


# line 8: make it comment

#Example

# line 14: uncomment and change

LogFile /var/log/clamd.squid


# line 61: uncomment and change

PidFile /var/run/clamd.squid/clamd.pid


# line 65: uncomment

TemporaryDirectory /var/tmp


# line 80: uncomment and change

LocalSocket /var/run/clamd.squid/clamd.sock


# line 96: uncomment

TCPSocket 3310


# line 189: change

User squidclamav



[root@lan ~]# useradd -d /var/tmp -s /sbin/nologin squidclamav 

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.


[root@lan ~]# mkdir /var/run/clamd.squid 

[root@lan ~]# chown squidclamav. /var/run/clamd.squid 


[root@lan ~]# cp /usr/share/doc/clamav-server-*/clamd.sysconfig /etc/sysconfig/clamd.squid 


[root@lan ~]# vi /etc/sysconfig/clamd.squid

# line 1, 2: uncomment and change

CLAMD_CONFIGFILE=/etc/clamd.d/squid.conf

CLAMD_SOCKET=/var/run/clamd.squid/clamd.sock


[root@lan ~]# vi /etc/tmpfiles.d/clamd.squid.conf

# create new

d /var/run/clamd.squid 0755 squidclamav squidclamav -


[root@lan ~]# cp /usr/share/doc/clamav-server-*/clamd.init /etc/rc.d/init.d/clamd.squid 

[root@lan ~]# vi /etc/rc.d/init.d/clamd.squid


# line 4: change

# description: The clamd server running for Squid

# line 6: change

CLAMD_SERVICE=squid


[root@lan ~]# chmod 755 /etc/rc.d/init.d/clamd.squid 

[root@lan ~]# touch /var/log/clamd.squid 

[root@lan ~]# chown squidclamav. /var/log/clamd.squid 

[root@lan ~]# chmod 600 /var/log/clamd.squid 


[root@lan ~]# systemctl start clamd.squid.service 

[root@lan ~]# chkconfig --add clamd.squid 

[root@lan ~]# chkconfig clamd.squid on 




2. Install c-icap


[root@lan ~]# wget http://ftp.jaist.ac.jp/pub/sourceforge/c/project/c-/c-icap/c-icap/0.2.x/c_icap-0.2.5.tar.gz 


[root@lan ~]# tar zxvf c_icap-0.2.5.tar.gz 


[root@lan ~]# cd c_icap-0.2.5 


[root@lan c_icap-0.2.5]# ./configure 

[root@lan c_icap-0.2.5]# vi Makefile


# line 248: add

LIBS = -lpthread


[root@lan c_icap-0.2.5]# make

[root@lan c_icap-0.2.5]# make install 


[root@lan c_icap-0.2.5]# cd 

[root@lan ~]# cp /usr/local/etc/c-icap.conf /etc 


[root@lan ~]# vi /etc/c-icap.conf


# line 140: change admin address

ServerAdmin root@server.world


# line 149: change to your server name

ServerName lan.server.world


# line 500: add

Service squidclamav squidclamav.so


[root@lan ~]# vi /etc/tmpfiles.d/c-icap.conf

# create new

d /var/run/c-icap 0755 root root -


[root@lan ~]# vi /etc/rc.d/init.d/c-icap # create init script

 #!/bin/bash


# c-icap: Start/Stop c-icap

# chkconfig: - 70 30

# description: c-icap is an implementation of an ICAP server.

# processname: c-icap

# pidfile: /var/run/c-icap/c-icap.pid


. /etc/rc.d/init.d/functions

. /etc/sysconfig/network


CONFIG_FILE=/etc/c-icap.conf

PID_DIR=/var/run/c-icap


RETVAL=0

start() {

   echo -n $"Starting c-icap: "

   daemon /usr/local/bin/c-icap -f $CONFIG_FILE

   RETVAL=$?

   echo

   [ $RETVAL -eq 0 ] && touch /var/lock/subsys/c-icap

   return $RETVAL

}

stop() {

   echo -n $"Stopping c-icap: "

   killproc c-icap

   rm -f /var/run/c-icap/c-icap.ctl

   RETVAL=$?

   echo

   [ $RETVAL -eq 0 ] && rm -f $PID_DIR/c-icap.pid /var/lock/subsys/c-icap

   return $RETVAL

}

case "$1" in

   start)

      start

   ;;

   stop)

      stop

   ;;

   status)

      status c-icap

   ;;

   restart)

      stop

      start

   ;;

   *)

      echo $"Usage: $0 {start|stop|status|restart}"

   exit 1

esac

exit $?


[root@lan ~]# chmod 755 /etc/rc.d/init.d/c-icap 





3. Install SquidClamav ( Download latest version of it from the following link )

http://sourceforge.net/projects/squidclamav/files/squidclamav/


[root@lan ~]# wget http://ftp.jaist.ac.jp/pub/sourceforge/s/project/sq/squidclamav/squidclamav/6.10/squidclamav-6.10.tar.gz 

[root@lan ~]# tar zxvf squidclamav-6.10.tar.gz 

[root@lan ~]# cd squidclamav-6.10 


[root@lan squidclamav-6.10]# ./configure 

[root@lan squidclamav-6.10]# make 

[root@lan squidclamav-6.10]# make install 


[root@lan squidclamav-6.10]# cd 

[root@lan ~]# vi /etc/squidclamav.conf


# line 17: change( destination URL for redirect. Create it first )

redirect http://www.server.world/error.html


# line 26: change( same with clamd )

clamd_local /var/run/clamd.squid/clamd.sock


[root@lan ~]# systemctl start c-icap.service 

Starting c-icap: [ OK ]


[root@lan ~]# chkconfig --add c-icap 

[root@lan ~]# chkconfig c-icap on 





4. Configure Squid


[root@lan ~]# vi /etc/squid/squid.conf


# add at the last line

icap_enable on

icap_send_client_ip on

icap_send_client_username on

icap_client_username_header X-Authenticated-User

icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav

adaptation_access service_req allow all

icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav

adaptation_access service_resp allow all


[root@lan ~]# systemctl restart squid.service 



5. Try to access to a page that has trial virus from here.

http://www.eicar.org/85-0-Download.html

Click 'eicar.com' and rty to download it. Then, the error page that is set in the config of squidclamav. Virus is blocked normally.

저작자 표시 비영리 변경 금지
신고
댓글