티스토리 뷰

Fedora 18 Proxy Server Run with Clamav


Run with Clamav - SquidClamav

Install SquidClamav and Configure Proxy Server in order to scan download files to protect from virus. Install Clamav first.




1. Install Clamd


[root@lan ~]# yum -y install clamav-server clamav-server-systemd clamav-server-sysvinit


[root@lan ~]# cp /usr/share/doc/clamav-server-*/clamd.conf /etc/clamd.d/squid.conf 


[root@lan ~]# vi /etc/clamd.d/squid.conf


# line 8: make it comment

#Example

# line 14: uncomment and change

LogFile /var/log/clamd.squid


# line 61: uncomment and change

PidFile /var/run/clamd.squid/clamd.pid


# line 65: uncomment

TemporaryDirectory /var/tmp


# line 80: uncomment and change

LocalSocket /var/run/clamd.squid/clamd.sock


# line 96: uncomment

TCPSocket 3310


# line 189: change

User squidclamav



[root@lan ~]# useradd -d /var/tmp -s /sbin/nologin squidclamav 

useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.


[root@lan ~]# mkdir /var/run/clamd.squid 

[root@lan ~]# chown squidclamav. /var/run/clamd.squid 


[root@lan ~]# cp /usr/share/doc/clamav-server-*/clamd.sysconfig /etc/sysconfig/clamd.squid 


[root@lan ~]# vi /etc/sysconfig/clamd.squid

# line 1, 2: uncomment and change

CLAMD_CONFIGFILE=/etc/clamd.d/squid.conf

CLAMD_SOCKET=/var/run/clamd.squid/clamd.sock


[root@lan ~]# vi /etc/tmpfiles.d/clamd.squid.conf

# create new

d /var/run/clamd.squid 0755 squidclamav squidclamav -


[root@lan ~]# cp /usr/share/doc/clamav-server-*/clamd.init /etc/rc.d/init.d/clamd.squid 

[root@lan ~]# vi /etc/rc.d/init.d/clamd.squid


# line 4: change

# description: The clamd server running for Squid

# line 6: change

CLAMD_SERVICE=squid


[root@lan ~]# chmod 755 /etc/rc.d/init.d/clamd.squid 

[root@lan ~]# touch /var/log/clamd.squid 

[root@lan ~]# chown squidclamav. /var/log/clamd.squid 

[root@lan ~]# chmod 600 /var/log/clamd.squid 


[root@lan ~]# systemctl start clamd.squid.service 

[root@lan ~]# chkconfig --add clamd.squid 

[root@lan ~]# chkconfig clamd.squid on 




2. Install c-icap


[root@lan ~]# wget http://ftp.jaist.ac.jp/pub/sourceforge/c/project/c-/c-icap/c-icap/0.2.x/c_icap-0.2.5.tar.gz 


[root@lan ~]# tar zxvf c_icap-0.2.5.tar.gz 


[root@lan ~]# cd c_icap-0.2.5 


[root@lan c_icap-0.2.5]# ./configure 

[root@lan c_icap-0.2.5]# vi Makefile


# line 248: add

LIBS = -lpthread


[root@lan c_icap-0.2.5]# make

[root@lan c_icap-0.2.5]# make install 


[root@lan c_icap-0.2.5]# cd 

[root@lan ~]# cp /usr/local/etc/c-icap.conf /etc 


[root@lan ~]# vi /etc/c-icap.conf


# line 140: change admin address

ServerAdmin root@server.world


# line 149: change to your server name

ServerName lan.server.world


# line 500: add

Service squidclamav squidclamav.so


[root@lan ~]# vi /etc/tmpfiles.d/c-icap.conf

# create new

d /var/run/c-icap 0755 root root -


[root@lan ~]# vi /etc/rc.d/init.d/c-icap # create init script

 #!/bin/bash


# c-icap: Start/Stop c-icap

# chkconfig: - 70 30

# description: c-icap is an implementation of an ICAP server.

# processname: c-icap

# pidfile: /var/run/c-icap/c-icap.pid


. /etc/rc.d/init.d/functions

. /etc/sysconfig/network


CONFIG_FILE=/etc/c-icap.conf

PID_DIR=/var/run/c-icap


RETVAL=0

start() {

   echo -n $"Starting c-icap: "

   daemon /usr/local/bin/c-icap -f $CONFIG_FILE

   RETVAL=$?

   echo

   [ $RETVAL -eq 0 ] && touch /var/lock/subsys/c-icap

   return $RETVAL

}

stop() {

   echo -n $"Stopping c-icap: "

   killproc c-icap

   rm -f /var/run/c-icap/c-icap.ctl

   RETVAL=$?

   echo

   [ $RETVAL -eq 0 ] && rm -f $PID_DIR/c-icap.pid /var/lock/subsys/c-icap

   return $RETVAL

}

case "$1" in

   start)

      start

   ;;

   stop)

      stop

   ;;

   status)

      status c-icap

   ;;

   restart)

      stop

      start

   ;;

   *)

      echo $"Usage: $0 {start|stop|status|restart}"

   exit 1

esac

exit $?


[root@lan ~]# chmod 755 /etc/rc.d/init.d/c-icap 





3. Install SquidClamav ( Download latest version of it from the following link )

http://sourceforge.net/projects/squidclamav/files/squidclamav/


[root@lan ~]# wget http://ftp.jaist.ac.jp/pub/sourceforge/s/project/sq/squidclamav/squidclamav/6.10/squidclamav-6.10.tar.gz 

[root@lan ~]# tar zxvf squidclamav-6.10.tar.gz 

[root@lan ~]# cd squidclamav-6.10 


[root@lan squidclamav-6.10]# ./configure 

[root@lan squidclamav-6.10]# make 

[root@lan squidclamav-6.10]# make install 


[root@lan squidclamav-6.10]# cd 

[root@lan ~]# vi /etc/squidclamav.conf


# line 17: change( destination URL for redirect. Create it first )

redirect http://www.server.world/error.html


# line 26: change( same with clamd )

clamd_local /var/run/clamd.squid/clamd.sock


[root@lan ~]# systemctl start c-icap.service 

Starting c-icap: [ OK ]


[root@lan ~]# chkconfig --add c-icap 

[root@lan ~]# chkconfig c-icap on 





4. Configure Squid


[root@lan ~]# vi /etc/squid/squid.conf


# add at the last line

icap_enable on

icap_send_client_ip on

icap_send_client_username on

icap_client_username_header X-Authenticated-User

icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav

adaptation_access service_req allow all

icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav

adaptation_access service_resp allow all


[root@lan ~]# systemctl restart squid.service 



5. Try to access to a page that has trial virus from here.

http://www.eicar.org/85-0-Download.html

Click 'eicar.com' and rty to download it. Then, the error page that is set in the config of squidclamav. Virus is blocked normally.

댓글