Written on July 22, 2009 at 2:54 pm by

Squid with AVScanner -SquidClamav

Filed under Linux {one comment}

Many Administrators prefrers Squid as proxy, as its very flexible & equipped with many features.

With the increasing use of Internet, threats like virus / trojans also increased. To protect corporate network one needs to use proxy with Antivirus for additional security.

I used SquidClamav with Squid to protect my network.

Below is the installation & configuration of SquidClamav.

Install clamav

Installation

Download squidclamav from http://sourceforge.net/projects/squidclamav/

tar zxvf squidclamav-3.9.tar.gz
cd squidclamav-3.9/
./configure
make all
make install
cp squidclamav.conf.dist /etc/squidclamav.conf
touch /var/log/squidclamav.log
chown squid /var/log/squidclamav.log

Configuration

/etc/squidclamav.conf

abort ^.*\.pdf$
abort ^.*\.html$
abort ^.*\.xml$
abort ^.*\.jsp$
abort ^.*\.ico$
aborti ^.*\.gif$
aborti ^.*\.png$
aborti ^.*\.jpg$

debug 1
force 1
stat 1
regexi  ^.*\.exe$
regexi  ^.*\.com$
regexi  ^.*\.zip$
regexi  ^.*\.msi$
regexi  ^.*\.dll$
regexi  ^.*\.cab$
content ^application\/.*$
clamd_local /tmp/clamd.socket
regex|regexi pattern
redirect http://192.168.1.1/virus.html
logfile /var/log/squidclamav.log
whitelist linuxreaders

Testing

Sample output on tunning squidclamav on shell
SquidClamav running as UID 0: writing logs to stderr
Wed Jul 22 14:48:03 2009 LOG Reading configuration from /etc/squidclamav.conf
Bad configuration keyword: regex|regexi pattern
Wed Jul 22 14:48:03 2009 LOG SquidClamav (PID 336) started

Enter following link for test virus scanning.

http://www.eicar.org/download/eicar.com 192.168.1.3 mylog GET
Wed Jul 22 14:49:53 2009 DEBUG Request:http://www.eicar.org/download/eicar.com 192.168.1.3 mylog GET
Wed Jul 22 14:49:53 2009 DEBUG regex matched: http://www.eicar.org/download/eicar.com
Wed Jul 22 14:49:53 2009 DEBUG content matched: application/x-msdos-program
Wed Jul 22 14:49:53 2009 DEBUG Content-Type: application/x-msdos-program will be scanned
Wed Jul 22 14:49:53 2009 DEBUG Sending STREAM to clamd.
Wed Jul 22 14:49:53 2009 LOG Redirecting URL to: http://192.168.1.1/virus.html?url=http://www.eicar.org/download/eicar.com&source=192.168.1.3&user=mylog&virus=stream:+Eicar-Test-Signature+FOUND
Wed Jul 22 14:49:53 2009 STAT Virus Scanning process time   0.201 second(s)
http://192.168.1.1/virus.html?url=http://www.eicar.org/download/eicar.com&source=192.168.1.3&user=mylog&virus=stream:+Eicar-Test-Signature+FOUND 192.168.1.3 mylog GET
Wed Jul 22 14:49:53 2009 DEBUG Virus found, redirection sent to Squid.
Wed Jul 22 14:49:53 2009 STAT Total process time   0.374 second(s)

/etc/squid/squid.conf

acl myuser src 192.168.1.0/255.255.255.0
acl mysite url_regex “/etc/squid/siteallowed”
http_access allow myuser mysite

url_rewrite_access allow myuser
url_rewrite_program /usr/local/bin/squidclamav
url_rewrite_children 15 #increase if you find performance issue with Squid.

One Comments

    • Squid Proxy | LinuxReaders says:
      June 20, 2010 at 3:06 am

      [...] over gateway. iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128Squid with Clamav scanner. var addthis_append_data='true'; Share|Related Posts:Squid with cache load balanceSquid over [...]

      Reply

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    *

    You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="" highlight="">


    rss
    twitter
    mail
    google plus
    facbook
    stumble
    digg

    Archives

    Categories

    Page optimized by WP Minify WordPress Plugin