Squid+ClamAV: Difference between revisions
Jump to navigation
Jump to search
(Created page with "Описание настройки прокси-сервера '''Squid''' с использованием '''ClamAV'''-антивируса. Для совместной ра...") |
No edit summary |
||
(5 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
Описание настройки прокси-сервера '''Squid''' с использованием '''ClamAV'''-антивируса. | Описание настройки прокси-сервера '''Squid''' с использованием '''ClamAV'''-антивируса. | ||
Для совместной работы Squid и ClamAV требуется следующее программное обеспечение: | Для совместной работы Squid и ClamAV требуется следующее программное обеспечение: | ||
* libecap | * libecap | ||
Line 7: | Line 8: | ||
* c-icap-modules | * c-icap-modules | ||
* squidclamav | * squidclamav | ||
== Настройка c-icap == | |||
Файл "c-icap.conf": | |||
PidFile /var/run/c-icap/c-icap.pid | |||
CommandsSocket /var/run/c-icap/c-icap.ctl | |||
Timeout 300 | |||
MaxKeepAliveRequests 100 | |||
KeepAliveTimeout 600 | |||
StartServers 3 | |||
MaxServers 10 | |||
MinSpareThreads 10 | |||
MaxSpareThreads 20 | |||
ThreadsPerChild 10 | |||
MaxRequestsPerChild 0 | |||
Port 1344 | |||
User squid | |||
Group squid | |||
ServerAdmin admin@your.domain | |||
ServerName proxy.your.domain | |||
TmpDir /var/tmp | |||
MaxMemObject 131072 | |||
DebugLevel 0 | |||
Pipelining on | |||
SupportBuggyClients off | |||
ModulesDir /usr/lib64/c_icap | |||
ServicesDir /usr/lib64/c_icap | |||
TemplateDir /usr/share/c_icap/templates/ | |||
TemplateDefaultLanguage en | |||
LoadMagicFile /etc/c-icap/c-icap.magic | |||
RemoteProxyUsers off | |||
RemoteProxyUserHeader X-Authenticated-User | |||
RemoteProxyUserHeaderEncoded on | |||
LogFormat myFormat "%tl, %a %im %iu %is %I %O %Ib %Ob %{10}bph" | |||
ServerLog /var/log/c-icap/server.log | |||
AccessLog /var/log/c-icap/access.log | |||
Service squidclamav squidclamav.so | |||
Service echo srv_echo.so | |||
== Настройка clamav == | |||
Файл clamd.conf: | |||
LogFile /var/log/clamav/clamd.log | |||
LogSyslog yes | |||
PidFile /var/run/clamav/clamd.pid | |||
TemporaryDirectory /var/tmp | |||
DatabaseDirectory /var/lib/clamav | |||
LocalSocket /var/run/clamav/clamd.socket | |||
FixStaleSocket yes | |||
TCPSocket 3310 | |||
TCPAddr 127.0.0.1 | |||
ExcludePath ^/proc/ | |||
ExcludePath ^/sys/ | |||
User clamav | |||
AllowSupplementaryGroups yes | |||
Файл clamav-milter.conf: | |||
MilterSocket /var/run/clamav/clamav-milter.socket | |||
User clamav | |||
AllowSupplementaryGroups yes | |||
PidFile /var/run/clamav/clamav-milter.pid | |||
TemporaryDirectory /var/tmp | |||
ClamdSocket unix:/var/run/clamav/clamd.socket | |||
LogFile /var/log/clamav/clamav-milter.log | |||
LogSyslog yes | |||
== Настройка squidclamav == | |||
Файл squidclamav.conf: | |||
maxsize 5000000 | |||
redirect http://127.0.0.1/cgi-bin/clwarn.cgi | |||
clamd_ip 127.0.0.1 | |||
clamd_port 3310 | |||
timeout 1 | |||
logredir 0 | |||
dnslookup 1 | |||
safebrowsing 0 | |||
== Насртройка squid для clamav == | |||
Файл squid.conf: | |||
# | |||
# ClamAV | |||
# | |||
# acl icap_whitelist_domain "/etc/squid/icap_whitelist.txt" | |||
icap_enable on | |||
icap_send_client_ip on | |||
icap_send_client_username on | |||
icap_client_username_encode off | |||
icap_client_username_header X-Authenticated-User | |||
icap_preview_enable on | |||
icap_preview_size 1024 | |||
icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav | |||
# adaptation_access service_req deny icap_whitelist | |||
adaptation_access service_req allow all | |||
icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav | |||
# adaptation_access service_req deny icap_whitelist | |||
adaptation_access service_resp allow all |
Latest revision as of 17:33, 27 May 2015
Описание настройки прокси-сервера Squid с использованием ClamAV-антивируса.
Для совместной работы Squid и ClamAV требуется следующее программное обеспечение:
- libecap
- squid
- clamav
- c-icap
- c-icap-modules
- squidclamav
Настройка c-icap
Файл "c-icap.conf":
PidFile /var/run/c-icap/c-icap.pid CommandsSocket /var/run/c-icap/c-icap.ctl Timeout 300 MaxKeepAliveRequests 100 KeepAliveTimeout 600 StartServers 3 MaxServers 10 MinSpareThreads 10 MaxSpareThreads 20 ThreadsPerChild 10 MaxRequestsPerChild 0 Port 1344 User squid Group squid ServerAdmin admin@your.domain ServerName proxy.your.domain TmpDir /var/tmp MaxMemObject 131072 DebugLevel 0 Pipelining on SupportBuggyClients off ModulesDir /usr/lib64/c_icap ServicesDir /usr/lib64/c_icap TemplateDir /usr/share/c_icap/templates/ TemplateDefaultLanguage en LoadMagicFile /etc/c-icap/c-icap.magic RemoteProxyUsers off RemoteProxyUserHeader X-Authenticated-User RemoteProxyUserHeaderEncoded on LogFormat myFormat "%tl, %a %im %iu %is %I %O %Ib %Ob %{10}bph" ServerLog /var/log/c-icap/server.log AccessLog /var/log/c-icap/access.log Service squidclamav squidclamav.so Service echo srv_echo.so
Настройка clamav
Файл clamd.conf:
LogFile /var/log/clamav/clamd.log LogSyslog yes PidFile /var/run/clamav/clamd.pid TemporaryDirectory /var/tmp DatabaseDirectory /var/lib/clamav LocalSocket /var/run/clamav/clamd.socket FixStaleSocket yes TCPSocket 3310 TCPAddr 127.0.0.1 ExcludePath ^/proc/ ExcludePath ^/sys/ User clamav AllowSupplementaryGroups yes
Файл clamav-milter.conf:
MilterSocket /var/run/clamav/clamav-milter.socket User clamav AllowSupplementaryGroups yes PidFile /var/run/clamav/clamav-milter.pid TemporaryDirectory /var/tmp ClamdSocket unix:/var/run/clamav/clamd.socket LogFile /var/log/clamav/clamav-milter.log LogSyslog yes
Настройка squidclamav
Файл squidclamav.conf:
maxsize 5000000 redirect http://127.0.0.1/cgi-bin/clwarn.cgi clamd_ip 127.0.0.1 clamd_port 3310 timeout 1 logredir 0 dnslookup 1 safebrowsing 0
Насртройка squid для clamav
Файл squid.conf:
# # ClamAV # # acl icap_whitelist_domain "/etc/squid/icap_whitelist.txt" icap_enable on icap_send_client_ip on icap_send_client_username on icap_client_username_encode off icap_client_username_header X-Authenticated-User icap_preview_enable on icap_preview_size 1024 icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav # adaptation_access service_req deny icap_whitelist adaptation_access service_req allow all icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav # adaptation_access service_req deny icap_whitelist adaptation_access service_resp allow all