Squid+ClamAV: Difference between revisions

From wiki.habital.lv
Jump to navigation Jump to search
(Created page with "Описание настройки прокси-сервера '''Squid''' с использованием '''ClamAV'''-антивируса. Для совместной ра...")
 
No edit summary
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
Описание настройки прокси-сервера '''Squid''' с использованием '''ClamAV'''-антивируса.
Описание настройки прокси-сервера '''Squid''' с использованием '''ClamAV'''-антивируса.
Для совместной работы Squid и ClamAV требуется следующее программное обеспечение:
Для совместной работы Squid и ClamAV требуется следующее программное обеспечение:
* libecap
* libecap
Line 7: Line 8:
* c-icap-modules
* c-icap-modules
* squidclamav
* squidclamav
== Настройка c-icap ==
Файл "c-icap.conf":
PidFile /var/run/c-icap/c-icap.pid
CommandsSocket /var/run/c-icap/c-icap.ctl
Timeout 300
MaxKeepAliveRequests 100
KeepAliveTimeout 600 
StartServers 3
MaxServers 10
MinSpareThreads    10
MaxSpareThreads    20
ThreadsPerChild    10
MaxRequestsPerChild  0
Port 1344
User squid
Group squid
ServerAdmin admin@your.domain
ServerName proxy.your.domain
TmpDir /var/tmp
MaxMemObject 131072
DebugLevel 0
Pipelining on
SupportBuggyClients off
ModulesDir /usr/lib64/c_icap
ServicesDir /usr/lib64/c_icap
TemplateDir /usr/share/c_icap/templates/
TemplateDefaultLanguage en
LoadMagicFile /etc/c-icap/c-icap.magic
RemoteProxyUsers off
RemoteProxyUserHeader X-Authenticated-User
RemoteProxyUserHeaderEncoded on
LogFormat myFormat "%tl, %a %im %iu %is %I %O %Ib %Ob %{10}bph"
ServerLog /var/log/c-icap/server.log
AccessLog /var/log/c-icap/access.log
Service squidclamav squidclamav.so
Service echo srv_echo.so
== Настройка clamav ==
Файл clamd.conf:
LogFile /var/log/clamav/clamd.log
LogSyslog yes
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /var/tmp
DatabaseDirectory /var/lib/clamav
LocalSocket /var/run/clamav/clamd.socket
FixStaleSocket yes
TCPSocket 3310
TCPAddr 127.0.0.1
ExcludePath ^/proc/
ExcludePath ^/sys/
User clamav
AllowSupplementaryGroups yes
Файл clamav-milter.conf:
MilterSocket /var/run/clamav/clamav-milter.socket
User clamav
AllowSupplementaryGroups yes
PidFile /var/run/clamav/clamav-milter.pid
TemporaryDirectory /var/tmp
ClamdSocket unix:/var/run/clamav/clamd.socket
LogFile /var/log/clamav/clamav-milter.log
LogSyslog yes
== Настройка squidclamav ==
Файл squidclamav.conf:
maxsize 5000000
redirect http://127.0.0.1/cgi-bin/clwarn.cgi
clamd_ip 127.0.0.1
clamd_port 3310
timeout 1
logredir 0
dnslookup 1
safebrowsing 0
== Насртройка squid для clamav ==
Файл squid.conf:
#
# ClamAV
#
# acl icap_whitelist_domain "/etc/squid/icap_whitelist.txt"
icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_encode off
icap_client_username_header X-Authenticated-User
icap_preview_enable on
icap_preview_size 1024
icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
# adaptation_access service_req deny icap_whitelist
adaptation_access service_req allow all
icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
# adaptation_access service_req deny icap_whitelist
adaptation_access service_resp allow all

Latest revision as of 17:33, 27 May 2015

Описание настройки прокси-сервера Squid с использованием ClamAV-антивируса.

Для совместной работы Squid и ClamAV требуется следующее программное обеспечение:

  • libecap
  • squid
  • clamav
  • c-icap
  • c-icap-modules
  • squidclamav

Настройка c-icap

Файл "c-icap.conf":

PidFile /var/run/c-icap/c-icap.pid
CommandsSocket /var/run/c-icap/c-icap.ctl
Timeout 300
MaxKeepAliveRequests 100
KeepAliveTimeout 600  
StartServers 3
MaxServers 10
MinSpareThreads     10
MaxSpareThreads     20
ThreadsPerChild     10
MaxRequestsPerChild  0
Port 1344 
User squid
Group squid
ServerAdmin admin@your.domain
ServerName proxy.your.domain
TmpDir /var/tmp
MaxMemObject 131072
DebugLevel 0
Pipelining on
SupportBuggyClients off
ModulesDir /usr/lib64/c_icap
ServicesDir /usr/lib64/c_icap
TemplateDir /usr/share/c_icap/templates/
TemplateDefaultLanguage en
LoadMagicFile /etc/c-icap/c-icap.magic
RemoteProxyUsers off
RemoteProxyUserHeader X-Authenticated-User
RemoteProxyUserHeaderEncoded on
LogFormat myFormat "%tl, %a %im %iu %is %I %O %Ib %Ob %{10}bph" 
ServerLog /var/log/c-icap/server.log
AccessLog /var/log/c-icap/access.log
Service squidclamav squidclamav.so
Service echo srv_echo.so

Настройка clamav

Файл clamd.conf:

LogFile /var/log/clamav/clamd.log
LogSyslog yes
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /var/tmp
DatabaseDirectory /var/lib/clamav
LocalSocket /var/run/clamav/clamd.socket
FixStaleSocket yes
TCPSocket 3310
TCPAddr 127.0.0.1
ExcludePath ^/proc/
ExcludePath ^/sys/
User clamav
AllowSupplementaryGroups yes

Файл clamav-milter.conf:

MilterSocket /var/run/clamav/clamav-milter.socket
User clamav
AllowSupplementaryGroups yes
PidFile /var/run/clamav/clamav-milter.pid
TemporaryDirectory /var/tmp
ClamdSocket unix:/var/run/clamav/clamd.socket
LogFile /var/log/clamav/clamav-milter.log
LogSyslog yes

Настройка squidclamav

Файл squidclamav.conf:

maxsize 5000000
redirect http://127.0.0.1/cgi-bin/clwarn.cgi
clamd_ip 127.0.0.1
clamd_port 3310
timeout 1
logredir 0
dnslookup 1
safebrowsing 0

Насртройка squid для clamav

Файл squid.conf:

#
# ClamAV
#
# acl icap_whitelist_domain "/etc/squid/icap_whitelist.txt"

icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_encode off
icap_client_username_header X-Authenticated-User
icap_preview_enable on
icap_preview_size 1024

icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
# adaptation_access service_req deny icap_whitelist
adaptation_access service_req allow all

icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
# adaptation_access service_req deny icap_whitelist
adaptation_access service_resp allow all