Squid+ClamAV

From wiki.habital.lv
Revision as of 17:21, 27 May 2015 by Eugene (talk | contribs)
Jump to navigation Jump to search

Описание настройки прокси-сервера Squid с использованием ClamAV-антивируса.

Для совместной работы Squid и ClamAV требуется следующее программное обеспечение:

  • libecap
  • squid
  • clamav
  • c-icap
  • c-icap-modules
  • squidclamav

Настройка c-icap

Файл "c-icap.conf": 

PidFile /var/run/c-icap/c-icap.pid
CommandsSocket /var/run/c-icap/c-icap.ctl
Timeout 300
MaxKeepAliveRequests 100
KeepAliveTimeout 600  
StartServers 3
MaxServers 10
MinSpareThreads     10
MaxSpareThreads     20
ThreadsPerChild     10
MaxRequestsPerChild  0
Port 1344 
User squid
Group squid
ServerAdmin admin@your.domain
ServerName proxy.your.domain
TmpDir /var/tmp
MaxMemObject 131072
DebugLevel 0
Pipelining on
SupportBuggyClients off
ModulesDir /usr/lib64/c_icap
ServicesDir /usr/lib64/c_icap
TemplateDir /usr/share/c_icap/templates/
TemplateDefaultLanguage en
LoadMagicFile /etc/c-icap/c-icap.magic
RemoteProxyUsers off
RemoteProxyUserHeader X-Authenticated-User
RemoteProxyUserHeaderEncoded on
LogFormat myFormat "%tl, %a %im %iu %is %I %O %Ib %Ob %{10}bph" 
ServerLog /var/log/c-icap/server.log
AccessLog /var/log/c-icap/access.log
Service squidclamav squidclamav.so
Service echo srv_echo.so

Настройка clamav

Файл clamd.conf: 

LogFile /var/log/clamav/clamd.log
LogSyslog yes
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /var/tmp
DatabaseDirectory /var/lib/clamav
LocalSocket /var/run/clamav/clamd.socket
FixStaleSocket yes
TCPSocket 3310
TCPAddr 127.0.0.1
ExcludePath ^/proc/
ExcludePath ^/sys/
User clamav
AllowSupplementaryGroups yes

Файл clamav-milter.conf: 

MilterSocket /var/run/clamav/clamav-milter.socket
User clamav
AllowSupplementaryGroups yes
PidFile /var/run/clamav/clamav-milter.pid
TemporaryDirectory /var/tmp
ClamdSocket unix:/var/run/clamav/clamd.socket
LogFile /var/log/clamav/clamav-milter.log
LogSyslog yes
Retrieved from "https://wiki.habital.lv/index.php?title=Squid%2BClamAV&oldid=33"