CentOS 7
Ads

Squid + SquidClamav
2015/06/03
 
Install SquidClamav and Configure Proxy Server to scan downloaded files to protect from virus.
[1]
[2] Install Clamav Scanner.
# install from EPEL

[root@prox ~]#
yum --enablerepo=epel -y install clamav-scanner clamav-scanner-systemd
[root@prox ~]#
vi /etc/clamd.d/scan.conf
# line 8: comment out

#
Example
# line 14: uncomment

LogFile /var/log/clamd.scan
# line 66: uncomment

PidFile /var/run/clamd.scan/clamd.pid
# line 70: uncomment

TemporaryDirectory /var/tmp
# line 85: uncomment

LocalSocket /var/run/clamd.scan/clamd.sock
# line 101: uncomment

TCPSocket 3310
[root@prox ~]#
touch /var/log/clamd.scan

[root@prox ~]#
chown clamscan. /var/log/clamd.scan

[root@prox ~]#
systemctl start clamd@scan

[root@prox ~]#
systemctl enable clamd@scan

[3] If SELinux is enabled, configure like follows to start clamd.
[root@prox ~]#
restorecon -v /var/log/clamd.scan
[4] Install c-icap.
[root@prox ~]#
yum -y install gcc make

[root@prox ~]#
curl -L -O http://downloads.sourceforge.net/project/c-icap/c-icap/0.4.x/c_icap-0.4.2.tar.gz
[root@prox ~]#
tar zxvf c_icap-0.4.2.tar.gz

[root@prox ~]#
cd c_icap-0.4.2

[root@prox c_icap-0.4.2]#
./configure

[root@prox c_icap-0.4.2]#
[root@prox c_icap-0.4.2]#
make install

[root@prox c_icap-0.4.2]#
[root@prox ~]#
cp /usr/local/etc/c-icap.conf /etc

[root@prox ~]#
vi /etc/c-icap.conf
# line 161: change admin address

ServerAdmin
root@srv.world
# line 170: change hostname

ServerName
prox.srv.world
# line 568: add

Service squidclamav squidclamav.so
[root@prox ~]#
vi /etc/tmpfiles.d/c-icap.conf
# create new

d /var/run/c-icap 0755 root root -
[root@prox ~]#
vi /usr/lib/systemd/system/c-icap.service
# create new

[Unit]
Description=c-icap service
After=network.target

[Service]
Type=forking
PIDFile=/var/run/c-icap/c-icap.pid
ExecStart=/usr/local/bin/c-icap -f /etc/c-icap.conf
KillMode=process

[Install]
WantedBy=multi-user.target
[5] Install SquidClamav ( Download latest version of it from the following link ).
http://sourceforge.net/projects/squidclamav/files/squidclamav/
[root@prox ~]#
curl -L -O http://downloads.sourceforge.net/project/squidclamav/squidclamav/6.14/squidclamav-6.14.tar.gz

[root@prox ~]#
tar zxvf squidclamav-6.14.tar.gz

[root@prox ~]#
cd squidclamav-6.14

[root@prox squidclamav-6.14]#
./configure --with-c-icap

[root@prox squidclamav-6.14]#
[root@prox squidclamav-6.14]#
make install

[root@prox squidclamav-6.14]#
[root@prox ~]#
ln -s /usr/local/etc/squidclamav.conf /etc/squidclamav.conf

[root@prox ~]#
vi /etc/squidclamav.conf
# line 18: change( destination URL for redirect. Create it first )

redirect
http://www.srv.world/error.html
# line 27: change( same with clamd )

clamd_local
/var/run/clamd.scan/clamd.sock
[6] Configure Squid.
[root@prox ~]#
vi /etc/squid/squid.conf
# add follows to the end

icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_header X-Authenticated-User
icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_req allow all
icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_resp allow all
[root@prox ~]#
systemctl start c-icap

[root@prox ~]#
systemctl enable c-icap

[root@prox ~]#
systemctl restart squid

[7] It's OK all.
Next, try to access to the site below from a ClientPC with Web browser,
http://eicar.org/85-0-Download.html
then, click the test Virus "eicar.com" to make sure to redirect the site you configured.
 
Tweet