squid-3.1 clamav squidclamav
Mit der 3 er Versin von Squid ist das Virenscannen noch einfacher geworden.
Die squid.conf default reicht aus. Einfach die roten icap Befehle einfügen.tux ~ # emerge squid clamav squidclamav -pv wrote:
These are the packages that would be merged, in order:
Calculating dependencies... done!
[ebuild R ] net-proxy/squidclamav-6.8 0 kB
[ebuild R ] net-proxy/squid-3.1.22 USE="epoll icap-client logrotate pam snmp sqlite ssl -caps -ecap (-ipf-transparent) -ipv6 -kerberos (-kqueue) -ldap -mysql -nis (-pf-transparent) -postgres -radius -samba -sasl (-selinux) {-test} -tproxy -zero-penalty-hit" 0 kB
[ebuild R ~] app-antivirus/clamav-0.97.6-r2 USE="bzip2 iconv milter -clamdtop -ipv6 (-selinux) -static-libs (-uclibc)" 0 kB
[quote="tux# cat /etc/squid/squid.conf | grep "^[^#]"]
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
coredump_dir /var/cache/squid
url_rewrite_children 15
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
shutdown_lifetime 3 seconds
icon_directory /usr/share/squid/icons
error_default_language de
error_log_languages on
err_page_stylesheet /etc/squid/errorpage.css
icap_enable on
icap_preview_enable on
icap_preview_size 1024
icap_send_client_ip on
icap_send_client_username on
icap_client_username_header X-Authenticated-User
icap_client_username_encode off
icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_req allow all
icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_resp allow all
[/quote]
[quote="tux# cat /etc/clamd.conf | grep "^[^#]"]
LogFile /var/log/clamav/clamd.log
LogTime yes
ExtendedDetectionInfo yes
TemporaryDirectory /var/tmp
DatabaseDirectory /var/lib/clamav
LocalSocket /var/run/clamav/clamd.sock
LocalSocketGroup squid
TCPSocket 3310
TCPAddr 127.0.0.1
ExcludePath ^/proc/
ExcludePath ^/sys/
ExcludePath ^/dev/
User clamav
AllowSupplementaryGroups yes
AlgorithmicDetection yes
ScanOLE2 yes
ScanPDF yes
ScanMail yes
PhishingSignatures yes
PhishingScanURLs yes
ScanArchive yes
[/quote]
[quote="tux# cat /etc/squidclamav.conf | grep "^[^#]"]
maxsize 5000000
redirect http://proxy.domain.dom/cgi-bin/clwarn.cgi
clamd_local /var/run/clamav/clamd.sock
timeout 1
logredir 0
dnslookup 1
abort ^.*\.(ico|gif|png|jpg)$
abortcontent ^image\/.*$
abort ^.*\.(css|xml|xsl|js|html|jsp)$
abortcontent ^text\/.*$
abortcontent ^application\/x-javascript$
abortcontent ^video\/x-flv$
abortcontent ^video\/mp4$
abortcontent ^.*application\/x-mms-framed.*$
[/quote]
Die rote Zeile am Dateiende einfügen.
[quote="tux# cat /etc/c-icap/c-icap.conf | grep "^[^#]"]
PidFile /var/run/c-icap/c-icap.pid
CommandsSocket /var/run/c-icap/c-icap.ctl
Timeout 300
MaxKeepAliveRequests 100
KeepAliveTimeout 600
StartServers 3
MaxServers 10
MinSpareThreads 10
MaxSpareThreads 20
ThreadsPerChild 10
MaxRequestsPerChild 0
Port 1344
ServerAdmin you@your.address
ServerName YourServerName
TmpDir /var/tmp
MaxMemObject 131072
DebugLevel 1
ModulesDir /usr/lib64/c_icap
ServicesDir /usr/lib64/c_icap
TemplateDir /usr/share/c_icap/templates/
TemplateDefaultLanguage en
LoadMagicFile /etc/c-icap/c-icap.magic
RemoteProxyUsers off
RemoteProxyUserHeader X-Authenticated-User
RemoteProxyUserHeaderEncoded on
ServerLog /var/log/c-icap/server.log
AccessLog /var/log/c-icap/access.log
Service echo srv_echo.so
Service squidclamav squidclamav.so
[/quote]
[quote="tux # cat /etc/conf.d/clamd | grep "^[^#]"]
START_CLAMD=yes
START_FRESHCLAM=yes
MILTER_NICELEVEL=19
START_MILTER=yes
[/quote]
Mit rc-update die Dienste in default einfügen. Starten und den
Proxy im Browser auf localhost: 3128 einstellen. Den Browsercache leeren
und auf 0 MB Speicherplatz reduzieren. Das macht ja jetzt squid.
Auf die Seite http://www.eicar.org/85-0-Download.html gehen und versuchen,
den HTTP Eicar-Test-Virus anzuklicken. jetzt erscheint eine Fehlerseite, es funktioniert.
Have Fun
Ma
