Squid + SquidClamav

Squid + SquidClamav 2015/06/03

	Install SquidClamav and Configure Proxy Server to scan downloaded files to protect from virus.
[1]	Install Clamav first, refer to here.
[2]	Install Clamav Server.

# install from EPEL [root@prox ~]#  yum --enablerepo=epel -y install clamav-server clamav-server-systemd [root@prox ~]#  cp /usr/share/doc/clamav-server*/clamd.conf /etc/clamd.d/squid.conf  [root@prox ~]#  vi /etc/clamd.d/squid.conf # line 8: comment out # Example # line 14: uncomment and change LogFile  /var/log/clamd.squid # line 66: uncomment and change PidFile  /var/run/clamd.squid/clamd.pid # line 70: uncomment TemporaryDirectory /var/tmp # line 85: uncomment and change LocalSocket  /var/run/clamd.squid/clamd.sock # line 101: uncomment TCPSocket 3310 # line 195: change User  squidclamav [root@prox ~]#  useradd -M -d /var/tmp -s /sbin/nologin squidclamav  [root@prox ~]#  mkdir /var/run/clamd.squid  [root@prox ~]#  chown squidclamav. /var/run/clamd.squid  [root@prox ~]#  cp /usr/share/doc/clamav-server*/clamd.sysconfig /etc/sysconfig/clamd.squid  [root@prox ~]#  vi /etc/sysconfig/clamd.squid # line 1,2: uncomment and change CLAMD_CONFIGFILE=/etc/clamd.d/ squid.conf CLAMD_SOCKET=/var/run/ clamd.squid /clamd.sock [root@prox ~]#  vi /etc/tmpfiles.d/clamd.squid.conf # create new d /var/run/clamd.squid 0755 squidclamav squidclamav - [root@prox ~]#  vi /usr/lib/systemd/system/clamd@.service # add follows to the end [Install] WantedBy=multi-user.target [root@prox ~]#  touch /var/log/clamd.squid  [root@prox ~]#  chown squidclamav. /var/log/clamd.squid  [root@prox ~]#  chmod 600 /var/log/clamd.squid  [root@prox ~]#  systemctl start clamd@squid  [root@prox ~]#  systemctl enable clamd@squid

[3]	Install c-icap.

[root@prox ~]#  yum -y install gcc make  [root@prox ~]#  curl -L -O http://downloads.sourceforge.net/project/c-icap/c-icap/0.3.x/c_icap-0.3.5.tar.gz [root@prox ~]#  tar zxvf c_icap-0.3.5.tar.gz  [root@prox ~]#  cd c_icap-0.3.5  [root@prox c_icap-0.3.5]#  ./configure  [root@prox c_icap-0.3.5]#  make [root@prox c_icap-0.3.5]#  make install  [root@prox c_icap-0.3.5]#  cd  [root@prox ~]#  cp /usr/local/etc/c-icap.conf /etc  [root@prox ~]#  vi /etc/c-icap.conf # line 140: change admin email ServerAdmin  root@server.world # line 149: change hostname ServerName  prox.server.world # line 517: add Service squidclamav squidclamav.so [root@prox ~]#  vi /etc/tmpfiles.d/c-icap.conf # create new d /var/run/c-icap 0755 root root - [root@prox ~]#  vi /usr/lib/systemd/system/c-icap.service [Unit] Description=c-icap service After=network.target [Service] Type=forking PIDFile=/var/run/c-icap/c-icap.pid ExecStart=/usr/local/bin/c-icap -f /etc/c-icap.conf KillMode=process [Install] WantedBy=multi-user.target

[4]	Install SquidClamav ( Download the latest version of it from the following link ). http://sourceforge.net/projects/squidclamav/files/squidclamav/

[root@prox ~]#  curl -L -O http://downloads.sourceforge.net/project/squidclamav/squidclamav/6.13/squidclamav-6.13.tar.gz  [root@prox ~]#  tar zxvf squidclamav-6.13.tar.gz  [root@prox ~]#  cd squidclamav-6.13  [root@prox squidclamav-6.13]#  ./configure --with-c-icap  [root@prox squidclamav-6.13]#  make [root@prox squidclamav-6.13]#  make install  [root@prox squidclamav-6.13]#  cd  [root@prox ~]#  ln -s /usr/local/etc/squidclamav.conf /etc/squidclamav.conf  [root@prox ~]#  vi /etc/squidclamav.conf # line 18: change( destination URL for redirect. Create it first ) redirect  http://www.server.world/error.html # line 27: change( same with clamd ) clamd_local  /var/run/clamd.squid/clamd.sock

[5]	Configure Squid.

[root@prox ~]#  vi /etc/squid/squid.conf # add follows to the end icap_enable on icap_send_client_ip on icap_send_client_username on icap_client_username_header X-Authenticated-User icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access service_req allow all icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access service_resp allow all [root@prox ~]#  systemctl start c-icap  [root@prox ~]#  systemctl enable c-icap  [root@prox ~]#  systemctl restart squid

[6]	It's OK all.  Next, try to access to the site below from a ClientPC with Web browser,  http://eicar.org/85-0-Download.html then, click the test Virus "eicar.com" to make sure to redirect the site you configured.