Run with Clamav - Squidclamav2015/01/15

	Configure Proxy server in order to scan download files to protect from virus. Install Clamav first.
[1]	Install Clamd.

[root@lan ~]#

yum --enablerepo=epel -y install clamd

# install from EPEL

[root@lan ~]#

/etc/rc.d/init.d/clamd start

Starting Clam AntiVirus Daemon: Bytecode: Security mode set to "TrustSigned".
[ OK ]
[root@lan ~]#

chkconfig clamd on

[2]	Install Squidclamav. Download squidclamav 5.x from the link below. 6.x needs Squid 3.x, but Squid on CentOS 5 is Squid 2.x, so use Squidclamav 5.x. http://sourceforge.net/projects/squidclamav/files/squidclamav/

[root@lan ~]#

yum -y install gcc make curl-devel

[root@lan ~]#

wget http://ftp.jaist.ac.jp/pub/sourceforge/s/project/sq/squidclamav/squidclamav/5.11/squidclamav-5.11.tar.gz

[root@lan ~]#

tar zxvf squidclamav-5.11.tar.gz

[root@lan ~]#

cd squidclamav-5.11

[root@lan squidclamav-5.11]#

./configure

[root@lan squidclamav-5.11]#

make

[root@lan squidclamav-5.11]#

make install

[root@lan squidclamav-5.11]#

[root@lan ~]#

vi /usr/local/etc/squidclamav.conf

squid_ip 127.0.0.1

# change ( Squid port )

squid_port

8080

logfile /var/log/squid/squidclamav.log
maxsize 5000000

# change ( reditected URL )

redirect

http://www.srv.world/error.html

#squidguard /usr/local/squidGuard/bin/squidGuard
debug 0
stat 0
maxredir 30

# change ( same with clamd's one )

clamd_local

/var/run/clamav/clamd.sock

# uncomment and change

clamd_ip

127.0.0.1

# uncomment

clamd_port 3310
timeout 60
useragent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
trust_cache 1
logredir 0

[3]	Configure Squid.

[root@lan ~]#

vi /etc/squid/squid.conf

# add follows to the end

url_rewrite_access deny localhost
redirect_program /usr/local/bin/squidclamav
redirect_children 15

[root@lan ~]#

touch /var/log/squid/squidclamav.log

[root@lan ~]#

chown squid. /var/log/squid/squidclamav.log

[root@lan ~]#

vi /etc/logrotate.d/squid

# add follows to the end

/var/log/squid/squidclamav.log {
   weekly
   rotate 5
   copytruncate
   compress
   notifempty
   missingok
}

[root@lan ~]#

/etc/rc.d/init.d/squid restart

Stopping squid: ................[ OK ]
Starting squid: .[ OK ]

[4]	It's OK all. Next, try to access to the site below from a ClientPC with Web browser, http://eicar.org/85-0-Download.html then, click the test Virus "eicar.com" to make sure to redirect the site you configured.

Matched Content