Having already the Sourceforge as repository source on your system. You directly run
this command :
yum -y install clamd
once installed, you can start it running this command:
/etc/rc.d/init.d/clamd start
Add this service on for each runlevel:
chkconfig clamd on
We would need to download/install the c-icap, run this command:
wget http://ftp.jaist.ac.jp/pub/sourceforge/c/project/c-/c-icap/c-icap/0.1.x/c_icap-0.1.7.tar.gz tar zxvf c_icap-0.1.7.tar.gz cd c_icap-0.1.7.tar.gz make make install
Copy the conf file from usr/local/etc/ run this command:
cp /usr/local/etc/c-icap.conf /etc
vi /etc/c-icap.conf
Change the email address and Server Name
ServerAdmin root@server.world ServerName proxy.domain.com
Add this line:
Service squidclamav squidclamav.so
This line might have to be changed and review in order to be able to load this librairy.
I had to set this line as below (correct path):
Service squidclamav /usr/local/c-icap/lib/c_icap/squidclamav.so
Now, we will create the init script: here
Run this command to reset the rights:
chmod 755 /etc/rc.d/init.d/c-icap
wget http://kent.dl.sourceforge.net/project/squidclamav/squidclamav/6.5/squidclamav-6.5.tar.gz
tar -xvf squidclamav-6.5.tar.gz
cd squidclamav-6.5.tar.gz
./configure
make
make install
Edit the configuration file:
vi /etc/squidclamav.conf
Change the redirect url with the potential html page (need to be placed and created)
redirect http://www.server.world/error.html
Change this line to match the path:
clamd_local /var/run/clamav/clamd.sock
So, you can start c-icap running this command:
/etc/rc.d/init.d/c-icap start
To check if the c-icap is running you can netstat command as follow:
netstat -anp | grep 1344
Add i-cap to run as deamon for each runlevel:
chkconfig --add c-icap chkconfig c-icap on
Now, this is the time to say to squid that ICAP is present:
edit the squid.conf file from /etc/squid/squid.conf
vi /etc/squid/squid.conf
add these lines as below:
icap_enable on icap_send_client_ip on icap_send_client_username on icap_client_username_header X-Authenticated-User icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access service_req allow all icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access service_resp allow all
You can now restart the squid : service squid restart or /etc/init.d/squid restart
Try to download eicar from this url passing through your squid. Eicar would be blocked and your browser ‘s page would redirected.
clamd_local /var/run/clamav/clamd.sock