Posted on by nicolas

Howto: Install Squidclamav

Having already the Sourceforge as repository source on your system. You directly run

this command :

yum -y install clamd

once installed, you can start it running this command:

/etc/rc.d/init.d/clamd start

Add this service on for each runlevel:

chkconfig clamd on

We would need to download/install the c-icap, run this command:

wget http://ftp.jaist.ac.jp/pub/sourceforge/c/project/c-/c-icap/c-icap/0.1.x/c_icap-0.1.7.tar.gz
tar zxvf c_icap-0.1.7.tar.gz
cd c_icap-0.1.7.tar.gz
make
make install

Copy the conf file from usr/local/etc/ run this command:

cp /usr/local/etc/c-icap.conf /etc
vi /etc/c-icap.conf

Change the email address and Server Name

ServerAdmin root@server.world
ServerName proxy.domain.com

Add this line:

Service squidclamav squidclamav.so

This line might have to be changed and review in order to be able to load this librairy.

I had to set this line as below (correct path):

Service squidclamav /usr/local/c-icap/lib/c_icap/squidclamav.so

Now, we will create the init script: here

Run this command to reset the rights:

chmod 755 /etc/rc.d/init.d/c-icap
SquidClamav:
Look to this url and download the latest version (v6.5):
wget http://kent.dl.sourceforge.net/project/squidclamav/squidclamav/6.5/squidclamav-6.5.tar.gz
tar -xvf squidclamav-6.5.tar.gz
cd squidclamav-6.5.tar.gz
./configure
make
make install

Edit the configuration file:

vi /etc/squidclamav.conf

Change the redirect url with the potential html page (need to be placed and created)

redirect http://www.server.world/error.html

Change this line to match the path:

clamd_local /var/run/clamav/clamd.sock

So, you can start c-icap running this command:

/etc/rc.d/init.d/c-icap start

To check if the c-icap is running you can netstat command as follow:

netstat -anp | grep 1344

Add i-cap to run as deamon for each runlevel:

chkconfig --add c-icap
chkconfig c-icap on

 

Now, this is the time to say to squid that ICAP is present:

edit the squid.conf file from /etc/squid/squid.conf

vi /etc/squid/squid.conf

add these lines as below:

icap_enable on
 icap_send_client_ip on
 icap_send_client_username on
 icap_client_username_header X-Authenticated-User
 icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
 adaptation_access service_req allow all
 icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
 adaptation_access service_resp allow all

You can now restart the squid : service squid restart or /etc/init.d/squid restart
Try to download eicar from this url passing through your squid. Eicar would be blocked and your browser ‘s page would redirected.

clamd_local /var/run/clamav/clamd.sock

Leave a Reply