| Set Up Gateway Level Virus Security With ClamAV And SafeSquid Proxy | ||
| 摘自: www.howtoforge.com 被阅读次数: 211 | ||
由 yangyi 于 2008-05-21 19:16:49 提供 | ||
In an earlier HowTo 'Deploying A Content Filtering Proxy Server To Distribute Controlled Internet Access With SafeSquid', I had explained the procedure for installing Content Filtering Proxy - SafeSquid. In this HowTo, I will explain how you can secure your network from virus and other malware, by installing ClamAV and integrating it with SafeSquid, to scan all in-coming content for virus, and block all infected content at the HTTP Gateway, even before it enters your network.
Virus Security In SafeSquidSafeSquid has built-in connectivity to various daemon based anti virus software like ClamAV, Sophos, Avast, F-Prot, NOD32 and Kaspersky. It also has a universal ICAP (Internet Content Adaptation Protocol) client that can be used to connect to ICAP based security software like Dr.Web ICAP, Kaspersky Antivirus for Proxy Server, Trend Micro InterScan Web Security and Symantec Scan Engine. You can even use multiple anti virus software with SafeSquid to simultaneously scan in-coming content. This does not cause any significant latency, since SafeSquid has a multi-threaded architecture.
Installing ClamAV And Integrating With SafeSquidChange directory to /usr/local/src: cd /usr/local/src Download ClamAV: wget -nd http://freshmeat.net/redir/clamav/29355/url_tgz/clamav-0.91.tar.gz Decompress the tar file using command: tar -xvzf clamav-0.91.tar.gz Add user 'clamav': useradd clamav Change to 'clamav-0.91' directory: cd clamav-0.91/ Install clamav: ./configure && make && make install After the installation is complete, copy "contrib/init/RedHat/clamd" file to "/etc/init.d/": cp contrib/init/RedHat/clamd /etc/init.d/clamd Configure clamav to auto-run on startup: chkconfig --add clamd Edit clamd.conf and comment the line 'EXAMPLE': vi /usr/local/etc/clamd.conf EXAMPLE => # EXAMPLE Edit freshclamav.conf and comment the line 'EXAMPLE': vi /usr/local/etc/freshclamd.conf EXAMPLE => # EXAMPLE Run freshclam to update database: freshclam -v The output should be similar to - Current working dir is /usr/local/share/clamav Add a cron job for daily auto update: vi /etc/crontab Add the following lines to run freshclam daily at 10 hours: 00 10 * * * root /usr/local/bin/freshclam Start Clamav daemon: /etc/init.d/clamd start Check status: /etc/init.d/clamd status The output should be similar to - clamd (pid 1525) is running... So now your ClamAV daemon is up and running. The next step is to configure SafeSquid to use ClamAV daemon. Check the socket path of ClamAV: netstat -lnp | grep clamd Check for this output - 'unix 2 [ ACC ] STREAM LISTENING 29235 5643/clamd /tmp/clamd.socket' So the socket path is /tmp/clamd.socket. Open the SafeSquid Web Interface, click on 'Config' in the main menu, select 'Client for ClamAV Antivirus' and click on 'Submit' to open ClamAV section. It should have the following setting. If not, then edit accordingly: 'clamav section' Enabled = Yes ClamAV hostname or socket path = /tmp/clamd.socket 'clamav sub-section' Enabled = Yes Profiles = antivirus (this profile is defined in 'Profiles' section, which is generated by another profile 'application-filter', which defines the type of files to be scanned)
ClamAV Section In SafeSquid Web Interface To test your installation, visit http://eicar.org/anti_virus_test_file.htm and scroll down to "Download area using the standard protocol http". Click on the files listed under this section. You should get a message - ClamAV detected: Eicar-Test-Signature
EICAR Antivirus Test Page Congratulations! Original link: http://www.howtoforge.com/gatewa... |
