====== Антивирусная защита web трафика SQUID ======

  * [[Сервис Clamav]]

===== Использование HAVP - HTTP Antivirus Proxy =====

  * [[http://interface31.ru/tech_it/2010/06/ubuntu-server-nastraivaem-antivirusnyj-fil-tr-routera-clamav.html|Ubuntu Server. Настраиваем антивирусный фильтр роутера (ClamAV)]]

==== Debian/Ubuntu ====

<code>
root@gate:~# apt install havp

root@gate:~# cat /etc/havp/havp.config
</code><code>
...
#ubuntu 16
GROUP clamav
...
# Only for courses
SERVERNUMBER 2
...
BIND_ADDRESS 127.0.0.1
...
# ENABLECLAMLIB true
...
ENABLECLAMD true
...
CLAMDSOCKET /var/run/clamav/clamd.ctl
...
</code><code>
root@gate:~# usermod clamav -G havp

root@gate:~# service clamav-daemon restart

root@gate:~# service havp restart
</code>




==== Squid ====
<code>
gate# cat /etc/squid/squid.conf
</code><code>
...
cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default
cache_peer_access 127.0.0.1 allow all
acl Scan_HTTP proto HTTP
never_direct allow Scan_HTTP
...
</code><code>
root@gate:~# service squid restart
</code>

===== Использование squidclamav =====

  * [[Сервис HTTP#Установка и запуск сервера Apache]]
  * [[Сервис HTTP#CGI интерфейс сервера]] Apache

==== Установка пакета squidclamav ====

=== FreeBSD ===
<code>
[gate:~] # pkg_add -r curl gmake

[gate:~] # cd /usr/ports/security/squidclamav

[gate:ports/security/squidclamav] # make install clean

[gate:~] # less /usr/local/etc/squidclamav.conf.dist

[gate:~] # touch /var/log/squidclamav.log

[gate:~] # chown squid /var/log/squidclamav.log
</code>

=== Ubuntu ===

<code>
root@gate:~# apt-get install build-essential autoconf automake checkinstall

root@gate:~# apt-get install libcurl4-openssl-dev

root@gate:~# wget http://val.bmstu.ru/unix/src/squidclamav-5.3.tar.gz

root@gate:~# tar -xvf squidclamav-5.3.tar.gz

root@gate:~# cd squidclamav-5.3

root@gate:~/squidclamav-5.3# ./configure --prefix=/usr/local/

root@gate:~/squidclamav-5.3# make && make install

root@gate:~/squidclamav-5.3# mkdir /usr/local/etc

root@gate:~/squidclamav-5.3# less etc/squidclamav.conf

root@gate:~# touch /var/log/squidclamav.log

root@gate:~# chown proxy:proxy /var/log/squidclamav.log
</code>

==== Настройка пакета squidclamav ====

=== FreeBSD/Ubuntu ===
<code>
gate# cat /usr/local/etc/squidclamav.conf
</code><code>
squid_ip 127.0.0.1
squid_port 3128
logfile /var/log/squidclamav.log
redirect http://server.corpX.un/cgi-bin/test-cgi
#freebsd
#clamd_local /var/run/clamav/clamd.sock
#linux
#clamd_local /var/run/clamav/clamd.ctl
</code>


==== Тестирование =====

=== FreeBSD/Ubuntu ===
<code>
gate# cat squid.conf
</code><code>
...
http_access allow localhost
...
</code><code>
gate# /usr/local/bin/squidclamav -c /usr/local/etc/squidclamav.conf

SquidClamav running as UID 0: writing logs to stderr
Thu Dec  4 16:06:14 2008 LOG Reading configuration from /usr/local/etc/squidclamav.conf
Thu Dec  4 16:06:14 2008 LOG SquidClamav (PID 14302) started
</code><code>
http://val.bmstu.ru/unix/virus.zip 195.19.32.125 squid GET
</code><code>
Thu Dec  4 16:07:03 2008 LOG Redirecting URL to: http://gate.corpX.un/cgi-bin/test-cgi?url=http://val.bmstu.ru/virus.zip&source=195.19.32.14&user=squid&virus=stream:+Worm.Sober.U-3+FOUND
http://gate.corpX.un/cgi-bin/printenv?url=http://val.bmstu.ru/virus.zip&source=195.19.32.14&user=mylog&virus=stream:+Worm.Sober.U-3+FOUND 195.19.32.14 squid GET
</code>

==== Настройка squid на использование squidclamav ====

=== FreeBSD/Ubuntu ===
<code>
gate# cat squid.conf
</code><code>
...
redirector_access deny localhost
http_access allow localhost
acl our_networks src 192.168.X.0/24
...
url_rewrite_program /usr/local/bin/squidclamav -c /usr/local/etc/squidclamav.conf
...
</code>