====== Антивирусная защита web трафика SQUID ====== * [[Сервис Clamav]] ===== Использование HAVP - HTTP Antivirus Proxy ===== * [[http://interface31.ru/tech_it/2010/06/ubuntu-server-nastraivaem-antivirusnyj-fil-tr-routera-clamav.html|Ubuntu Server. Настраиваем антивирусный фильтр роутера (ClamAV)]] ==== Debian/Ubuntu ==== root@gate:~# apt install havp root@gate:~# cat /etc/havp/havp.config ... #ubuntu 16 GROUP clamav ... # Only for courses SERVERNUMBER 2 ... BIND_ADDRESS 127.0.0.1 ... # ENABLECLAMLIB true ... ENABLECLAMD true ... CLAMDSOCKET /var/run/clamav/clamd.ctl ... root@gate:~# usermod clamav -G havp root@gate:~# service clamav-daemon restart root@gate:~# service havp restart ==== Squid ==== gate# cat /etc/squid/squid.conf ... cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default cache_peer_access 127.0.0.1 allow all acl Scan_HTTP proto HTTP never_direct allow Scan_HTTP ... root@gate:~# service squid restart ===== Использование squidclamav ===== * [[Сервис HTTP#Установка и запуск сервера Apache]] * [[Сервис HTTP#CGI интерфейс сервера]] Apache ==== Установка пакета squidclamav ==== === FreeBSD === [gate:~] # pkg_add -r curl gmake [gate:~] # cd /usr/ports/security/squidclamav [gate:ports/security/squidclamav] # make install clean [gate:~] # less /usr/local/etc/squidclamav.conf.dist [gate:~] # touch /var/log/squidclamav.log [gate:~] # chown squid /var/log/squidclamav.log === Ubuntu === root@gate:~# apt-get install build-essential autoconf automake checkinstall root@gate:~# apt-get install libcurl4-openssl-dev root@gate:~# wget http://val.bmstu.ru/unix/src/squidclamav-5.3.tar.gz root@gate:~# tar -xvf squidclamav-5.3.tar.gz root@gate:~# cd squidclamav-5.3 root@gate:~/squidclamav-5.3# ./configure --prefix=/usr/local/ root@gate:~/squidclamav-5.3# make && make install root@gate:~/squidclamav-5.3# mkdir /usr/local/etc root@gate:~/squidclamav-5.3# less etc/squidclamav.conf root@gate:~# touch /var/log/squidclamav.log root@gate:~# chown proxy:proxy /var/log/squidclamav.log ==== Настройка пакета squidclamav ==== === FreeBSD/Ubuntu === gate# cat /usr/local/etc/squidclamav.conf squid_ip 127.0.0.1 squid_port 3128 logfile /var/log/squidclamav.log redirect http://server.corpX.un/cgi-bin/test-cgi #freebsd #clamd_local /var/run/clamav/clamd.sock #linux #clamd_local /var/run/clamav/clamd.ctl ==== Тестирование ===== === FreeBSD/Ubuntu === gate# cat squid.conf ... http_access allow localhost ... gate# /usr/local/bin/squidclamav -c /usr/local/etc/squidclamav.conf SquidClamav running as UID 0: writing logs to stderr Thu Dec 4 16:06:14 2008 LOG Reading configuration from /usr/local/etc/squidclamav.conf Thu Dec 4 16:06:14 2008 LOG SquidClamav (PID 14302) started http://val.bmstu.ru/unix/virus.zip 195.19.32.125 squid GET Thu Dec 4 16:07:03 2008 LOG Redirecting URL to: http://gate.corpX.un/cgi-bin/test-cgi?url=http://val.bmstu.ru/virus.zip&source=195.19.32.14&user=squid&virus=stream:+Worm.Sober.U-3+FOUND http://gate.corpX.un/cgi-bin/printenv?url=http://val.bmstu.ru/virus.zip&source=195.19.32.14&user=mylog&virus=stream:+Worm.Sober.U-3+FOUND 195.19.32.14 squid GET ==== Настройка squid на использование squidclamav ==== === FreeBSD/Ubuntu === gate# cat squid.conf ... redirector_access deny localhost http_access allow localhost acl our_networks src 192.168.X.0/24 ... url_rewrite_program /usr/local/bin/squidclamav -c /usr/local/etc/squidclamav.conf ...