Антивирусная защита web трафика SQUID
Использование HAVP - HTTP Antivirus Proxy
Debian/Ubuntu
root@gate:~# apt install havp
root@gate:~# cat /etc/havp/havp.config
...
#ubuntu 16
GROUP clamav
...
# Only for courses
SERVERNUMBER 2
...
BIND_ADDRESS 127.0.0.1
...
# ENABLECLAMLIB true
...
ENABLECLAMD true
...
CLAMDSOCKET /var/run/clamav/clamd.ctl
...
root@gate:~# usermod clamav -G havp
root@gate:~# service clamav-daemon restart
root@gate:~# service havp restart
Squid
gate# cat /etc/squid/squid.conf
...
cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default
cache_peer_access 127.0.0.1 allow all
acl Scan_HTTP proto HTTP
never_direct allow Scan_HTTP
...
root@gate:~# service squid restart
Использование squidclamav
Установка пакета squidclamav
FreeBSD
[gate:~] # pkg_add -r curl gmake
[gate:~] # cd /usr/ports/security/squidclamav
[gate:ports/security/squidclamav] # make install clean
[gate:~] # less /usr/local/etc/squidclamav.conf.dist
[gate:~] # touch /var/log/squidclamav.log
[gate:~] # chown squid /var/log/squidclamav.log
Ubuntu
root@gate:~# apt-get install build-essential autoconf automake checkinstall
root@gate:~# apt-get install libcurl4-openssl-dev
root@gate:~# wget http://val.bmstu.ru/unix/src/squidclamav-5.3.tar.gz
root@gate:~# tar -xvf squidclamav-5.3.tar.gz
root@gate:~# cd squidclamav-5.3
root@gate:~/squidclamav-5.3# ./configure --prefix=/usr/local/
root@gate:~/squidclamav-5.3# make && make install
root@gate:~/squidclamav-5.3# mkdir /usr/local/etc
root@gate:~/squidclamav-5.3# less etc/squidclamav.conf
root@gate:~# touch /var/log/squidclamav.log
root@gate:~# chown proxy:proxy /var/log/squidclamav.log
Настройка пакета squidclamav
FreeBSD/Ubuntu
gate# cat /usr/local/etc/squidclamav.conf
squid_ip 127.0.0.1
squid_port 3128
logfile /var/log/squidclamav.log
redirect http://server.corpX.un/cgi-bin/test-cgi
#freebsd
#clamd_local /var/run/clamav/clamd.sock
#linux
#clamd_local /var/run/clamav/clamd.ctl
Тестирование
FreeBSD/Ubuntu
gate# cat squid.conf
...
http_access allow localhost
...
gate# /usr/local/bin/squidclamav -c /usr/local/etc/squidclamav.conf
SquidClamav running as UID 0: writing logs to stderr
Thu Dec 4 16:06:14 2008 LOG Reading configuration from /usr/local/etc/squidclamav.conf
Thu Dec 4 16:06:14 2008 LOG SquidClamav (PID 14302) started
http://val.bmstu.ru/unix/virus.zip 195.19.32.125 squid GET
Thu Dec 4 16:07:03 2008 LOG Redirecting URL to: http://gate.corpX.un/cgi-bin/test-cgi?url=http://val.bmstu.ru/virus.zip&source=195.19.32.14&user=squid&virus=stream:+Worm.Sober.U-3+FOUND
http://gate.corpX.un/cgi-bin/printenv?url=http://val.bmstu.ru/virus.zip&source=195.19.32.14&user=mylog&virus=stream:+Worm.Sober.U-3+FOUND 195.19.32.14 squid GET
Настройка squid на использование squidclamav
FreeBSD/Ubuntu
gate# cat squid.conf
...
redirector_access deny localhost
http_access allow localhost
acl our_networks src 192.168.X.0/24
...
url_rewrite_program /usr/local/bin/squidclamav -c /usr/local/etc/squidclamav.conf
...