Table of Contents

Антивирусная защита web трафика SQUID

Использование HAVP - HTTP Antivirus Proxy

Debian/Ubuntu

root@gate:~# apt install havp

root@gate:~# cat /etc/havp/havp.config
...
#ubuntu 16
GROUP clamav
...
# Only for courses
SERVERNUMBER 2
...
BIND_ADDRESS 127.0.0.1
...
# ENABLECLAMLIB true
...
ENABLECLAMD true
...
CLAMDSOCKET /var/run/clamav/clamd.ctl
...
root@gate:~# usermod clamav -G havp

root@gate:~# service clamav-daemon restart

root@gate:~# service havp restart

Squid

gate# cat /etc/squid/squid.conf
...
cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default
cache_peer_access 127.0.0.1 allow all
acl Scan_HTTP proto HTTP
never_direct allow Scan_HTTP
...
root@gate:~# service squid restart

Использование squidclamav

Установка пакета squidclamav

FreeBSD

[gate:~] # pkg_add -r curl gmake

[gate:~] # cd /usr/ports/security/squidclamav

[gate:ports/security/squidclamav] # make install clean

[gate:~] # less /usr/local/etc/squidclamav.conf.dist

[gate:~] # touch /var/log/squidclamav.log

[gate:~] # chown squid /var/log/squidclamav.log

Ubuntu

root@gate:~# apt-get install build-essential autoconf automake checkinstall

root@gate:~# apt-get install libcurl4-openssl-dev

root@gate:~# wget http://val.bmstu.ru/unix/src/squidclamav-5.3.tar.gz

root@gate:~# tar -xvf squidclamav-5.3.tar.gz

root@gate:~# cd squidclamav-5.3

root@gate:~/squidclamav-5.3# ./configure --prefix=/usr/local/

root@gate:~/squidclamav-5.3# make && make install

root@gate:~/squidclamav-5.3# mkdir /usr/local/etc

root@gate:~/squidclamav-5.3# less etc/squidclamav.conf

root@gate:~# touch /var/log/squidclamav.log

root@gate:~# chown proxy:proxy /var/log/squidclamav.log

Настройка пакета squidclamav

FreeBSD/Ubuntu

gate# cat /usr/local/etc/squidclamav.conf
squid_ip 127.0.0.1
squid_port 3128
logfile /var/log/squidclamav.log
redirect http://server.corpX.un/cgi-bin/test-cgi
#freebsd
#clamd_local /var/run/clamav/clamd.sock
#linux
#clamd_local /var/run/clamav/clamd.ctl

Тестирование

FreeBSD/Ubuntu

gate# cat squid.conf
...
http_access allow localhost
...
gate# /usr/local/bin/squidclamav -c /usr/local/etc/squidclamav.conf

SquidClamav running as UID 0: writing logs to stderr
Thu Dec  4 16:06:14 2008 LOG Reading configuration from /usr/local/etc/squidclamav.conf
Thu Dec  4 16:06:14 2008 LOG SquidClamav (PID 14302) started
http://val.bmstu.ru/unix/virus.zip 195.19.32.125 squid GET
Thu Dec  4 16:07:03 2008 LOG Redirecting URL to: http://gate.corpX.un/cgi-bin/test-cgi?url=http://val.bmstu.ru/virus.zip&source=195.19.32.14&user=squid&virus=stream:+Worm.Sober.U-3+FOUND
http://gate.corpX.un/cgi-bin/printenv?url=http://val.bmstu.ru/virus.zip&source=195.19.32.14&user=mylog&virus=stream:+Worm.Sober.U-3+FOUND 195.19.32.14 squid GET

Настройка squid на использование squidclamav

FreeBSD/Ubuntu

gate# cat squid.conf
...
redirector_access deny localhost
http_access allow localhost
acl our_networks src 192.168.X.0/24
...
url_rewrite_program /usr/local/bin/squidclamav -c /usr/local/etc/squidclamav.conf
...