Author: jimzhang)
QQ: 872656885
E-mail, msn: zhanghui8059@126.com
Personal blog: zhanghui8059.cublog.cn
Note: The content of this article is owned by the author. You are welcome to repost it. However, when you repost it, you must keep the complete information of the author, because all the articles written by the author come from actual experience and project implementation, every article is written by the author. Thank you!
Thank you for your criticism. If you have any questions, please contact us!
Nowadays, the spread of Network Viruses can cause computer viruses throughout the company, which wastes a lot of financial and material resources and is not conducive to the company's network security, is necessary. There is isa in windows, which can be used with anti-virus software as a gateway for anti-virus. Although the effect is good, it takes a lot of money and requires good hardware devices. If there are many users, stability is not very good. So I am looking for a solution in linux. in Linux, squid and clamav are used for gateway anti-virus, but I have used havp, dansguardian, these two processes are many and occupy resources. They can only work on local machines and cannot be separated.
In view of the above reasons, it is found that all foreign friends are using ICAP. icap is actually a Protocol (Internet Content Adaptation Protocol), which is better than havp and dansguardian through Protocol anti-virus, in addition, proxy servers and antivirus servers can be separated. Domestic friends use the most anti-virus hardware gateways, such as trend, coffee, and other software companies, in fact, the hardware anti-virus gateways or software anti-virus gateways of these software companies all have the shadows of ICAP.
In linux, software is basically open-source and works well. Why not create a gateway to eliminate viruses? The results will certainly not be much worse than those of anti-virus software companies. My friends in China are using this, and the results are very good. So I am impulsive. I am familiar with Linux and want to replace the company with squid + c_icap + clamav. After going online, the results are correct.
Squid 3.0 began to support icap client. icap server is currently open-source, so I only find c_icap and it has better integration with clamav. The following are my installation steps:
1. squid 3.0 supports Icap_client, so squid3.0 is used for compilation and installation.
./Configure -- prefix =/usr/local/squid // specify the installation directory.
-- Enable-linux-tproxy
-- Enable-linux-netfilter // supports transparent proxy
-- Enable-cpu-profiling // supports multiple CPUs
-- Enable-icap-client // supports icap client
-- Enable-kill-parent-hack // do you want to disable suqid together with the parent process?
-- Enable-arp-acl // supports MAC Management
-- Enable-delay-pools // This option enables a latency pool to limit the rated bandwidth for certain requests.
Vi/usr/local/squid/etc/squid. conf
Http_port 8080 transparent
Cache_mem 128 MB
Cache_dir ufs/usr/local/squid/var/cache 100 16 256
Cache_inclutive_user root
Cache_inclutive_group root
Dns_nameservers 222.172.200.68
Cache_access_log/usr/local/squid/var/logs/access. log
Cache_store_log/usr/local/squid/var/logs/store. log
Cache_log/usr/local/squid/var/logs/cache. log
Pid_filename/usr/local/squid/var/logs/squid. pid
Visible_hostname tglm.3322.org
Client_mask 255.255.255.255.255
Cache_mgr postmaster@tglm.3322.org
Error_directory/usr/local/squid/share/errors/Simplify_Chinese
Auth_param basic program/usr/bin/ncsa_auth/usr/local/squid/etc/password
Auth_param basic children 5
Auth_param basic realm My Proxy Caching Domain
Auth_param basic credentialsttl 2 hours
Acl normal proxy_auth REQUIRED
Http_access allow normal
Acl cc arp 00: 91: 50: 04: 06: 38
Acl bb src 222.220.0.0/255.255.0.0
Acl aa src 0.0.0.0/0
Acl tt time MTWHF-
Acl xz urlpath_regex-I. mp3 $. avi $. wma $
Acl ww dstdomain www.baidu.com www.qq.com
Http_access deny xz
Http_access deny! Tt
Http_access deny ww
Http_access allow cc
Http_access allow bb
Command explanation:
Error_directory // set the error document
Http_port 192.168.0.1: 3128 // set the SQUID proxy port (with the IP address added, Squid will not listen to external network interfaces)
Dns_nameservers // public DNS of China Telecom
Cache_mgr // administrator email
Sible_hostname // indicates the Host Name
Client_mask 255.255.255.255.255 // tell Squid how to process the user and process the IP address of each request as a separate address
Httpd_accel_uses_host_header on // sets support for http1.1.
Httpd_accel_host virtual
Httpd_accel_with_proxy on // whether to allow squid to proxy the Local web Service
Http_access allow all // allow all hosts to access the Internet through the Proxy Server
Cache_mem 20 MB // RAM that can be used by the specified Squid
Maximum_object_size 4096 KB // maximum and minimum cached files
Minimum_object_size 0 KB
Maximum_object_size_in_memory 30 KB
Minimum_object_size_in_memory 0 KB
Cache_dir ufs/usr/local/squid/var/cache 100 16 256 // disk cache directory, 256 MB cache space, 16 directories, and subdirectories;
Cache_access_log/var/squid/access. log // client access log
Cache_log/var/squid/cache. log // cache access
Cache_store_log/var/squid/store. log // webpage call status
Cache_swap_low 85 // specify the percentage of null values for space Exchange (when the cache value exceeds or is lower than a certain percentage, data is exchanged with the swap space)
Cache_swap_high 90
Httpd_accel_port 80 // port of the cached Server
Acl mmxfile urlpath_regex-I. mp3 $. avi $. wma $ // (the-I parameter is case-insensitive, for example, mp3 = MP3)
Http_access deny mmxfile
#/Usr/local/squid/sbin/squid-NCd1 // test ctrl + c Exit
# Echo "/usr/local/squid/bin/RunCache &">/etc/rc. d/rc. local
#/Usr/local/squid/sbin/squid-k reconfigure // enable the new configuration file
#/Usr/local/squid/sbin/squid-k rotate // truncation log
#/Usr/local/squid/sbin/squid-k shutdown // stop squid
Icap client for squid Configuration:
Icap_enable on
Icap_preview_enable on
Icap_preview_size 128
Icap_send_client_ip on
Icap_service service_avi_req reqmod_precache 0 icap: // localhost: 1344/srv_clamav
Icap_service service_avi respmod_precache 1 icap: // localhost: 1344/srv_clamav
Icap_class class_antivirus service_avi
Icap_access class_antivirus allow all
Icap_class class_antivirus_req service_avi_req
Icap_access class_antivirus_req allow all
2. install anti-virus software clamav
Http://www.clamav.net
Add users and groups required for clamav:
Groupadd clamav
Useradd-g clamav-s/bin/false-d/dev/null clamav
2. Unzip and install:
Tar zxvf clamav-0.88.4.tar.gz
Cd clamav-0.88.4
./Configure -- prefix =/usr/local/clamav -- with-dbdir =/usr/clamav
Make
Make check
Make install
3. modify the configuration file:
Vi/usr/etc/clamd. conf
LogSyslog
LogVerbose
LogFacility LOG_MAIL
LogFile/var/log/clamav/clamd. log
PidFile/var/run/clamd. pid
DatabaseDirectory/usr/clamav
LocalSocket/var/run/clamav/clamd
StreamMaxLength 10 M
User clamav
ScanMail
ScanArchive
ScanRAR
Note: You must comment out the Example line in the above two files.
Modify the virus Update Configuration file:
Vi/usr/etc/freshclam. conf
DatabaseDirectory/usr/clamav
UpdateLogFile/var/log/clamav/freshclam. log
LogSyslog
LogVerbose
DatabaseOwner clamav
Checks 12
DatabaseMirror db.CN.clamav.net
DatabaseMirror database.clamav.net
NotifyClamd
Mkdir/var/log/clamav
Chown clamav. clamav/var/log/clamav/
3. Install C_icap
Http://c-icap.sourceforge.net/
./Configure -- enable-static -- prefix =/usr/local/c-icap/
-- With-clamav
Make
Make install
Start debugging:/usr/local/c-icap/bin/c-icap-N-D-d 10
#
# This file contains the default settings for c-icap
#
PidFile/var/run/c-icap.pid
CommandsSocket/var/run/c-icap/c-icap.ctl
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
# Set KeepAliveTimeout to-1 for no timeout
KeepAliveTimeout 600
StartServers 3
MaxServers 10
MinSpareThreads 10
MaxSpareThreads 20
ThreadsPerChild 10
MaxRequestsPerChild 0
Port 1344
User root
Group root
# ServerAdmin you@your.address # Not implemented yet
# ServerName localhost: 1344 # Not implemented yet
TmpDir/var/tmp
MaxMemObject 131072
ServerLog/usr/local/c-icap // var/log/server. log
AccessLog/usr/local/c-icap // var/log/access. log
# DebugLevel 3
ModulesDir/usr