Squid2.6stable12 + clamav + havp build Anti-Virus Agent

This article describes squid2.6stable12 + clamav + havp to build a antivirus agent.

Install squid 2.6stable12

Useradd squid

./configure --prefix=/opt/squid --enable-async-io=40 --enable-storeio="aufs,coss,diskd,ufs" --enable-useragent-log --enable-referer-log --enable-kill-parent-hack --enable-forward-log --enable-snmp --enable-cache-digests --enable-default-err-language=Simplify_Chinese --enable-poll --enable-removal-policies="heap,lru" --enable-large-cache-files --disable-internal-dns --enable-x-accelerator-vary --enable-follow-x-forwarded-for --with-large-files --disable-ident-lookups --enable-underscore --disable-arp-acl --with-maxfd=65500

Make & make install

cd /opt/squid mkdir cache1 cache1 chown -R squid.squid cache1 cache2 var

Content of squid. conf

http_port 3128 cache_mem 100 MB cache_swap_low 75 cache_swap_high 98 emulate_httpd_log on logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs % access_log /opt/web-squid/var/logs/access.log combined redirect_rewrites_host_header off acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80          # http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow all cache_effective_user squid cache_effective_group squid cache_replacement_policy lru cache_dir aufs /opt/web-squid/cache1 50 32 64 cache_dir aufs /opt/web-squid/cache2 50 32 64 cache_log /opt/web-squid/var/logs/cache.log cache_store_log none cache_swap_log /opt/web-squid/var/logs/swap.log log_ip_on_direct on pid_filename /opt/web-squid/var/logs/squid.pid visible_hostname testwebsquid logfile_rotate 5

Security Clam AntiVirus

First download the clamav0.90package from http://www.clamav.net/

useradd clamav ./configure make make install

Note: The zlib version may be insufficient during installation. Please download the latest zlibversion at http://www.zlib.net /.

Installation Process:

./configure make make install

Security Certificate HAVP

Download the havp 0.86 package from http://www.server-side.de/download.htm

useradd havp ./configure make make install chown -R havp.havp /var/log/havp /var/tmp/havp /var/run/havp vi /usr/local/etc/havp/havp.config

### Comment out the following line

#REMOVETHISLINE deleteme

### ClamAV Library libraries (libclamav) → use the ClamAV virus database directly by HAVP

ENABLECLAMLIB true CLAMDBDIR /var/lib/clamav

### ClamAV Socket poisoning (clamd) → subscribe to clamd for Anti-Virus (clamd must be started first). You can use either of the above methods. The mode I used above)

ENABLECLAMD true CLAMDSOCKET /tmp/clamd

Other performance-related settings:

### The higher the theory, the better the performance of the dynamic route, but the higher the server resource, the better the efficiency.

SERVERNUMBER 40 MAXSERVERS 200

### Only remember the error log. logs with fewer logs can be used to Log on to your server.

LOGLEVEL 0

### It is not toxic to images, but the CPU usage can be reduced.

SCANIMAGES false

### This is the listener port of havp. The default port is 8080. Because 8080 is the default port of tomcat, I changed it to 3129,

PORT=3129

Attach an independent disk zone/var/tmp/havp (you must add the-o and mand numbers)

mount -o mand /dev/hda3 /var/tmp/havp

If you do not have multiple devices, you can use either of the following methods:

A. Create a volume disk with the memory.

Mkfs-t ext2/dev/ram0 8192 (create an 8 mb ram Disk) mount -o mand /dev/ram0 /var/tmp/havp

B. Use the hard drive space to create a dedicated volume

Dd if =/dev/zero of =/root/havp_tmp.img bs = 128 K count = 1 seek = 1024 (create 128 MB Virtual Disk) mkfs.ext2 /root/havp_tmp.img mount -o loop,mand /root/havp_tmp.img /var/tmp/havp

The size of files that can be scanned by ps. HAVP will be limited by the disk space mounted here

Update the shared libraries database (for ClamAV)

Vi/etc/ld. so. conf --> Add:/usr/local/lib ldconfig

Start HAVP

/usr/local/sbin/havp & Bundling squid and havp

Bundling squid and havp

Edit the squid. conf file

Add the following two lines

cache_peer 127.0.0.1 parent 3129 0 no-query no-digest no-netdb-exchange default cache_peer_access 127.0.0.1 allow all

By now, the squid + clamav + havp has been configured.

Use squid as the proxy and go to http://www.eicar.org/anti_virus_test_file.htmto test the website.

HAVP directly uses the ClamAV Library, so the ClamAV server does not need to be moved.

You only need to use ClamAV's freshclam to update the ClamAV virus token,

The method is as follows:

1. run crontab: 0 0 ***/usr/local/bin/freshclam -- verbose (Update virus schedule every midnight)

Clamav upgrade configuration file

vi /usr/local/clamav/etc/freshclam.conf ## ## Example config file for freshclam ## Please read the clamav.conf(5) manual before editing this file. ## This file may be optionally merged with clamav.conf. ## # You can change the default database directory here. #DatabaseDirectory /var/lib/clamav # Path to the log file (make sure it has proper permissions) UpdateLogFile /var/log/freshclam.log # Enable verbose logging. LogVerbose # Use system logger (can work together with UpdateLogFile). LogSyslog # By default when freshclam is started by root it drops privileges and # switches to the "clamav" user. You can change this behaviour here. #DatabaseOwner clamav # The main database mirror is database.clamav.net (this is a round-robin # DNS that points to many mirrors on the world) and in most cases you # SHOULD NOT change it. DatabaseMirror database.clamav.net # How many attempts to make before giving up. MaxAttempts 3 # How often check for a new database. We suggest checking for it every # two hours. Checks 12 # Proxy settings #HTTPProxyServer myproxy.com #HTTPProxyPort 1234 #HTTPProxyUsername myusername #HTTPProxyPassword mypass # Send the RELOAD command to clamd. #NotifyClamd [/optional/config/file/path] # Run command after database update. #OnUpdateExecute command # Run command if database update failed. #OnErrorExecute command

1. Anti-Virus area-Security Channel
2. Clear the Linux system worm Ramen