squid+c-icap+clamav = gateway antivirus scanner

squid+c-icap+clamav = gateway antivirus scanner

建置簡單的網路代理閘道,代理內部網路 Http 協定的流量。系統使用 64 位元 CentOS 6.3 ,並安裝 squid3 代理伺服器與 c-icap 伺服器(實作 icap 的工具程式),利用 c-icap clamav modules 掃描代理下載 Http 的內容是否含有病毒。

1.安裝 centos 6.3 系統,選擇安裝為 Web Server 系列套件安裝。安裝CentOS6.3

FEDORA 專案所使用的 GPG 金鑰
https://fedoraproject.org/keys

2.安裝 EPEL 套件庫

#rpm –import http://mirror01.idc.hinet.net/EPEL/RPM-GPG-KEY-EPEL-6

#rpm -ivh http://mirror01.idc.hinet.net/EPEL/6/x86_64/epel-release-6-8.noarch.rpm

3.系統安裝完成後, 第一件事「系統更新」

#yum update

4.安裝 squid,clamav,clamav-devel 套件及更新病毒碼

#yum install squid clamav clamav-devel
#freshclam

5.下載 c-icap 和 c-icap-modules ,c-icap 專案位址 http://c-icap.sourceforge.net/

#wget http://sourceforge.net/projects/c-icap/files/c-icap/0.2.x/c_icap-0.2.5.tar.gz/download
#wget http://sourceforge.net/projects/c-icap/files/c-icap-modules/0.2.x/c_icap_modules-0.2.4.tar.gz/download

6.安裝程式開發工具套件及需要的函式庫

#yum groupinstall “Development Tools"

7.解壓縮及安裝 c-icap 和 c-icap-modules

#tar -xzvf c_icap-0.2.5.tar.gz
#cd c_icap-0.2.5
#./configure
#make install
#cd ..
#tar -xzvf c_icap_modules-0.2.4.tar.gz
#cd c_icap_modules-0.2.4
#./configure
#make install

7.允許squid啟用icap協定,參照 http://wiki.squid-cache.org/Features/ICAP 編輯設定 /etc/squid/squid.conf 。avscan 服務被定義在 /usr/local/etc/virus_scan.conf 設定檔中。proxy transparent mode is important for gateway proxy.

#vim /etc/squid/squid.conf

http_port 3128 transparent

icap_enable on

icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/avscan
adaptation_access service_req allow all

icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344/avscan
adaptation_access service_resp allow all

8.設定 /usr/local/etc/c-icap.conf ,引入 virus_scan.conf 設定檔(由 /usr/local/etc/virus_scan.conf 內容得知)。

#vim /usr/local/etc/c-icap.conf

Include virus_scan.conf

9.啟動 c-icap daemon 並設定開機自動啟用服務

#c-icap -f /usr/local/etc/c-icap.conf
#echo /usr/local/bin/c-icap -f /usr/local/etc/c-icap.conf >> /etc/rc.local

10.允許 iptables 開啟 squid 服務端口 3128 ,將 http 協定導向 3128 port 並放行 https 直接 forward。

#iptables -I INPUT -p tcp –dport 3128 -j ACCEPT
#iptables -I FORWARD -p tcp –dport 443 -j ACCEPT
#iptables -A PREROUTING -t nat -p tcp –dport 80 -j REDIRECT –to-port 3128iptables_filter_listiptables_nat_list

11.允許 squid gateway ip_forward , set net.ipv4.ip_forward enabled

#echo 1 > /proc/sys/net/ipv4/ip_forward

#vim /etc/sysctl.conf
net.ipv4.ip_forward = 1

12.儲存 iptables 設定檔,並設定開機時自動載入設定。

#iptables-save > /etc/iptables.conf
#echo “iptables-restore < /etc/iptables.conf" >> /etc/rc.local

13.設定開機自動啟用 squid 服務,並啟動 squid daemon 。

#chkconfig squid on
#servie squid startsquid&c-icap_ports

14.連線至 http://www.eicar.org 下載病毒測試檔,測試病毒是否有被成功阻擋。test_download_eicar.com

# Gateway is squid Server and client ip is fall in 192.168.0.0/24 which default squid localnet setting range.client_ip_address_setting

 

發表迴響

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / 變更 )

Twitter picture

You are commenting using your Twitter account. Log Out / 變更 )

Facebook照片

You are commenting using your Facebook account. Log Out / 變更 )

Google+ photo

You are commenting using your Google+ account. Log Out / 變更 )

連結到 %s