Antivirus for squid

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Antivirus for squid

erdosain9
Hi to all.
Im a little confuse about this... i just want "antivirus", i dont care block some web, filter, etc. (at least no more that what i get with squid)... so, just for antivirus, what recommend???
clamav
squidclamav
squidguard
????
Somebody have a tutorial to install something of this on Centos7??
Thanks
Reply | Threaded
Open this post in threaded view
|

Re: Antivirus for squid

Yuri Voinov


26.01.2017 0:03, erdosain9 пишет:
> Hi to all.
> Im a little confuse about this... i just want "antivirus", i dont care block
> some web, filter, etc. (at least no more that what i get with squid)... so,
> just for antivirus, what recommend???
> clamav
You thing you have a choise? All others AV is commercial.
> squidclamav
squidclamav is not AV, it is ICAP adapter for AV.
> squidguard
This is not AV at all.
> ????
> Somebody have a tutorial to install something of this on Centos7??
Common example on Squid's wiki. There is no tutorial for all and any
"OS" on the Earth. Adapt wiki example yourself to any OS you want.

> Thanks
>
>
>
> --
> View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Antivirus-for-squid-tp4681323.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

0x613DEC46.asc (2K) Download Attachment
signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Antivirus for squid

Rafael Akchurin
Greetings all,

One possible tutorial for Squid Clam AV on Ubuntu 16 - https://docs.diladele.com/administrator_guide_4_9/antivirus/index.html
Unfortunately it references our Web UI - but I guess people familiar with inner directives of squid.conf can easily adapt it for their needs.

It works basically but sometimes ICAP chain fails on some sites - although both ICAP services working not in a chain have no such errors... still looking for a solution.

Best regards,
Rafael Akchurin
Diladele B.V.

-----Original Message-----
From: squid-users [mailto:[hidden email]] On Behalf Of Yuri Voinov
Sent: Wednesday, January 25, 2017 7:08 PM
To: [hidden email]
Subject: Re: [squid-users] Antivirus for squid



26.01.2017 0:03, erdosain9 пишет:
> Hi to all.
> Im a little confuse about this... i just want "antivirus", i dont care
> block some web, filter, etc. (at least no more that what i get with
> squid)... so, just for antivirus, what recommend???
> clamav
You thing you have a choise? All others AV is commercial.
> squidclamav
squidclamav is not AV, it is ICAP adapter for AV.
> squidguard
This is not AV at all.
> ????
> Somebody have a tutorial to install something of this on Centos7??
Common example on Squid's wiki. There is no tutorial for all and any "OS" on the Earth. Adapt wiki example yourself to any OS you want.

> Thanks
>
>
>
> --
> View this message in context:
> http://squid-web-proxy-cache.1019090.n4.nabble.com/Antivirus-for-squid
> -tp4681323.html Sent from the Squid - Users mailing list archive at
> Nabble.com.
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Antivirus for squid

erdosain9
This post was updated on .
Hi, again.
Well i installed squidclamav, c-icap, and clamav; and its working all fine, but... the download is too slow, the download of a file. There is a way to accelerate this??
Also, when the file its a virus, the message "this is a virus bla bla", go fast... i mean the slow download its for all the other files that dosent have a virus...

This is squid.conf

# c-icap integration
icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_header X-Authenticated-User
icap_preview_enable on
icap_preview_size 1024
icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_req allow all
icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_resp allow all
# end integration


c-icap.conf

PidFile /var/run/c-icap.pid
CommandsSocket /var/run/c-icap.ctl
StartServers 1
MaxServers 20
MaxRequestsPerChild  100
Port 1344
ServerAdmin yourname@yourdomain
TmpDir /tmp
MaxMemObject 131072
DebugLevel 0
ModulesDir /usr/local/c-icap/lib/c_icap/
ServicesDir /usr/local/c-icap/lib/c_icap/
LoadMagicFile /usr/local/etc/c-icap.magic

acl localhost src 127.0.0.1/255.255.255.255
acl PERMIT_REQUESTS type REQMOD RESPMOD
icap_access allow localhost PERMIT_REQUESTS
icap_access deny all

ServerLog /var/log/c-icap/server.log
AccessLog /var/log/c-icap/access.log

Service squidclamav squidclamav.so


CLAMD.CONF
LogFile /var/log/clamd.scan
PidFile /var/run/clamd.scan/clamd.pid
TemporaryDirectory /var/tmp
DatabaseDirectory /var/lib/clamav
LocalSocket /var/run/clamd.scan/clamd.sock
TCPSocket 3310
TCPAddr 127.0.0.1
User clamscan


SQUIDCLAMAV.CONF

maxsize 5000000
redirect http://squid.xxxxxxxxxxxxx.lan/cgi-bin/clwarn.cgi.en_EN
clamd_ip 127.0.0.1
clamd_port 3310
trust_cache 0
timeout 1
logredir 1
dnslookup 0
safebrowsing 0

abortcontent ^video\/x-flv$
abortcontent ^video\/mp4$
# White list some sites

Somebody can give me a hand with this???
Thanks to all.
Reply | Threaded
Open this post in threaded view
|

Re: Antivirus for squid

Yuri Voinov
Squid's wiki article contains all required points about performance and
tuning.


01.02.2017 21:41, erdosain9 пишет:
> Hi, again.
> Well i installed squidclamav, c-icap, and clamav; and its working all fine,
> but... the download is too slow, the download of a file. There is a way to
> accelerate this??
What do you mean "too slow"? Exact data, pls. Subjective and relative
adjectives, do not say anything of substance.

I mean, i.e.: "Before I've installed clamav, download speed was 1
terabit per second for file http://bwah-bwah.com/bwahbwahbwah.tar.gz.
After - only 10 megabits. It seems too slow".
> Also, when the file its a virus, the message "this is a virus bla bla", go
This is different procedure, which is not executed by squid itself.

> fast... i mean the slow download its for all the other files that dosent
> have a virus...
>
> *This is squid.conf
> *
> # c-icap integration
> icap_enable on
> icap_send_client_ip on
> icap_send_client_username on
> icap_client_username_header X-Authenticated-User
> icap_preview_enable on
> icap_preview_size 1024
> icap_service service_req reqmod_precache bypass=1
> icap://127.0.0.1:1344/squidclamav
> adaptation_access service_req allow all
> icap_service service_resp respmod_precache bypass=1
> icap://127.0.0.1:1344/squidclamav
> adaptation_access service_resp allow all
> # end integration
>
>
> *c-icap.conf
> *
> PidFile /var/run/c-icap.pid
> CommandsSocket /var/run/c-icap.ctl
> StartServers 1
> MaxServers 20
> MaxRequestsPerChild  100
> Port 1344
> ServerAdmin yourname@yourdomain
> TmpDir /tmp
> MaxMemObject 131072
> DebugLevel 0
> ModulesDir /usr/local/c-icap/lib/c_icap/
> ServicesDir /usr/local/c-icap/lib/c_icap/
> LoadMagicFile /usr/local/etc/c-icap.magic
>
> acl localhost src 127.0.0.1/255.255.255.255
> acl PERMIT_REQUESTS type REQMOD RESPMOD
> icap_access allow localhost PERMIT_REQUESTS
> icap_access deny all
>
> ServerLog /var/log/c-icap/server.log
> AccessLog /var/log/c-icap/access.log
>
> Service squidclamav squidclamav.so
>
>
> *CLAMD.CONF*
> LogFile /var/log/clamd.scan
> PidFile /var/run/clamd.scan/clamd.pid
> TemporaryDirectory /var/tmp
> DatabaseDirectory /var/lib/clamav
> LocalSocket /var/run/clamd.scan/clamd.sock
> TCPSocket 3310
> TCPAddr 127.0.0.1
> User clamscan
>
>
> *SQUIDCLAMAV.CONF
> *
> maxsize 5000000
> redirect http://squid.espaciomemoria.lan/cgi-bin/clwarn.cgi.en_EN
> clamd_ip 127.0.0.1
> clamd_port 3310
> trust_cache 0
> timeout 1
> logredir 1
> dnslookup 0
> safebrowsing 0
>
> abortcontent ^video\/x-flv$
> abortcontent ^video\/mp4$
> # White list some sites
>
> Somebody can give me a hand with this???
> Thanks to all.
Thelepathy on vacation. To give your hand, it is require to have root
access to your server to make performance diagnostics during "slow
downloads". But you always can do this yourself. Pieces of configs is
not enough to diagnostics, and, therefore, for tuning.

>
>
>
> --
> View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Antivirus-for-squid-tp4681323p4681413.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
--
Bugs to the Future

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

0x613DEC46.asc (2K) Download Attachment
signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Antivirus for squid

Eliezer Croitoru
Hey Yuri,

What wiki article?

Thanks,
Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: [hidden email]


-----Original Message-----
From: squid-users [mailto:[hidden email]] On Behalf Of Yuri Voinov
Sent: Wednesday, February 1, 2017 5:52 PM
To: [hidden email]
Subject: Re: [squid-users] Antivirus for squid

Squid's wiki article contains all required points about performance and tuning.


01.02.2017 21:41, erdosain9 пишет:
> Hi, again.
> Well i installed squidclamav, c-icap, and clamav; and its working all
> fine, but... the download is too slow, the download of a file. There
> is a way to accelerate this??
What do you mean "too slow"? Exact data, pls. Subjective and relative adjectives, do not say anything of substance.

I mean, i.e.: "Before I've installed clamav, download speed was 1 terabit per second for file http://bwah-bwah.com/bwahbwahbwah.tar.gz.
After - only 10 megabits. It seems too slow".
> Also, when the file its a virus, the message "this is a virus bla
> bla", go
This is different procedure, which is not executed by squid itself.

> fast... i mean the slow download its for all the other files that
> dosent have a virus...
>
> *This is squid.conf
> *
> # c-icap integration
> icap_enable on
> icap_send_client_ip on
> icap_send_client_username on
> icap_client_username_header X-Authenticated-User icap_preview_enable
> on icap_preview_size 1024 icap_service service_req reqmod_precache
> bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access
> service_req allow all icap_service service_resp respmod_precache
> bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access
> service_resp allow all # end integration
>
>
> *c-icap.conf
> *
> PidFile /var/run/c-icap.pid
> CommandsSocket /var/run/c-icap.ctl
> StartServers 1
> MaxServers 20
> MaxRequestsPerChild  100
> Port 1344
> ServerAdmin yourname@yourdomain
> TmpDir /tmp
> MaxMemObject 131072
> DebugLevel 0
> ModulesDir /usr/local/c-icap/lib/c_icap/ ServicesDir
> /usr/local/c-icap/lib/c_icap/ LoadMagicFile
> /usr/local/etc/c-icap.magic
>
> acl localhost src 127.0.0.1/255.255.255.255 acl PERMIT_REQUESTS type
> REQMOD RESPMOD icap_access allow localhost PERMIT_REQUESTS icap_access
> deny all
>
> ServerLog /var/log/c-icap/server.log
> AccessLog /var/log/c-icap/access.log
>
> Service squidclamav squidclamav.so
>
>
> *CLAMD.CONF*
> LogFile /var/log/clamd.scan
> PidFile /var/run/clamd.scan/clamd.pid
> TemporaryDirectory /var/tmp
> DatabaseDirectory /var/lib/clamav
> LocalSocket /var/run/clamd.scan/clamd.sock TCPSocket 3310 TCPAddr
> 127.0.0.1 User clamscan
>
>
> *SQUIDCLAMAV.CONF
> *
> maxsize 5000000
> redirect http://squid.espaciomemoria.lan/cgi-bin/clwarn.cgi.en_EN
> clamd_ip 127.0.0.1
> clamd_port 3310
> trust_cache 0
> timeout 1
> logredir 1
> dnslookup 0
> safebrowsing 0
>
> abortcontent ^video\/x-flv$
> abortcontent ^video\/mp4$
> # White list some sites
>
> Somebody can give me a hand with this???
> Thanks to all.
Thelepathy on vacation. To give your hand, it is require to have root access to your server to make performance diagnostics during "slow downloads". But you always can do this yourself. Pieces of configs is not enough to diagnostics, and, therefore, for tuning.

>
>
>
> --
> View this message in context:
> http://squid-web-proxy-cache.1019090.n4.nabble.com/Antivirus-for-squid
> -tp4681323p4681413.html Sent from the Squid - Users mailing list
> archive at Nabble.com.
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users

--
Bugs to the Future

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Antivirus for squid

Yuri Voinov
http://wiki.squid-cache.org/ConfigExamples/ContentAdaptation/C-ICAP


01.02.2017 22:14, Eliezer Croitoru пишет:

> Hey Yuri,
>
> What wiki article?
>
> Thanks,
> Eliezer
>
> ----
> Eliezer Croitoru
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: [hidden email]
>
>
> -----Original Message-----
> From: squid-users [mailto:[hidden email]] On Behalf Of Yuri Voinov
> Sent: Wednesday, February 1, 2017 5:52 PM
> To: [hidden email]
> Subject: Re: [squid-users] Antivirus for squid
>
> Squid's wiki article contains all required points about performance and tuning.
>
>
> 01.02.2017 21:41, erdosain9 пишет:
>> Hi, again.
>> Well i installed squidclamav, c-icap, and clamav; and its working all
>> fine, but... the download is too slow, the download of a file. There
>> is a way to accelerate this??
> What do you mean "too slow"? Exact data, pls. Subjective and relative adjectives, do not say anything of substance.
>
> I mean, i.e.: "Before I've installed clamav, download speed was 1 terabit per second for file http://bwah-bwah.com/bwahbwahbwah.tar.gz.
> After - only 10 megabits. It seems too slow".
>> Also, when the file its a virus, the message "this is a virus bla
>> bla", go
> This is different procedure, which is not executed by squid itself.
>> fast... i mean the slow download its for all the other files that
>> dosent have a virus...
>>
>> *This is squid.conf
>> *
>> # c-icap integration
>> icap_enable on
>> icap_send_client_ip on
>> icap_send_client_username on
>> icap_client_username_header X-Authenticated-User icap_preview_enable
>> on icap_preview_size 1024 icap_service service_req reqmod_precache
>> bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access
>> service_req allow all icap_service service_resp respmod_precache
>> bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access
>> service_resp allow all # end integration
>>
>>
>> *c-icap.conf
>> *
>> PidFile /var/run/c-icap.pid
>> CommandsSocket /var/run/c-icap.ctl
>> StartServers 1
>> MaxServers 20
>> MaxRequestsPerChild  100
>> Port 1344
>> ServerAdmin yourname@yourdomain
>> TmpDir /tmp
>> MaxMemObject 131072
>> DebugLevel 0
>> ModulesDir /usr/local/c-icap/lib/c_icap/ ServicesDir
>> /usr/local/c-icap/lib/c_icap/ LoadMagicFile
>> /usr/local/etc/c-icap.magic
>>
>> acl localhost src 127.0.0.1/255.255.255.255 acl PERMIT_REQUESTS type
>> REQMOD RESPMOD icap_access allow localhost PERMIT_REQUESTS icap_access
>> deny all
>>
>> ServerLog /var/log/c-icap/server.log
>> AccessLog /var/log/c-icap/access.log
>>
>> Service squidclamav squidclamav.so
>>
>>
>> *CLAMD.CONF*
>> LogFile /var/log/clamd.scan
>> PidFile /var/run/clamd.scan/clamd.pid
>> TemporaryDirectory /var/tmp
>> DatabaseDirectory /var/lib/clamav
>> LocalSocket /var/run/clamd.scan/clamd.sock TCPSocket 3310 TCPAddr
>> 127.0.0.1 User clamscan
>>
>>
>> *SQUIDCLAMAV.CONF
>> *
>> maxsize 5000000
>> redirect http://squid.espaciomemoria.lan/cgi-bin/clwarn.cgi.en_EN
>> clamd_ip 127.0.0.1
>> clamd_port 3310
>> trust_cache 0
>> timeout 1
>> logredir 1
>> dnslookup 0
>> safebrowsing 0
>>
>> abortcontent ^video\/x-flv$
>> abortcontent ^video\/mp4$
>> # White list some sites
>>
>> Somebody can give me a hand with this???
>> Thanks to all.
> Thelepathy on vacation. To give your hand, it is require to have root access to your server to make performance diagnostics during "slow downloads". But you always can do this yourself. Pieces of configs is not enough to diagnostics, and, therefore, for tuning.
>>
>>
>> --
>> View this message in context:
>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Antivirus-for-squid
>> -tp4681323p4681413.html Sent from the Squid - Users mailing list
>> archive at Nabble.com.
>> _______________________________________________
>> squid-users mailing list
>> [hidden email]
>> http://lists.squid-cache.org/listinfo/squid-users
> --
> Bugs to the Future
>
--
Bugs to the Future

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

0x613DEC46.asc (2K) Download Attachment
signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Antivirus for squid

Eliezer Croitoru
Thanks.

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: [hidden email]


-----Original Message-----
From: Yuri Voinov [mailto:[hidden email]]
Sent: Wednesday, February 1, 2017 6:16 PM
To: Eliezer Croitoru <[hidden email]>
Cc: [hidden email]
Subject: Re: [squid-users] Antivirus for squid

http://wiki.squid-cache.org/ConfigExamples/ContentAdaptation/C-ICAP


01.02.2017 22:14, Eliezer Croitoru пишет:

> Hey Yuri,
>
> What wiki article?
>
> Thanks,
> Eliezer
>
> ----
> Eliezer Croitoru
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: [hidden email]
>
>
> -----Original Message-----
> From: squid-users [mailto:[hidden email]]
> On Behalf Of Yuri Voinov
> Sent: Wednesday, February 1, 2017 5:52 PM
> To: [hidden email]
> Subject: Re: [squid-users] Antivirus for squid
>
> Squid's wiki article contains all required points about performance and tuning.
>
>
> 01.02.2017 21:41, erdosain9 пишет:
>> Hi, again.
>> Well i installed squidclamav, c-icap, and clamav; and its working all
>> fine, but... the download is too slow, the download of a file. There
>> is a way to accelerate this??
> What do you mean "too slow"? Exact data, pls. Subjective and relative adjectives, do not say anything of substance.
>
> I mean, i.e.: "Before I've installed clamav, download speed was 1 terabit per second for file http://bwah-bwah.com/bwahbwahbwah.tar.gz.
> After - only 10 megabits. It seems too slow".
>> Also, when the file its a virus, the message "this is a virus bla
>> bla", go
> This is different procedure, which is not executed by squid itself.
>> fast... i mean the slow download its for all the other files that
>> dosent have a virus...
>>
>> *This is squid.conf
>> *
>> # c-icap integration
>> icap_enable on
>> icap_send_client_ip on
>> icap_send_client_username on
>> icap_client_username_header X-Authenticated-User icap_preview_enable
>> on icap_preview_size 1024 icap_service service_req reqmod_precache
>> bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access
>> service_req allow all icap_service service_resp respmod_precache
>> bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access
>> service_resp allow all # end integration
>>
>>
>> *c-icap.conf
>> *
>> PidFile /var/run/c-icap.pid
>> CommandsSocket /var/run/c-icap.ctl
>> StartServers 1
>> MaxServers 20
>> MaxRequestsPerChild  100
>> Port 1344
>> ServerAdmin yourname@yourdomain
>> TmpDir /tmp
>> MaxMemObject 131072
>> DebugLevel 0
>> ModulesDir /usr/local/c-icap/lib/c_icap/ ServicesDir
>> /usr/local/c-icap/lib/c_icap/ LoadMagicFile
>> /usr/local/etc/c-icap.magic
>>
>> acl localhost src 127.0.0.1/255.255.255.255 acl PERMIT_REQUESTS type
>> REQMOD RESPMOD icap_access allow localhost PERMIT_REQUESTS
>> icap_access deny all
>>
>> ServerLog /var/log/c-icap/server.log
>> AccessLog /var/log/c-icap/access.log
>>
>> Service squidclamav squidclamav.so
>>
>>
>> *CLAMD.CONF*
>> LogFile /var/log/clamd.scan
>> PidFile /var/run/clamd.scan/clamd.pid TemporaryDirectory /var/tmp
>> DatabaseDirectory /var/lib/clamav LocalSocket
>> /var/run/clamd.scan/clamd.sock TCPSocket 3310 TCPAddr
>> 127.0.0.1 User clamscan
>>
>>
>> *SQUIDCLAMAV.CONF
>> *
>> maxsize 5000000
>> redirect http://squid.espaciomemoria.lan/cgi-bin/clwarn.cgi.en_EN
>> clamd_ip 127.0.0.1
>> clamd_port 3310
>> trust_cache 0
>> timeout 1
>> logredir 1
>> dnslookup 0
>> safebrowsing 0
>>
>> abortcontent ^video\/x-flv$
>> abortcontent ^video\/mp4$
>> # White list some sites
>>
>> Somebody can give me a hand with this???
>> Thanks to all.
> Thelepathy on vacation. To give your hand, it is require to have root access to your server to make performance diagnostics during "slow downloads". But you always can do this yourself. Pieces of configs is not enough to diagnostics, and, therefore, for tuning.
>>
>>
>> --
>> View this message in context:
>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Antivirus-for-squi
>> d -tp4681323p4681413.html Sent from the Squid - Users mailing list
>> archive at Nabble.com.
>> _______________________________________________
>> squid-users mailing list
>> [hidden email]
>> http://lists.squid-cache.org/listinfo/squid-users
> --
> Bugs to the Future
>

--
Bugs to the Future

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users