Requerimientos:
FreeBSD instalado
Squid-cache instalado
1) Instalar ClamAV
# whereis clamav
clamav: /usr/ports/security/clamav
# cd /usr/ports/security/clamav
# make install clean
Crear el archivo de configuracion
# cp /usr/local/etc/clamd.conf.default /usr/local/etc/clamd.conf
Ejemplo del contenido ya listo
Note que la opcion
LocalSocket /var/run/clamav/clamd.sock
no puede funcionar si esta usando las opciones
TCPSocket 3310
TCPAddr 127.0.0.1
egrep -v '#|^ *$' /usr/local/etc/clamd.conf
---
LogFile /var/log/clamav/clamd.log
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /usr/home/hd1/infected
DatabaseDirectory /var/db/clamav
FixStaleSocket yes
TCPSocket 3310
TCPAddr 127.0.0.1
MaxConnectionQueueLength 30
User root
AllowSupplementaryGroups yes
ScanMail yes
---
Hacer que se inicie con el sistema
Poner las siguientes lineas en el /etc/rc.conf
---
# Activamos ClamAV (antivirus para Samba)
clamav_freshclam_enable="YES"
clamav_clamd_enable="YES"
---
Iniciar ClamAV
# /usr/local/etc/rc.d/clamav-clamd start
El log /var/log/clamav/clamd.log
Muestra algo como esto
---
+++ Started at Thu Apr 29 10:06:02 2010
clamd daemon 0.96 (OS: freebsd7.2, ARCH: amd64, CPU: amd64)
Running as user root (UID 0, GID 0)
Log file size limited to 1048576 bytes.
Reading databases from /var/db/clamav
Not loading PUA signatures.
Loaded 759499 signatures.
TCP: Bound to address 127.0.0.1 on port 3310
TCP: Setting connection queue length to 30
Limits: Global size limit set to 104857600 bytes.
Limits: File size limit set to 26214400 bytes.
Limits: Recursion level limit set to 16.
Limits: Files limit set to 10000.
Archive support enabled.
Algorithmic detection enabled.
Portable Executable support enabled.
ELF support enabled.
Mail files support enabled.
OLE2 support enabled.
PDF support enabled.
HTML support enabled.
Self checking every 600 seconds.
Set stacksize to 2162688
No stats for Database check - forcing reload
Reading databases from /var/db/clamav
Database correctly reloaded (759499 signatures)
---
Verificar que esta funcionando
# sockstat -4 | grep clamd
root clamd 26383 4 tcp4 127.0.0.1:3310 *:*
Hacer una prueba mediante telnet y ponerlo a escanear el directorio /root
# telnet localhost 3310
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SCAN /root
/root: OK
Connection closed by foreign host.
2) Instalar SquidClamAV
# whereis squidclamav
squidclamav: /usr/ports/security/squidclamav
# cd /usr/ports/security/squidclamav
# make install clean
Crear el archivo de configuracion
# cp /usr/local/etc/squidclamav.conf.dist /usr/local/etc/squidclamav.conf
Ejemplo del contenido ya listo
egrep -v '#|^ *$' /usr/local/etc/squidclamav.conf
---
squid_ip 127.0.0.1
squid_port 3128
logfile /var/log/squidclamav.log
maxsize 5000000
redirect http://alpha/mensaje6.html
stat 0
maxredir 30
clamd_ip 127.0.0.1
clamd_port 3310
timeout 60
useragent Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100402)
trust_cache 0
logredir 0
abort ^.*\.(ico|gif|png|jpg)$
abortcontent ^image\/.*$
abort ^.*\.(css|xml|xsl|js|html|jsp)$
abortcontent ^text\/.*$
abortcontent ^application\/x-javascript$
abortcontent ^video\/x-flv$
abortcontent ^video\/mp4$
abort ^.*\.swf$
abortcontent ^application\/x-shockwave-flash$
abortcontent ^.*application\/x-mms-framed.*$
whitelist .*\.clamav.net
---
Crear el archivo de log /var/log/squidclamav.log
# touch /var/log/squidclamav.log
Darle permiso para que lo use
chown squid:squid /var/log/squidclamav.log
Verificar que se aplico correctamente los permisos
# ls -l /var/log/squidclamav.log
-rw-r--r-- 1 squid squid 324645 Apr 29 12:19 /var/log/squidclamav.log
Iniciar el squidclamav manualmente para prueba
# squidclamav -c /usr/local/etc/squidclamav.conf
---
SquidClamav v5.3 running in interactive mode
Wed Apr 28 14:28:38 2010 LOG Anonymizing User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100402 Ubuntu/9.10 (karmic)
Wed Apr 28 14:28:38 2010 LOG SquidClamav v5.3 (PID 88666) started
---
Note que para pararlo, se hace con
Ctrl + C
3) Configuro unos parametros adicionales en el /usr/local/etc/squid/squid.conf
Le agrego las siguientes lineas
on ACL definition you should have declared:
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl purge method PURGE
on http_acces definition you should declared the follwing :
http_access deny to_localhost
http_access allow localhost
http_access allow purge localhost
http_access deny purge
url_rewrite_access deny localhost
and on the redirect section the following:
url_rewrite_program /usr/local/bin/squidclamav -c /usr/local/etc/squidclamav.conf
url_rewrite_children 30
Verificar los logs para ver que todo esta bien
Para Squid-cache
# tail -f /usr/local/squid/logs/cache.log
---
2010/04/29 11:56:33| Starting Squid Cache version 3.0.STABLE25 for amd64-portbld-freebsd7.2...
2010/04/29 11:56:33| Process ID 39294
2010/04/29 11:56:33| With 11072 file descriptors available
2010/04/29 11:56:33| DNS Socket created at 0.0.0.0, port 51259, FD 7
2010/04/29 11:56:33| Adding domain company.com from /etc/resolv.conf
2010/04/29 11:56:33| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2010/04/29 11:56:33| helperOpenServers: Starting 30/30 'squidclamav' processes
---
# tail -f /usr/local/squid/logs/access.log
---
---
Para SquidClamAV
# tail -f /var/log/squidclamav.log
---
Thu Apr 29 11:56:33 2010 [39306] LOG SquidClamav v5.3 (PID 39306) started
Thu Apr 29 11:56:33 2010 [39307] LOG Anonymizing User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100402 Ubuntu/9.10 (karmic)
Thu Apr 29 11:56:33 2010 [39308] LOG Anonymizing User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100402 Ubuntu/9.10 (karmic)
Thu Apr 29 11:56:33 2010 [39309] LOG Anonymizing User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100402 Ubuntu/9.10 (karmic)
---
jueves, abril 29, 2010
Suscribirse a:
Entradas (Atom)