jump to navigation

Linux (CentOS/RHEL) : Squid+Dansguardian + Antivirus (ClamAV) February 9, 2009

Posted by hasnain110 in Linux.
trackback

I’ll explain here how to setup a web proxy with antivirus capabilities

We will use these tools : Squid + ClamAV + a patched version of DansGuardian

We will be needing following tools to get this task done

Squid : www.squid-cache.org
ClamAV : www.clamav.net
DansGuardian : dansguardian.org

Note: You can download Squid rpm from the default RHEL/CentOS repo.

Requirements for Squid:

Squid should be running on port 3128

should only entertain request from localhost

/etc/squid/squid.conf :
http_port 3128
acl localhost src 127.0.0.0/255.0.0.0
http_access allow localhost
http_access deny all

Install DansGuardian with the antivirus plugin from SecurityTeam.us repo :

Install the SecurityTeamUS repo :
rpm -ihv http://repo.securityteam.us/repository/redhat/securityteamus-repo-latest.rpm

Install DansGuardian-av and its dependencies (included on SecurityTeamUS) :

yum install dansguardian-av


Output :
Setting up Install Process
Setting up repositories
SecurityTeamUS 100% |=========================| 951 B 00:00
Reading repository metadata in from local files
primary.xml.gz 100% |=========================| 30 kB 00:00
SecurityTe: ################################################## 68/68
Added 68 new packages, deleted 0 old in 0.88 seconds
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for dansguardian-av to pack into transaction set.
dansguardian-av-2.8.0.6-1 100% |=========================| 24 kB 00:00
---> Package dansguardian-av.i386 0:2.8.0.6-1 set to be updated
--> Running transaction check
--> Processing Dependency: libclamav.so.1 for package: dansguardian-av
--> Processing Dependency: clamd for package: dansguardian-av
--> Processing Dependency: libesmtp.so.5 for package: dansguardian-av
--> Processing Dependency: libesmtp for package: dansguardian-av
--> Processing Dependency: clamav for package: dansguardian-av
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for libesmtp to pack into transaction set.
libesmtp-0.8.12-1.i386.rp 100% |=========================| 4.9 kB 00:00
---> Package libesmtp.i386 0:0.8.12-1 set to be updated
---> Downloading header for clamd to pack into transaction set.
clamd-0.88.7-1.i386.rpm 100% |=========================| 4.7 kB 00:00
---> Package clamd.i386 0:0.88.7-1 set to be updated
---> Downloading header for clamav to pack into transaction set.
clamav-0.88.7-1.i386.rpm 100% |=========================| 7.4 kB 00:00
---> Package clamav.i386 0:0.88.7-1 set to be updated
--> Running transaction check
--> Processing Dependency: clamav-db = 0.88.7-1 for package: clamav
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for clamav-db to pack into transaction set.
clamav-db-0.88.7-1.i386.r 100% |=========================| 2.6 kB 00:00
---> Package clamav-db.i386 0:0.88.7-1 set to be updated
--> Running transaction check
.
Dependencies Resolved
.
=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
dansguardian-av i386 2.8.0.6-1 SecurityTeamUS 309 k
Installing for dependencies:
clamav i386 0.88.7-1 SecurityTeamUS 944 k
clamav-db i386 0.88.7-1 SecurityTeamUS 7.3 M
clamd i386 0.88.7-1 SecurityTeamUS 64 k
libesmtp i386 0.8.12-1 SecurityTeamUS 176 k
.
Transaction Summary
=============================================================================
Install 5 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 8.8 M
Is this ok [y/N]: y

.
Start ClamAV daemon :
service clamd start

By default, clamd should listen on 127.0.0.1:3310

Set up DansGuardian-av this way :
reportinglevel = 3
languagedir = '/etc/dansguardian/languages'
language = 'ukenglish'
loglevel = 3
logexceptionhits = on
logfileformat = 1
loglocation = '/var/log/dansguardian/access.log'
filterip =
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128
nonstandarddelimiter = on
usecustombannedimage = 1
custombannedimagefile = '/etc/dansguardian/transparent1x1.gif'
filtergroups = 1
filtergroupslist = '/etc/dansguardian/filtergroupslist'
bannediplist = '/etc/dansguardian/bannediplist'
exceptioniplist = '/etc/dansguardian/exceptioniplist'
banneduserlist = '/etc/dansguardian/banneduserlist'
exceptionuserlist = '/etc/dansguardian/exceptionuserlist'
showweightedfound = on
weightedphrasemode = 0
urlcachenumber = 3000
urlcacheage = 900
phrasefiltermode = 2
preservecase = 0
hexdecodecontent = 0
forcequicksearch = 0
reverseaddresslookups = off
reverseclientiplookups = off
createlistcachefiles = on
maxuploadsize = -1
maxcontentfiltersize = 256
usernameidmethodproxyauth = on
usernameidmethodident = off
preemptivebanning = on
forwardedfor = off
usexforwardedfor = off
logconnectionhandlingerrors = on
maxchildren = 120
minchildren = 8
minsparechildren = 4
preforkchildren = 6
maxsparechildren = 32
maxagechildren = 500
ipcfilename = '/tmp/.dguardianipc'
urlipcfilename = '/tmp/.dguardianurlipc'
pidfilename = '/var/run/dansguardian.pid'
nodaemon = off
nologger = off
daemonuser = 'nobody'
daemongroup = 'nobody'
softrestart = off
virusscan = on
virusengine = 'clamav'
tricklelength = 32768
forkscanlength = 32768
firsttrickledelay = 10
followingtrickledelay = 10
maxcontentscansize = 41904304
virusscanexceptions = on
urlcachecleanonly = on
virusscannertimeout = 60
notify = 2 # will notify the admin only
emaildomain = 'domain.be'
postmaster = 'admin@domain.be'
emailserver = '127.0.0.1:25'
downloaddir = '/tmp/dgvirus'
clmaxfiles = 1500
clmaxreclevel = 3
clmaxfilesize = 10485760
clblockencryptedarchives = off
cldetectbroken = off
clamdsocket = '127.0.0.1:3310'

This is my configuration, please review it to match your needs

Make sure dansguardian will start at boot :
chkconfig dansguardian on

Start DansGuardian :
service dansguardian start

Now, you can set up your browser preference to use the antivirus web proxy (IP:8080)

If you want to set dansguardian as a transparent proxy :
1. Edit /etc/squid/squid.conf and add :
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

2. Type this at the command prompt (where your local subnet is 10.0.0.0/24 and your LAN interface is eth0) :
iptables -t nat -A PREROUTING -i eth0 -s 10.0.0.0/24 -p tcp --dport 80 -j REDIRECT --to-port 8080

3. Save your iptables configuration, type :
iptables-save > /etc/sysconfig/iptables

Squid logs can be tailed here :
tail -f /var/log/squid/access.log

DansGuardian logs can be tailed here :
tail -f /var/log/dansguardian/access.log

About these ads

Comments»

1. sam - July 13, 2009

hey you have such a nice blog thanks for sharing keep posting

2. vijay - August 2, 2009

hi not working in RedHat EL4

3. kschreyack - September 16, 2009

The RPM’s are NOT offered from the repo listed here (SecurityTeamUS). I did an install with CentOS5, added the sourceforge repo, used yum to install Dansguardian, ClamAV, Clamd, and Squid.

Once that was done, the configuration files offered here are correct and should be followed. The installation is completed and working w/o issue ;)

The repo added was from:

wget http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

Enjoy!

4. mohan - November 7, 2009

This is really wonder fully post i can able to controll lot of illegal website and govern my network bannerfilter will be added advantagae to prevent adds

5. roopyisezes - November 12, 2010

Please move me if this is not the right area for my post. My friends call me James. I am a — naturopath — Check out my site cure for menopause.I’m going to searching more about this forum hasnainali.wordpress.com http://menopause-cures.com/menopause-symptoms-cure.gif

http://menopause-cures.com/

6. Vadiraj Joish - June 29, 2011

It looks so easy…I am gono try this for sure….

Thanks
Vadiraj Joish

7. anthony - May 7, 2013

[root@rpidvoproxy tmp]# yum install dansguardian-av
Loaded plugins: fastestmirror, refresh-packagekit
Loading mirror speeds from cached hostfile
* base: centos.ipserverone.com
* extras: mirror.upsi.edu.my
* updates: mirror.upsi.edu.my
Setting up Install Process
No package dansguardian-av available.
Error: Nothing to do

nothing happens.

8. anthony - May 7, 2013

[root@rpidvoproxy rpidavao]# rpm -ihv http://repo.securityteam.us/repository/redhat/securityteamus-repo-latest.rpm
Retrieving http://repo.securityteam.us/repository/redhat/securityteamus-repo-latest.rpm
curl: (22) The requested URL returned error: 403 Forbidden
error: skipping http://repo.securityteam.us/repository/redhat/securityteamus-repo-latest.rpm – transfer failed
[root@rpidvoproxy rpidavao]#

9. Squidblacklist (@Squidblacklist) - August 27, 2014

Squidblacklist.org is the worlds leading publisher of native acl blacklists tailored specifically for use with Squid proxy, as well as we also publish multiple alternative formats for all major third party plugins as well as many other filtering platforms, such as UFDBGuard and Barracuda Networks devices..

There is room for better blacklists, we intend to fill that gap.

It would be our pleasure to serve you.

Signed,

Benjamin E. Nichols

http://www.squidblacklist.org


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 37 other followers

%d bloggers like this: