Securepoint Squid eCAP Antivirus adapter Code
Antivirus eCAP adapter for Squid 3.1 and above.
Brought to you by:
securepoint
Menu
▾
▴
Tree [5cc462] master / History
| File | Date | Author | Commit |
|---|---|---|---|
| src | 2014-08-28 |
Gernot Tenchio
|
[5cc462] added blocklist support |
| .gitignore | 2011-03-16 |
Gernot Tenchio
|
[7c812d] added .gitignore |
| CHANGES | 2013-11-12 |
Gernot Tenchio
|
[20eb01] prepare v1.0.6 |
| CMakeLists.txt | 2013-11-12 |
Gernot Tenchio
|
[80b047] v1.0.6 |
| LICENSE-eCAP | 2011-03-07 |
Gernot Tenchio
|
[375b68] initial commit |
| LICENSE.txt | 2011-03-07 |
Gernot Tenchio
|
[375b68] initial commit |
| NOTICE | 2011-03-07 |
Gernot Tenchio
|
[375b68] initial commit |
| README.asciidoc | 2014-01-23 |
Gernot Tenchio
|
[03e1f6] renamed README to README.asciidoc |
| doc.conf | 2011-03-18 |
Gernot Tenchio
|
[cb1224] added doc config |
| doc.css | 2011-03-18 |
Gernot Tenchio
|
[cb1224] added doc config |
Read Me
Securepoint eCAP antivirus adapter ================================== About ----- Securepoint eCAP antivirus adapter is an loadable eCAP adapter for the popular Squid HTTP-Proxy which allows you to scan all traffic going through for known viruses. Currently the only supported virus scan engines are clamav and commtouch csamd. The very latest version can be downloaded @ https://sourceforge.net/projects/squid-ecap-av/files/latest/download[sourceforge.net]. Development of this adapter started in March 2011 because nothing comparable could be found at this time. In the meantime (2011-03-17) at least one similar project exists, which you can find http://www.e-cap.org/Downloads[here]. Features ~~~~~~~~ * content type detection via libmagic * configurable skiplist dependent of the detected content type * data trickling * patience pages (not yet) ============================================================================== eCAP support was introduced with SQUID version *3.1.*. You cannot use the Securepoint eCAP antivirus adapter with earlier versions of SQUID. ============================================================================== Installation ------------ Download and install libecap ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .Download and unpack: ------------------------------------------------------------------------------ wget http://www.measurement-factory.com/tmp/ecap/libecap-0.0.3.tar.gz tar xf libecap-0.0.3.tar.gz ------------------------------------------------------------------------------ .Build and install: ------------------------------------------------------------------------------ cd libecap-0.0.3/ ./configure make make install ------------------------------------------------------------------------------ Download and install Securepoint eCAP antivirus adapter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In addition to libecap, libmagic is required to build the Securepoint eCAP antivirus adapter. Any modern Linux distribution should have libmagic installed already because its part of the http://www.darwinsys.com/file/[file] package. Anyhow, you have to install the development headers too. On Fedora this is done by typing: ------------------------------------------------------------------------------ yum install file-devel ------------------------------------------------------------------------------ .Download and unpack: Project homepage is http://sourceforge.net/projects/squid-ecap-av/. If you like living on the bleeding edge, you can pull the working branch directly from http://squid-ecap-av.git.sourceforge.net/git/gitweb.cgi?p=squid-ecap-av[ git://squid-ecap-av.git.sourceforge.net/gitroot/squid-ecap-av/squid-ecap-av]. ------------------------------------------------------------------------------ wget http://downloads.sourceforge.net/project/squid-ecap-av/1.x.x/squid-ecap-av-1.0.6.tar.bz2 tar xf squid-ecap-av-1.0.6.tar.bz2 ------------------------------------------------------------------------------ .Build and install: ------------------------------------------------------------------------------ mkdir squid-ecap-av-1.0.6/build cd squid-ecap-av-1.0.6/build cmake -DCMAKE_INSTALL_PREFIX=/usr .. make make install ------------------------------------------------------------------------------ Usage ----- Add the following lines to your +/etc/squid/squid.conf+: ------------------------------------------------------------------------------ acl HTTP_STATUS_OK http_status 200 loadable_modules /usr/libexec/squid/ecap_adapter_av.so ecap_enable on ecap_service AVRESP respmod_precache bypass=0 ecap://www.securepoint.de/ecap_av adaptation_access AVRESP allow HTTP_STATUS_OK ------------------------------------------------------------------------------ To skip scanning of html pages and all image types add the following lines to +/etc/squid/ecap_adapter_av.skip+: ------------------------------------------------------------------------------ text/html image/.* ------------------------------------------------------------------------------ To skip scanning of bodies larger than 1MB add the following directive to +/etc/squid/ecap_adapter_av.conf+: ------------------------------------------------------------------------------ maxscansize = 1048576 ------------------------------------------------------------------------------ Configuration ------------- Currently the following options are supported: * +avdsocket+: path to the unix socket the AV-daemon is listening on (+/tmp/clamd.sock+) * +trickletime+ (sec): send some bytes each +trickletime+ seconds (+30+) * +maxscansize+ (bytes): skip scanning of bodies larger than +maxscansize+, set to 0 to always scan the whole body (+0+) * +magicdb+: path to the magic database file (+/usr/share/misc/magic.mgc+) * +skiplist+: path to the file containing the list of mimetypes not to scan (+/etc/squid/ecap_adapter_av.skip+) * +tempdir+: directory to store temporary files in * +readtimeout+: timeout for AV socket read operations * +writetimeout+: timeout for AV socket write operations Testing ------- Point your browser to go through the proxy and try to download the eicar Anti-Malware test file from http://www.eicar.org/download/eicar.com[here]. Bug reporting ------------- Report bugs through the SourceForge.net http://sourceforge.net/projects/squid-ecap-av[squid-ecap-av] project page. A note for Firefox Users ------------------------ How to solve "Content Encoding Error" on firefox? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This issue is fixed since *v1.0.6pre5*. Nervertheless for the record: From http://answers.yahoo.com/question/index?qid=20100804010634AAxaUGD * In the address bar type *about:config* * Tell it that you will be careful, Promise!! * In the filter type encoding * There should be one option reading *network.http.accept-encoding* * Click in the value column and type *true* We are working on this issue, but currently we have no idea what happens. :-( vim:set ft=asciidoc: