Installing and Configuring ICAP on ClamAV: Difference between revisions
| Line 168: | Line 168: | ||
== Verify Configuration == | == Verify Configuration == | ||
1) Testing your instalation | |||
To test your c-icap server you can use the c-icap-client utility which included in c-icap package. | |||
c-icap-client | |||
Sample result: | |||
<nowiki>c-icap-client | |||
ICAP server:localhost, ip:127.0.0.1, port:1344 | |||
OPTIONS: | |||
Allow 204: Yes | |||
Allow 206: No | |||
Preview: 1024 | |||
Keep alive: Yes | |||
ICAP HEADERS: | |||
ICAP/1.0 200 OK | |||
Methods: RESPMOD, REQMOD | |||
Service: C-ICAP/0.6.2 server - Echo demo service | |||
ISTag: "CI0001-XXXXXXXXX" | |||
Transfer-Preview: * | |||
Options-TTL: 3600 | |||
Date: Mon, 30 Sep 2024 19:49:43 GMT | |||
Preview: 1024 | |||
Allow: 204 | |||
X-Include: X-Authenticated-User, X-Authenticated-Groups | |||
Encapsulated: null-body=0 | |||
</nowiki> | |||
Revision as of 21:25, 30 September 2024
Procedure
Install Packages on RHEL 9
1) Install EPEL Repository in RHEL 9
subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms
2) run dnf
dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm -y
3) Install Clamav packages
dnf -y install clamav clamav-data clamav-devel clamav-freshclam clamav-filesystem clamav-lib clamd
4) Install C-ICAP packages
dnf install c-icap c-icap-libs c-icap-modules -y
Clamav Server
Update Virus definition
Check install with update virus definition
freshclam
Enable as service
systemctl enable clamav-freshclam.service systemctl start clamav-freshclam.service
Check status
systemctl status clamav-freshclam.service
Configure clamav
1) Backup default ICAP server configuration file:
cd /etc/clamd.d mv scan.conf scan.conf_original
2) Create a scan.conf and add the following content:
LogSyslog yes TCPSocket 3310 LocalSocket /run/clamd.scan/clamd.sock User clamscan
Save and exit the file
Start the Clamav Server
systemctl enable [email protected]' systemctl start [email protected]
Configure ICAP Server
1) Backup default ICAP server configuration file:
cd /etc/c-icap mv c-icap.conf c-icap.conf_original mv virus_scan.conf virus_scan.conf_original mv clamd_mod.conf clamd_mod.conf_original
c-icap.conf
Create a c-icap.conf and add the following content:
Include virus_scan.conf Include srv_content_filtering.conf PidFile /run/c-icap/c-icap.pid CommandsSocket /run/c-icap/c-icap.ctl Timeout 300 MaxKeepAliveRequests 100 KeepAliveTimeout 600 StartServers 3 MaxServers 10 MinSpareThreads 10 MaxSpareThreads 20 ThreadsPerChild 10 MaxRequestsPerChild 0 Port 1344 ServerAdmin [email protected] ServerName YourServerName TmpDir /var/tmp MaxMemObject 131072 DebugLevel 1 Pipelining on SupportBuggyClients off ModulesDir /usr/lib64/c_icap ServicesDir /usr/lib64/c_icap TemplateDir /usr/share/c_icap/templates/ TemplateDefaultLanguage en LoadMagicFile /etc/c-icap/c-icap.magic RemoteProxyUsers off RemoteProxyUserHeader X-Authenticated-User RemoteProxyUserHeaderEncoded on acl all src 0.0.0.0/0.0.0.0 acl PERMIT_REQUESTS type REQMOD RESPMOD OPTIONS icap_access allow all PERMIT_REQUESTS ServerLog /var/log/c-icap/server.log AccessLog /var/log/c-icap/access.log Service echo srv_echo.so
Save and exit the file
virus_scan.conf
Create a virus_scan.conf and add the following content:
Service antivirus_module virus_scan.so ServiceAlias srv_clamav virus_scan ServiceAlias avscan virus_scan?allow204=on&sizelimit=off&mode=simple virus_scan.ScanFileTypes TEXT DATA EXECUTABLE ARCHIVE GIF JPEG MSOFFICE virus_scan.SendPercentData 5 virus_scan.StartSendPercentDataAfter 2M virus_scan.MaxObjectSize 5M virus_scan.DefaultEngine clamav Include clamd_mod.conf
clamd_mod.conf
Create a clamd_mod.conf and add the following content:
Module common clamd_mod.so clamd_mod.ClamdSocket /run/clamav/clamd.sock
Save and exit the file
srv_content_filtering.conf
Create a new file srv_content_filtering.conf and add the following content:
Service srv_cfg_filter srv_content_filtering.so
srv_content_filtering.RequireContentLength off
srv_content_filtering.MaxBodyData 5M
srv_content_filtering.Match demoScore body /(icap_test|icap-block|test-icap)/i score=200
srv_content_filtering.Match badHeader Header{ICAP-TEST} /BLOCK/
srv_content_filtering.Action block score{demoScore>5}
srv_content_filtering.Action block score{badHeader}
Save and exit the file
Start the ICAP Server
systemctl enable c-icap.service systemctl start c-icap.service
Verify Configuration
1) Testing your instalation
To test your c-icap server you can use the c-icap-client utility which included in c-icap package.
c-icap-client
Sample result:
c-icap-client ICAP server:localhost, ip:127.0.0.1, port:1344 OPTIONS: Allow 204: Yes Allow 206: No Preview: 1024 Keep alive: Yes ICAP HEADERS: ICAP/1.0 200 OK Methods: RESPMOD, REQMOD Service: C-ICAP/0.6.2 server - Echo demo service ISTag: "CI0001-XXXXXXXXX" Transfer-Preview: * Options-TTL: 3600 Date: Mon, 30 Sep 2024 19:49:43 GMT Preview: 1024 Allow: 204 X-Include: X-Authenticated-User, X-Authenticated-Groups Encapsulated: null-body=0
2) Ensure there are no errors in the log file
tail -f /var/log/c-icap/server.log
tail -f /var/log/c-icap/access.log
Ver também
- ASSP:Automatizando o Rebuild.pl
- Configurando o Postfix com SmartHost do ASSP
- Linux: Configurando DHCP e BIND com DNS Dinamico
- Linux e Unix: Ferramentas de Monitoracao e Performance