Installing and Configuring ICAP on ClamAV

From Wiki

Procedure

Install Packages on RHEL 9

1) Install EPEL Repository in RHEL 9

subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms

2) run dnf

dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm -y

3) Install Clamav packages

dnf -y install clamav clamav-data clamav-devel clamav-freshclam clamav-filesystem clamav-lib clamd

4) Install C-ICAP packages

dnf install c-icap c-icap-libs c-icap-modules -y

Clamav Server

Update Virus definition

Check install with update virus definition

freshclam

Enable as service

systemctl enable clamav-freshclam.service

systemctl status clamav-freshclam.service

Configure clamav

1) Backup default ICAP server configuration file:

cd /etc/clamd.d

mv scan.conf scan.conf_original

2) Create a scan.conf and add the following content:

LogSyslog yes
TCPSocket 3310
User clamscan

Save and exit the file

Start the Clamav Server

systemctl enable clamd.service

systemctl start clamd.service

Configure ICAP Server

1) Backup default ICAP server configuration file:

cd /etc/c-icap

mv c-icap.conf c-icap.conf_original
mv virus_scan.conf virus_scan.conf_original
mv clamd_mod.conf clamd_mod.conf_original

c-icap.conf

Create a c-icap.conf and add the following content:

Include virus_scan.conf
Include srv_content_filtering.conf
PidFile /run/c-icap/c-icap.pid
CommandsSocket /run/c-icap/c-icap.ctl
Timeout 300
MaxKeepAliveRequests 100
KeepAliveTimeout 600
StartServers 3
MaxServers 10
MinSpareThreads     10
MaxSpareThreads     20
ThreadsPerChild     10
MaxRequestsPerChild  0
Port 1344
ServerAdmin [email protected]
ServerName YourServerName
TmpDir /var/tmp
MaxMemObject 131072
DebugLevel 1
Pipelining on
SupportBuggyClients off
ModulesDir /usr/lib64/c_icap
ServicesDir /usr/lib64/c_icap
TemplateDir /usr/share/c_icap/templates/
TemplateDefaultLanguage en
LoadMagicFile /etc/c-icap/c-icap.magic
RemoteProxyUsers off
RemoteProxyUserHeader X-Authenticated-User
RemoteProxyUserHeaderEncoded on
acl all src 0.0.0.0/0.0.0.0
acl PERMIT_REQUESTS type REQMOD RESPMOD OPTIONS
icap_access allow all PERMIT_REQUESTS
ServerLog /var/log/c-icap/server.log
AccessLog /var/log/c-icap/access.log
Service echo srv_echo.so

Save and exit the file

virus_scan.conf

Create a virus_scan.conf and add the following content:

Service antivirus_module virus_scan.so
ServiceAlias srv_clamav virus_scan
ServiceAlias  avscan virus_scan?allow204=on&sizelimit=off&mode=simple
virus_scan.ScanFileTypes TEXT DATA EXECUTABLE ARCHIVE GIF JPEG MSOFFICE
virus_scan.SendPercentData 5
virus_scan.StartSendPercentDataAfter 2M
virus_scan.MaxObjectSize  5M
virus_scan.DefaultEngine clamav
Include clamd_mod.conf


clamd_mod.conf

Create a clamd_mod.conf and add the following content:

Module common clamd_mod.so
clamd_mod.ClamdSocket /run/clamav/clamd.sock

Save and exit the file

srv_content_filtering.conf

Create a new file srv_content_filtering.conf and add the following content:

Service srv_cfg_filter srv_content_filtering.so
srv_content_filtering.RequireContentLength off
srv_content_filtering.MaxBodyData 5M
srv_content_filtering.Match demoScore body /(icap_test|icap-block|test-icap)/i score=200
srv_content_filtering.Match badHeader Header{ICAP-TEST} /BLOCK/
srv_content_filtering.Action block score{demoScore>5}
srv_content_filtering.Action block score{badHeader}

Save and exit the file

Start the ICAP Server

systemctl enable c-icap.service

systemctl start c-icap.service

Verify Configuration

2) Ensure there are no errors in the log file

tail -f /var/log/c-icap/server.log
tail -f /var/log/c-icap/access.log

Ver também