Installing and Configuring ICAP on ClamAV
Procedure
Install Packages on RHEL 9
1) Install EPEL Repository in RHEL 9
subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms
2) run dnf
dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm -y
3) Install Clamav packages
dnf -y install clamav clamav-data clamav-devel clamav-freshclam clamav-filesystem clamav-lib clamd
4) Install C-ICAP packages
dnf install c-icap c-icap-libs c-icap-modules -y
Clamav Server
Update Virus definition
Check install with update virus definition
freshclam
Enable as service
systemctl enable clamav-freshclam.service systemctl status clamav-freshclam.service
Configure clamav
1) Backup default ICAP server configuration file:
cd /etc/clamd.d mv scan.conf scan.conf_original
2) Create a scan.conf and add the following content:
LogSyslog yes TCPSocket 3310 User clamscan
Save and exit the file
Start the Clamav Server
systemctl enable clamd.service systemctl start clamd.service
Configure ICAP Server
1) Backup default ICAP server configuration file:
cd /etc/c-icap mv c-icap.conf c-icap.conf_original mv virus_scan.conf virus_scan.conf_original mv clamd_mod.conf clamd_mod.conf_original
c-icap.conf
Create a c-icap.conf and add the following content:
Include virus_scan.conf Include srv_content_filtering.conf PidFile /run/c-icap/c-icap.pid CommandsSocket /run/c-icap/c-icap.ctl Timeout 300 MaxKeepAliveRequests 100 KeepAliveTimeout 600 StartServers 3 MaxServers 10 MinSpareThreads 10 MaxSpareThreads 20 ThreadsPerChild 10 MaxRequestsPerChild 0 Port 1344 ServerAdmin [email protected] ServerName YourServerName TmpDir /var/tmp MaxMemObject 131072 DebugLevel 1 Pipelining on SupportBuggyClients off ModulesDir /usr/lib64/c_icap ServicesDir /usr/lib64/c_icap TemplateDir /usr/share/c_icap/templates/ TemplateDefaultLanguage en LoadMagicFile /etc/c-icap/c-icap.magic RemoteProxyUsers off RemoteProxyUserHeader X-Authenticated-User RemoteProxyUserHeaderEncoded on acl all src 0.0.0.0/0.0.0.0 acl PERMIT_REQUESTS type REQMOD RESPMOD OPTIONS icap_access allow all PERMIT_REQUESTS ServerLog /var/log/c-icap/server.log AccessLog /var/log/c-icap/access.log Service echo srv_echo.so
Save and exit the file
virus_scan.conf
Create a virus_scan.conf and add the following content:
Service antivirus_module virus_scan.so ServiceAlias srv_clamav virus_scan ServiceAlias avscan virus_scan?allow204=on&sizelimit=off&mode=simple virus_scan.ScanFileTypes TEXT DATA EXECUTABLE ARCHIVE GIF JPEG MSOFFICE virus_scan.SendPercentData 5 virus_scan.StartSendPercentDataAfter 2M virus_scan.MaxObjectSize 5M virus_scan.DefaultEngine clamav Include clamd_mod.conf
clamd_mod.conf
Create a clamd_mod.conf and add the following content:
Module common clamd_mod.so clamd_mod.ClamdSocket /run/clamav/clamd.sock
Save and exit the file
srv_content_filtering.conf
Create a new file srv_content_filtering.conf and add the following content:
Service srv_cfg_filter srv_content_filtering.so srv_content_filtering.RequireContentLength off srv_content_filtering.MaxBodyData 5M srv_content_filtering.Match demoScore body /(icap_test|icap-block|test-icap)/i score=200 srv_content_filtering.Match badHeader Header{ICAP-TEST} /BLOCK/ srv_content_filtering.Action block score{demoScore>5} srv_content_filtering.Action block score{badHeader}
Save and exit the file
Start the ICAP Server
systemctl enable c-icap.service systemctl start c-icap.service
Verify Configuration
2) Ensure there are no errors in the log file
tail -f /var/log/c-icap/server.log
tail -f /var/log/c-icap/access.log
Ver também
- ASSP:Automatizando o Rebuild.pl
- Configurando o Postfix com SmartHost do ASSP
- Linux: Configurando DHCP e BIND com DNS Dinamico
- Linux e Unix: Ferramentas de Monitoracao e Performance