Procedure

Install Packages on RHEL 9

1) Install EPEL Repository in RHEL 9

subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms

2) run dnf

dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm -y

3) Install Clamav packages

dnf -y install clamav clamav-data clamav-devel clamav-freshclam clamav-filesystem clamav-lib clamd

4) Install C-ICAP packages

dnf install c-icap c-icap-libs c-icap-modules -y

Clamav Server

Update Virus definition

Check install with update virus definition

freshclam

Enable as service

systemctl enable clamav-freshclam.service

systemctl start clamav-freshclam.service

Check status

systemctl status clamav-freshclam.service

Configure clamav

1) Backup default ICAP server configuration file:

cd /etc/clamd.d

mv scan.conf scan.conf_original

2) Create a scan.conf and add the following content:

LogSyslog yes
TCPSocket 3310
LocalSocket /run/clamd.scan/clamd.sock
User clamscan

Save and exit the file

Start the Clamav Server

systemctl enable [email protected]'

systemctl start [email protected]

Configure ICAP Server

1) Backup default ICAP server configuration file:

cd /etc/c-icap

mv c-icap.conf c-icap.conf_original
mv virus_scan.conf virus_scan.conf_original
mv clamd_mod.conf clamd_mod.conf_original

c-icap.conf

Create a c-icap.conf and add the following content:

Include virus_scan.conf
Include srv_content_filtering.conf
PidFile /run/c-icap/c-icap.pid
CommandsSocket /run/c-icap/c-icap.ctl
Timeout 300
MaxKeepAliveRequests 100
KeepAliveTimeout 600
StartServers 3
MaxServers 10
MinSpareThreads     10
MaxSpareThreads     20
ThreadsPerChild     10
MaxRequestsPerChild  0
Port 1344
ServerAdmin [email protected]
ServerName YourServerName
TmpDir /var/tmp
MaxMemObject 131072
DebugLevel 1
Pipelining on
SupportBuggyClients off
ModulesDir /usr/lib64/c_icap
ServicesDir /usr/lib64/c_icap
TemplateDir /usr/share/c_icap/templates/
TemplateDefaultLanguage en
LoadMagicFile /etc/c-icap/c-icap.magic
RemoteProxyUsers off
RemoteProxyUserHeader X-Authenticated-User
RemoteProxyUserHeaderEncoded on
acl all src 0.0.0.0/0.0.0.0
acl PERMIT_REQUESTS type REQMOD RESPMOD OPTIONS
icap_access allow all PERMIT_REQUESTS
ServerLog /var/log/c-icap/server.log
AccessLog /var/log/c-icap/access.log
Service echo srv_echo.so

Save and exit the file

virus_scan.conf

Create a virus_scan.conf and add the following content:

Service antivirus_module virus_scan.so
ServiceAlias srv_clamav virus_scan
ServiceAlias  avscan virus_scan?allow204=on&sizelimit=off&mode=simple
virus_scan.ScanFileTypes TEXT DATA EXECUTABLE ARCHIVE GIF JPEG MSOFFICE
virus_scan.SendPercentData 5
virus_scan.StartSendPercentDataAfter 2M
virus_scan.MaxObjectSize  5M
virus_scan.DefaultEngine clamav
Include clamd_mod.conf

clamd_mod.conf

Create a clamd_mod.conf and add the following content:

Module common clamd_mod.so
clamd_mod.ClamdSocket /run/clamav/clamd.sock

Save and exit the file

srv_content_filtering.conf

Create a new file srv_content_filtering.conf and add the following content:

Service srv_cfg_filter srv_content_filtering.so
srv_content_filtering.RequireContentLength off
srv_content_filtering.MaxBodyData 5M
srv_content_filtering.Match demoScore body /(icap_test|icap-block|test-icap)/i score=200
srv_content_filtering.Match badHeader Header{ICAP-TEST} /BLOCK/
srv_content_filtering.Action block score{demoScore>5}
srv_content_filtering.Action block score{badHeader}

Save and exit the file

Start the ICAP Server

systemctl enable c-icap.service

systemctl start c-icap.service

Verify Configuration

1) Testing your instalation

To test your c-icap server you can use the c-icap-client utility which included in c-icap package.

c-icap-client

Sample result:

c-icap-client
ICAP server:localhost, ip:127.0.0.1, port:1344

OPTIONS:
	Allow 204: Yes
	Allow 206: No
	Preview: 1024
	Keep alive: Yes

ICAP HEADERS:
	ICAP/1.0 200 OK
	Methods: RESPMOD, REQMOD
	Service: C-ICAP/0.6.2 server - Echo demo service
	ISTag: "CI0001-XXXXXXXXX"
	Transfer-Preview: *
	Options-TTL: 3600
	Date: Mon, 30 Sep 2024 19:49:43 GMT
	Preview: 1024
	Allow: 204
	X-Include: X-Authenticated-User, X-Authenticated-Groups
	Encapsulated: null-body=0

2) Ensure there are no errors in the log file

tail -f /var/log/c-icap/server.log

tail -f /var/log/c-icap/access.log

Know Problems

C-ICAP: Cannot connect to clamd server

In /var/log/c-icap/server.log, I had the following error:

Tue Oct  1 08:10:44 2024, main proc, clamd_connect: Can not connect to clamd server on /run/clamd.scan/clamd.sock!
Tue Oct  1 08:10:44 2024, main proc, clamd_init: Error while sending command to clamd server
Tue Oct  1 08:10:44 2024, main proc, Registry 'virus_scan::engines' does not exist!

To fix, change permissions of clamd.scan directory:

chmod g+rx,o+rx /run/clamd.scan

Ver também

• ASSP:Automatizando o Rebuild.pl
• Configurando o Postfix com SmartHost do ASSP
• Linux: Configurando DHCP e BIND com DNS Dinamico
• Linux e Unix: Ferramentas de Monitoracao e Performance

• Mais Artigos sobre Linux / UNIX / AIX
• Mais Artigos sobre Tecnologias