Squid のインストール

$ tar jxf squid-3.0.STABLE1.tar.bz2
$ cd squid-3.0.STABLE1
$ ./configure --prefix=/usr/local/squid
$ make
$ sudo make install

Clamav のインストール

$ tar zxf clamav-0.92.tar.gz
$ cd clamav-0.92
$ ./configure

以下のエラー発生

configure: error: gcc 4.1.0 is known to incorrectly compile upx.c. Upgrade your compiler to at least 4.1.1/4.1.2)

gccのアップデート

# yum update gcc

リトライ

$ cd ..
$ rm -rf clamav-0.92/
$ tar zxf clamav-0.92.tar.gz
$ cd clamav-0.92
$ ./configure

またまたエラー発生

configure: error: User clamav (and/or group clamav) doesn't exist. Please read the documentation !

clamav ユーザ、グループを作成

# groupadd -g 90 clamav
# useradd -u 90 -g 90 -s /bin/false clamav

リトライ

$ cd ..
$ rm -rf clamav-0.92/
$ tar zxf clamav-0.92.tar.gz
$ cd clamav-0.92
$ ./configure
$ make
$ sudo make install

squidclam のインストール

$ tar zxf squidclamav-3.2.tar.gz
$ cd squidclamav-3.2
$ ./configure
$ make clean
$ make
$ sudo make install

squidの設定

/usr/local/squid/etc/squid.conf を編集

squidclamav-3.2/README を参考に

# vi /usr/local/squid/etc/squid.conf

http_access allow localhost
http_access deny to_localhost
url_rewrite_program /usr/local/bin/squidclamav
url_rewrite_children 15
url_rewrite_access deny localhost

その他

cache_dir ufs /var/spool/squid 100 16 256
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
pid_filename /var/run/squid/squid.pid
via off
forwarded_for off

フォルダ作成等

# mkdir /var/log/squid
# mkdir /var/run/squid
# mkdir /var/spool/squid
# chown nobody:nobody /var/log/squid /var/run/squid /var/spool/squid
# /usr/local/squid/sbin/squid -z

clamavの設定

/usr/local/etc/clamd.conf を編集

# vi /usr/local/etc/clamd.conf

#Example ---->(comment out)

LogFile /var/log/clamav/clamav.log

LogTime yes

PidFile /var/run/clamav/clamd.pid

#LocalSocket /tmp/clamd.socket ---->(change)
LocalSocket /var/run/clamav/clamd.sock

TCPSocket 3310

TCPAddr 127.0.0.1

User root

ScanMail yes

/usr/local/etc/freshclam.conf を編集

# vi /usr/local/etc/freshclam.conf

#Example ---->(comment out)

UpdateLogFile /var/log/clamav/freshclam.log

PidFile /var/run/clamav/freshclam.pid

DatabaseMirror database.clamav.net

フォルダ作成等

# mkdir /var/log/clamav
# mkdir /var/run/clamav
# chown clamav:clamav /var/log/clamav /var/run/clamav

とりあえずウィルス定義ファイルの更新

# /usr/local/bin/freshclam

squidclamavの設定

/etc/squidclamav.conf を編集

# cp squidclamav-3.2/squidclamav.conf.dist /etc/squidclamav.conf
# vi /etc/squidclamav.conf

proxy http://127.0.0.1:3128/

# ウィルス検出時のリダイレクト先
redirect http://HOST/clwarn.cgi

debug 0
force 1

stat 0

# /usr/local/etc/clamd.conf の LocalSocket を指定
clamd_local /var/run/clamav/clamd.socket
clamd_ip 127.0.0.1
clamd_port 3310

timeout 60

logfile /var/log/squid/squidclamav.log

content ^.*application\/.*$
content ^.*text\/.*$
content ^.*image\/.*$
regexi ^.*\.exe$
regexi ^.*\.com$
regexi ^.*\.zip$

clamdの起動

# /usr/local/sbin/clamd -c /usr/local/etc/clamd.conf

squidの起動

# /usr/local/squid/sbin/squid

起動後のその他もろもろの設定

ウィルス定義ファイルの更新をcronに追加

# vi /etc/crontab

# 2時間おきに更新
04 */2 * * * clamav /usr/local/bin/freshclam --quiet

ウィルス検出時のリダイレクト先

# cp squidclamav-3.2/clwarn.cgi /PATH/htdocs/

clwarn.cgi の日本語化

logrotate の設定

# cd /etc/logrotate.d
# vi squidclamav

/var/log/squid/squidclamav.log{
	weekly
	rotate 4
	compress
	missingok
	postrotate
	killall -HUP squidclamav > /dev/null
	endscript
}

メモ

clamdの終了

# PID=`ps aux |grep clamd |grep -v grep |awk {'print $2;'}`
# kill $PID

squidの設定再読み込み、終了

(再読み込み)
# /usr/local/squid/sbin/squid -k reconfigure

(終了)
# /usr/local/squid/sbin/squid -k shutdown</pre>

clwarn.cgi の日本語化 cgi

# vi /PATH/htdocs/clwarn.cgi


#!/usr/bin/perl
use strict;

use CGI;

my $VERSION = '3.2';
my $TITLE_VIRUS = "ウィルスを検知しました。";

my $cgi = new CGI;

my $url = $cgi->param('url') || '';
my $virus = $cgi->param('virus') || '';
my $source = $cgi->param('source') || '';
$source =~ s/\/-//;
my $user = $cgi->param('user') || '';


# Remove clamd infos
$virus =~ s/stream: //;
$virus =~ s/ FOUND//;


print qq{Content-type: text/html;

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE html PUBLIC 
  "-//W3C//DTD XHTML 1.0 Strict//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="ja" xml:lang="ja">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>$TITLE_VIRUS</title>
</head>
<body>
<h2 style="color: #FF0000">$TITLE_VIRUS</h2>
<hr />
<p>
};
print qq{
リクエストした URL: $url <br />
発見した ウィルス: $virus
};
print qq{
</p>
<p>
このURLの情報をブロックしました。
</p>
<p>
アクセス元: $source / $user
</p>
<p>
<hr />
Powered by SquidClamAv $VERSION.
</p>
</body>
</html>
};

exit 0;

参考サイト

Clam AntiVirus
http://www.clamav.org/
SquidClamAV日本語サイト
http://www.kozupon.com/squidclamav/index.html
Kozupon.com - SquidClamAVでウィルススキャン!
http://www.kozupon.com/squid/squidclamav.html
ClamAV導入(for CentOS) - 社長blog
http://www.jdcn.co.jp/blog/archives/2006/09/clamavfor-cento.html
Clam Antivirusに関するメモ
http://clamav-jp.sourceforge.jp/jdoc/clamav.html
eicar(European Institute for Computer Antivirus Research)
http://www.eicar.org/