Results 1 to 10 of 10

Thread: Help Seting up Clamav for Scanning HTTP Traffic to Squid Proxy Server

  1. #1
    Join Date
    Feb 2008
    Posts
    89
    Rep Power
    0

    Default Help Seting up Clamav for Scanning HTTP Traffic to Squid Proxy Server

    I'm totally new to Proxy Servers but i've been doing alot of reading on it an i think having one has great benefits for a home/SMB network.

    I'm trying to setup a Centos 5.6 Squid Proxy Server with Dansguardian content filtering & Clamav scanning incoming HTTP Traffic from the Internet.

    With the help of a tutorial i was able to install squid,clamav and dansguardian.
    I then proceeded to setup an configure the Proxy Server, i was able to test and confirm that Squid and Dansguardian Content Filter is working, however i dont know if Clamav is scanning HTTP traffic before it hits the client/server. Is there a way i can check if the Antivirus scanning is working.. is there some log file or real world test i can i can do to confirm that Clamav is scanning incoming traffic or even blocking potential viruses ??

    Anyone who has squid proxy server with Clamav configured and its working can share there settings/setup with me and how they tested it ??

    Also share some best practices for a Squid Proxy server..

    Link to tutorial..http://hasnainali.wordpress.com/2009...ivirus-clamav/

    Thanks much

  2. #2
    Join Date
    Aug 2002
    Posts
    3,959
    Rep Power
    25

    Default

    H have never used Clam in this way. I just use it to scan the shares on my Samba server. Clam keeps some test virus files in a folder. Typically people use them when they want to test Clam with email applications. They email a test virus to see if Clam is working.

    The test virus files are located in the /usr/local/clamav/0.xx.x/test folder on my server where 0.xx.x is Clam's version number. I installed Clam from source. Not sure where the test folder will be on your machine.

    Perhaps you an email a test virus to a Hotmail or Yahoo account. You could then try and download it and see what happens.

    You may also find it interesting to look at Smoothwall. It is a firewall that has connectors for Dansguardian and Clam.
    Last edited by jamrock; May 22, 2011 at 01:57 PM.

  3. #3
    Join Date
    Feb 2008
    Posts
    89
    Rep Power
    0

    Default

    Quote Originally Posted by jamrock View Post
    H have never used Clam in this way. I just use it to scan the shares on my Samba server. Clam keeps some test virus files in a folder. Typically people use them when they want to test Clam with email applications. They email a test virus to see if Clam is working.

    The test virus files are located in the /usr/local/clamav/0.xx.x/test folder on my server where 0.xx.x is Clam's version number. I installed Clam from source. Not sure where the test folder will be on your machine.

    Perhaps you an email a test virus to a Hotmail or Yahoo account. You could then try and download it and see what happens.

    You may also find it interesting to look at Smoothwall. It is a firewall that has connectors for Dansguardian and Clam.
    Hey thanks for the reply..
    I do use Smoothwall (in a virtual environment for testing) but i didnt know it has dansguardian and clam connectors... I might jus have a look at it now
    I use clam but it tends to use alot of resources while scanning hence i jus set a cron job for it to scan once daily about 2 in the morning when not much is goin on. . i'm not sure if clam is the right av for the http scanning or even sure if i do need a AV to scan HTTP trafic to the Proxy Server..

    Do you think i really need Av scanning HTTP traffic to the proxy server even though i have content filtering on the proxy server ??

    Whats your recommendation as it relates to proxy servers..

    Thanks Much

  4. #4
    Join Date
    Sep 2005
    Posts
    2,394
    Rep Power
    0

    Default

    Other firewall solutions do implement scanning incoming traffic like untangle. Not all of them tho have the proxy feature. Join the smoothwall forums and check the homebrew section to see the additions u can make to smoothwall
    To find what you seek in the road of life, the best proverb of all is that which says: "Leave no stone unturned." Edward Bulwer Lytton

  5. #5
    Join Date
    Feb 2008
    Posts
    89
    Rep Power
    0

    Default

    @lovepython
    I'll check the forums an see if i can find anything
    Thanks again

  6. #6
    Join Date
    Aug 2002
    Posts
    3,959
    Rep Power
    25

    Default

    I use clam but it tends to use alot of resources while scanning hence i jus set a cron job for it to scan once daily about 2 in the morning when not much is goin on. . i'm not sure if clam is the right av for the http scanning or even sure if i do need a AV to scan HTTP trafic to the Proxy Server..
    Clam was never designed to be an all purpose anti-virus scanner. It was designed specifically to be used on mail servers. It is mostly used to scan attachments on email.

    Linux is much less vulnerable to virus infections than Windows. Prior to Ubuntu, Linux was used primarily for servers. Clam was never designed to be used in the same way as Norton or AVG.

    Virus infections are still seen as a Windows problem by many Linux developers. There has not been any real push to develop an open source solution. However, a number of companies that develop anti-virus applications for Windows now have a module for Linux.

    Please report your findings with Smoothwall or Untangle.

  7. #7
    Join Date
    Feb 2008
    Posts
    89
    Rep Power
    0

    Default

    Quote Originally Posted by jamrock View Post
    Please report your findings with Smoothwall or Untangle.
    I see quite a few Home-brew customizations of Smoothwall with Dansguardian and clam scanning HTTP traffic (DGAV)
    If i decide to take that route (DGAV) i will have to tear down everything i've started an start from scratch because i've already started tweaking my dansguardian.conf file and testing some aspects of it already, using the homebrew smooth wall will complicate it a bit because based on the forums if clamav is not running web surfing will be denied. I think i will continue using my proxy without clam or until i figure out how to integrate clam
    I am going to install the homebrew Smoothwall (DGAV) and get familiar with it until i feel comfortable with it then i may switch over to it.

    Thanks for the help, highly appreciated

  8. #8
    Join Date
    Aug 2002
    Posts
    3,959
    Rep Power
    25

    Default

    Smoothwall is designed to run on a dedicated machine. The installation will format your hard drive. You will need a virtual machine or another physical machine to test it.

  9. #9
    Join Date
    Oct 2003
    Posts
    925
    Rep Power
    0

    Default

    you can use HAVP with Squid and DansGuardian. HAVP will scan HTTP traffic, DansGuardian will do the content Filtering and Squid wil do caching. HAVP uses ClamAV and you can get test virus (not a real virus) here.
    404 error: Signature Not Found

  10. #10
    Join Date
    Feb 2008
    Posts
    89
    Rep Power
    0

    Default

    Quote Originally Posted by maf3000 View Post
    you can use HAVP with Squid and DansGuardian. HAVP will scan HTTP traffic, DansGuardian will do the content Filtering and Squid wil do caching. HAVP uses ClamAV and you can get test virus (not a real virus) here.
    More options..mos def will be checking out HAVP...thnx much

    @jamrock.. okki

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •