{"id":860,"date":"2014-12-05T11:08:08","date_gmt":"2014-12-05T14:08:08","guid":{"rendered":"http:\/\/blog.abratel.com.br\/?p=860"},"modified":"2014-12-19T15:01:26","modified_gmt":"2014-12-19T18:01:26","slug":"squid-clamav-c-icap-clamd-e-squidclamav-antivirus-no-proxy-centos-7","status":"publish","type":"post","link":"https:\/\/blog.abratel.com.br\/?p=860","title":{"rendered":"Squid + Clamav (c-icap, clamd e squidclamav) – Antiv\u00edrus no Proxy – CentOS 7"},"content":{"rendered":"

CentOS 7 64bits
\nSquid Cache: Version 3.4.6<\/p>\n

1 – Instalar CLAMAV<\/strong><\/p>\n

\r\n# install from EPEL\r\n[root@dlp ~]# yum --enablerepo=epel -y install clamav clamav-update\r\n[root@dlp ~]# sed -i -e "s\/^Example\/#Example\/" \/etc\/freshclam.conf\r\n# update pattern files\r\n[root@dlp ~]# freshclam\r\nClamAV update process started at Fri Aug 29 22:03:30 2014\r\nmain.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)\r\ndaily.cvd is up to date (version: 19314, sigs: 1094505, f-level: 63, builder: neo)\r\nbytecode.cvd is up to date (version: 242, sigs: 46, f-level: 63, builder: dgoddard)\r\n\r\n<\/pre>\n
2 – Testar scaneamento<\/strong><\/p>\n
\r\n[root@dlp ~]# clamscan --infected --remove --recursive \/home\r\n\r\n----------- SCAN SUMMARY -----------\r\nKnown viruses: 3575245\r\nEngine version: 0.98.4\r\nScanned directories: 2\r\nScanned files: 3\r\nInfected files: 0\r\nData scanned: 0.00 MB\r\nData read: 0.00 MB (ratio 0.00:1)\r\nTime: 10.369 sec (0 m 10 s)\r\n\r\n# fa\u00e7a download de um virus Trial:\r\n[root@dlp ~]# curl -O http:\/\/www.eicar.org\/download\/eicar.com\r\n\r\n# teste a remo\u00e7\u00e3o dele e veja sa\u00edda do comando:\r\n[root@dlp ~]# clamscan --infected --remove --recursive .\r\n.\/eicar.com: Eicar-Test-Signature FOUND\r\n.\/eicar.com: Removed. # just detected\r\n----------- SCAN SUMMARY -----------\r\nKnown viruses: 3575245\r\nEngine version: 0.98.4\r\nScanned directories: 3\r\nScanned files: 10\r\nInfected files: 1\r\nData scanned: 0.00 MB\r\nData read: 256.57 MB (ratio 0.00:1)\r\n\r\n<\/pre>\n
3 – Instala\u00e7\u00e3o Clamav server <\/strong><\/p>\n
\r\n# install from EPEL\r\n[root@prox ~]# yum --enablerepo=epel -y install clamav-server clamav-server-systemd\r\n[root@prox ~]# cp \/usr\/share\/doc\/clamav-server*\/clamd.conf \/etc\/clamd.d\/squid.conf \r\n[root@prox ~]# vi \/etc\/clamd.d\/squid.conf\r\n# Alterar esse arquivo de acordo:\r\n# line 8: Comente\r\n#Example\r\n# line 14: descomente e troque \r\nLogFile \/var\/log\/clamd.squid\r\n# line 66: descomente e troque \r\nPidFile \/var\/run\/clamd.squid\/clamd.pid\r\n# line 70: descomente\r\nTemporaryDirectory \/var\/tmp\r\n# line 85: descomente e troque \r\nLocalSocket \/var\/run\/clamd.squid\/clamd.sock\r\n# line 101: descomente \r\nTCPSocket 3310\r\n# 195: troque\r\nUser squidclamav\r\n\r\nAdicionar o usu\u00e1rio (sem necessidade de login)\r\n\r\n[root@prox ~]# useradd -d \/var\/tmp -s \/sbin\/nologin squidclamav \r\nuseradd: warning: the home directory already exists.\r\nNot copying any file from skel directory into it.\r\n\r\n# Criando o diret\u00f3rio\r\n[root@prox ~]# mkdir \/var\/run\/clamd.squid \r\n\r\nPermiss\u00f5es do usu\u00e1rio ao diret\u00f3rio:\r\n[root@prox ~]# chown squidclamav. \/var\/run\/clamd.squid \r\n[root@prox ~]# cp \/usr\/share\/doc\/clamav-server*\/clamd.sysconfig \/etc\/sysconfig\/clamd.squid \r\n\r\n[root@prox ~]# vi \/etc\/sysconfig\/clamd.squid\r\n# 1, 2: descomente e troque \r\nCLAMD_CONFIGFILE=\/etc\/clamd.d\/squid.conf\r\nCLAMD_SOCKET=\/var\/run\/clamd.squid\/clamd.sock\r\n\r\n[root@prox ~]# vi \/etc\/tmpfiles.d\/clamd.squid.conf\r\n# crie um novo arquivo contendo:\r\nd \/var\/run\/clamd.squid 0755 squidclamav squidclamav -\r\n\r\n[root@prox ~]# vi \/usr\/lib\/systemd\/system\/clamd@.service\r\n# Adicionar as seguintes linhas ao final do arquivo:\r\n[Install]\r\nWantedBy=multi-user.target\r\n\r\n[root@prox ~]# touch \/var\/log\/clamd.squid \r\n[root@prox ~]# chown squidclamav. \/var\/log\/clamd.squid \r\n[root@prox ~]# chmod 600 \/var\/log\/clamd.squid \r\n\r\n# Adicionando para inicializa\u00e7\u00e3o autom\u00e1tica junto ao boot:\r\n[root@prox ~]# systemctl start clamd@squid \r\n[root@prox ~]# systemctl enable clamd@squid \r\nln -s '\/usr\/lib\/systemd\/system\/clamd@.service' '\/etc\/systemd\/system\/multi-user.target.wants\/clamd@squid.service'\r\n\r\n<\/pre>\n
4 – Instala\u00e7\u00e3o do icap<\/strong><\/p>\n
\r\n[root@prox ~]# yum -y install gcc make \r\n[root@prox ~]# curl -O http:\/\/ftp.jaist.ac.jp\/pub\/sourceforge\/c\/project\/c-\/c-icap\/c-icap\/0.3.x\/c_icap-0.3.4.tar.gz\r\n[root@prox ~]# tar zxvf c_icap-0.3.4.tar.gz \r\n[root@prox ~]# cd c_icap-0.3.4 \r\n[root@prox c_icap-0.3.4]# .\/configure \r\n[root@prox c_icap-0.3.4]# make\r\n[root@prox c_icap-0.3.4]# make install \r\n[root@prox c_icap-0.3.4]# cd \r\n[root@prox ~]# cp \/usr\/local\/etc\/c-icap.conf \/etc \r\n\r\n[root@prox ~]# vi \/etc\/c-icap.conf\r\n# line 140: troque para seu email\r\nServerAdmin root@server.world\r\n# line 149: coloque o hostname do servidor em quest\u00e3o\r\nServerName prox.server.world\r\n# line 500: add\r\nService squidclamav squidclamav.so\r\n\r\n[root@prox ~]# vi \/etc\/tmpfiles.d\/c-icap.conf\r\n# crie um novo arquivo contendo\r\nd \/var\/run\/c-icap 0755 root root -\r\n\r\n# Criar o arquivo de inicializa\u00e7\u00e3o com o conte\u00fado abaixo.\r\n[root@prox ~]# vi \/etc\/rc.d\/init.d\/c-icap\r\n# ----------------- COME\u00c7A AQUI ----------------------------\r\n #!\/bin\/bash\r\n\r\n# c-icap: Start\/Stop c-icap\r\n# chkconfig: - 70 30\r\n# description: c-icap is an implementation of an ICAP server.\r\n# processname: c-icap\r\n# pidfile: \/var\/run\/c-icap\/c-icap.pid\r\n\r\n. \/etc\/rc.d\/init.d\/functions\r\n. \/etc\/sysconfig\/network\r\n\r\nCONFIG_FILE=\/etc\/c-icap.conf\r\nPID_DIR=\/var\/run\/c-icap\r\n\r\nRETVAL=0\r\nstart() {\r\n   echo -n $"Starting c-icap: "\r\n   daemon \/usr\/local\/bin\/c-icap -f $CONFIG_FILE\r\n   RETVAL=$?\r\n   echo\r\n   [ $RETVAL -eq 0 ] && touch \/var\/lock\/subsys\/c-icap\r\n   return $RETVAL\r\n}\r\nstop() {\r\n   echo -n $"Stopping c-icap: "\r\n   killproc c-icap\r\n   rm -f \/var\/run\/c-icap\/c-icap.ctl\r\n   RETVAL=$?\r\n   echo\r\n   [ $RETVAL -eq 0 ] && rm -f $PID_DIR\/c-icap.pid \/var\/lock\/subsys\/c-icap\r\n   return $RETVAL\r\n}\r\ncase "$1" in\r\n   start)\r\n      start\r\n   ;;\r\n   stop)\r\n      stop\r\n   ;;\r\n   status)\r\n      status c-icap\r\n   ;;\r\n   restart)\r\n      stop\r\n      start\r\n   ;;\r\n   *)\r\n      echo $"Usage: $0 {start|stop|status|restart}"\r\n   exit 1\r\nesac\r\nexit $?\r\n# ----------------- TERMINA AQUI ----------------------------\r\n\r\n# Atribua as permiss\u00f5es\r\n[root@prox ~]# chmod 755 \/etc\/rc.d\/init.d\/c-icap \r\n\r\n<\/pre>\n
5 – Instala\u00e7\u00e3o squid clamav<\/strong> <\/p>\n
\r\n[root@prox ~]# curl -L -O http:\/\/downloads.sourceforge.net\/project\/squidclamav\/squidclamav\/6.11\/squidclamav-6.11.tar.gz \r\n[root@prox ~]# tar zxvf squidclamav-6.11.tar.gz \r\n[root@prox ~]# cd squidclamav-6.11 \r\n[root@prox squidclamav-6.11]# .\/configure --with-c-icap \r\n[root@prox squidclamav-6.11]# make\r\n[root@prox squidclamav-6.11]# make install \r\n\r\n[root@prox squidclamav-6.11]# cd \r\n[root@prox ~]# ln -s \/usr\/local\/etc\/squidclamav.conf \/etc\/squidclamav.conf \r\n\r\n#Procure pelo arquivo clwarn.cgi.pt_BR e copie ele para o diret\u00f3rio do apache cgi-bin\r\n[root@prox ~]# cp \/usr\/src\/squidclamav-6.11\/cgi-bin\/clwarn.cgi.pt_BR \/var\/www\/cgi-bin\/\r\n\r\n[root@prox ~]# vi \/etc\/squidclamav.conf\r\n# line 17: Troque para o local onde copio o arquivo clwarn.cgi.pt_BR\r\nredirect http:\/\/192.168.254.254:81\/cgi-bin\/clwarn.cgi.pt_BR\r\n# line 26: troque para igual o sock do clamd\r\nclamd_local \/var\/run\/clamd.squid\/clamd.sock\r\n\r\n# Adicionando na inicializa\u00e7\u00e3o junto ao boot\r\n[root@prox ~]# systemctl start c-icap \r\n[root@prox ~]# chkconfig --add c-icap \r\n[root@prox ~]# chkconfig c-icap on \r\n\r\n<\/pre>\n
6 – Adicionando os par\u00e2metros ao final do squid<\/strong><\/p>\n
\r\n[root@prox ~]# vi \/etc\/squid\/squid.conf\r\nicap_enable on\r\nicap_send_client_ip on\r\nicap_send_client_username on\r\nicap_client_username_header X-Authenticated-User\r\nicap_preview_enable on\r\nicap_preview_size 1024\r\nicap_service service_req reqmod_precache bypass=1 icap:\/\/127.0.0.1:1344\/squidclamav\r\nadaptation_access service_req allow all\r\nicap_service service_resp respmod_precache bypass=1 icap:\/\/127.0.0.1:1344\/squidclamav\r\nadaptation_access service_resp allow all\r\n\r\n<\/pre>\n
7 – Restart do squid e teste<\/strong><\/p>\n
\r\nsystemctl restart squid \r\n\r\n<\/pre>\n
Instalar:
\nyum install perl-CGI<\/p>\n
Conferir parametros cgi no apache.<\/p>\n
Obs: Seria interessante realizar um restart do servidor para averiguar se todos os servi\u00e7os subir\u00e3o automaticamente.<\/p>\n
Entre no site http:\/\/eicar.org\/85-0-Download.html e clique sobre o “eicar.com” que eh um virus trial para teste.
\nDever\u00e1 apresentar a tela do Clamav bloqueando o acesso como abaixo:
\n\"Imagem<\/a><\/p>\n
8 – Adicionar no crontab a atualiza\u00e7\u00e3o do antivirus e procura dos virus<\/strong><\/p>\n
# Atualizando a base de dados do clamav diariamente:
\n00 1 * * * \/usr\/bin\/freshclam > \/dev\/null &> \/dev\/null
\n# Varrendo diretorios com clamav e enviando os virus para o diretorio INFECTADOS criado
\n00 23 * * * \/usr\/bin\/clamscan -r –move=\/storage1\/infectados \/share\/publica
\n00 20 * * * \/usr\/bin\/clamscan -r –move=\/storage1\/infectados \/var\/www<\/p>\n","protected":false},"excerpt":{"rendered":"
CentOS 7 64bits Squid Cache: Version 3.4.6 1 – Instalar CLAMAV 2 – Testar scaneamento 3 – Instala\u00e7\u00e3o Clamav server 4 – Instala\u00e7\u00e3o do icap 5 – Instala\u00e7\u00e3o squid clamav 6 – Adicionando os par\u00e2metros ao final do squid 7 – Restart do squid e…<\/p>\n","protected":false},"author":1,"featured_media":861,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[7],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/posts\/860"}],"collection":[{"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=860"}],"version-history":[{"count":3,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/posts\/860\/revisions"}],"predecessor-version":[{"id":868,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/posts\/860\/revisions\/868"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/media\/861"}],"wp:attachment":[{"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=860"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=860"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=860"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}