Hi All,
Need help on how to configure c-icap to scan http,https and ftp request
Sample virus to test
http://www.eicar.org/download/eicar.com
my configuration is as below
to test my setup I used the above link but it was not scanned for virus
and I was able to downloaded it nothing is working
what am i missing?
can someone help me in this?
#squid.conf
++++++++++++++++++++++++++++++++++++++++++++
icap_enable on
icap_preview_enable on
icap_preview_size 128
icap_send_client_ip on
icap_service service_avi_req reqmod_precache 0
icap://localhost:1344/srv_clamav
icap_service service_avi respmod_precache 1
icap://localhost:1344/srv_clamav
#c-icap.conf
+++++++++++++++++++++++++++++++++++++++++++++
PidFile /var/run/c-icap.pid
CommandsSocket /var/run/c-icap/c-icap.ctl
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 600
StartServers 3
MaxServers 10
MinSpareThreads 10
MaxSpareThreads 20
ThreadsPerChild 10
MaxRequestsPerChild 0
Port 1344
User proxy
Group nobody
TmpDir /var/tmp
MaxMemObject 131072
ServerLog /usr/local/c_icap/var/log/server.log
AccessLog /usr/local/c_icap/var/log/access.log
DebugLevel 3
ModulesDir /usr/lib/c_icap
Module logger sys_logger.so
sys_logger.Prefix "C-ICAP:"
sys_logger.Facility local1
Logger file_logger
AclControllers default_acl
acl localsquid_respmod src 127.0.0.1 type respmod
acl localsquid_options src 127.0.0.1 type options
acl localsquid src 127.0.0.1
acl externalnet src 0.0.0.0/0.0.0.0
acl localnet_respmod src 10.200.2.0/255.255.255.0 type respmod
acl localnet_options src 10.200.2.0/255.255.255.0 type options
acl localnet src 10.200.2.0/255.255.255.0
icap_access allow localsquid_respmod
icap_access allow localsquid_options
icap_access allow localsquid
icap_access allow localnet_respmod
icap_access allow localnet_options
icap_access allow localnet
icap_access deny externalnet
icap_access log localsquid
icap_access log localnet
icap_access log externalnet
ServicesDir /usr/lib/c_icap
Service echo_module srv_echo.so
Service url_check_module srv_url_check.so
Service antivirus_module srv_clamav.so
ServiceAlias avscan srv_clamav?allow204=on&sizelimit=off&mode=simple
srv_clamav.ScanFileTypes TEXT DATA EXECUTABLE ARCHIVE GIF JPEG MSOFFICE
StartSendPercentDataAfter size
srv_clamav.SendPercentData 5
srv_clamav.StartSendPercentDataAfter 2M
previews for srv_clamav
srv_clamav.Allow204Responces off
srv_clamav.MaxObjectSize 5M
srv_clamav.ClamAvMaxFilesInArchive 0
srv_clamav.ClamAvMaxFileSizeInArchive 100M
srv_clamav.ClamAvMaxRecLevel 5
srv_clamav.VirSaveDir /tmp/download/
get_file.pl script in contrib dir)
srv_clamav.VirHTTPServer "http://fortune/cgi-bin/get_file.pl?usename=%
f&remove=1&file="
srv_clamav.VirUpdateTime 15
srv_clamav.VirScanFileTypes ARCHIVE EXECUTABLE
//Remy
Received on Thu Nov 27 2008 - 12:18:49 MST
This archive was generated by hypermail 2.2.0 : Thu Nov 27 2008 - 12:00:03 MST