Posted in Howto Linux Proxy Red Hat/CentOS Security
CentOS/RHEL : Web Proxy + Antivirus (ClamAV)
I’ll explain here how to setup a web proxy with antivirus capabilities.
We will use these tools : Squid + ClamAV + a patched version of DansGuardian
The clamav packages provided are now outdated, I’m going to build an updated version as soon as I can
Squid : www.squid-cache.org
ClamAV : www.clamav.net
DansGuardian : dansguardian.org
DansGuardian Antivirus plugin : http://www.harvest.com.br/asp/afn/dg.nsf
You can download squid from the default CentOS repository.
I’ll consider you already have a functional squid server.
The requirements for squid are :
- it should listen on port 3128
- it should only allow requests from localhost
/etc/squid/squid.conf :
http_port 3128
acl localhost src 127.0.0.0/255.0.0.0
http_access allow localhost
http_access deny all
Install DansGuardian with the antivirus plugin from SecurityTeam.us repo :
Install the SecurityTeamUS repo :
rpm -ihv http://repo.securityteam.us/repository/redhat/securityteamus-repo-latest.rpm
Install DansGuardian-av and its dependencies (included on SecurityTeamUS) :
yum install dansguardian-av
Output :
Setting up Install Process
Setting up repositories
SecurityTeamUS 100% |=========================| 951 B 00:00
Reading repository metadata in from local files
primary.xml.gz 100% |=========================| 30 kB 00:00
SecurityTe: ################################################## 68/68
Added 68 new packages, deleted 0 old in 0.88 seconds
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for dansguardian-av to pack into transaction set.
dansguardian-av-2.8.0.6-1 100% |=========================| 24 kB 00:00
---> Package dansguardian-av.i386 0:2.8.0.6-1 set to be updated
--> Running transaction check
--> Processing Dependency: libclamav.so.1 for package: dansguardian-av
--> Processing Dependency: clamd for package: dansguardian-av
--> Processing Dependency: libesmtp.so.5 for package: dansguardian-av
--> Processing Dependency: libesmtp for package: dansguardian-av
--> Processing Dependency: clamav for package: dansguardian-av
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for libesmtp to pack into transaction set.
libesmtp-0.8.12-1.i386.rp 100% |=========================| 4.9 kB 00:00
---> Package libesmtp.i386 0:0.8.12-1 set to be updated
---> Downloading header for clamd to pack into transaction set.
clamd-0.88.7-1.i386.rpm 100% |=========================| 4.7 kB 00:00
---> Package clamd.i386 0:0.88.7-1 set to be updated
---> Downloading header for clamav to pack into transaction set.
clamav-0.88.7-1.i386.rpm 100% |=========================| 7.4 kB 00:00
---> Package clamav.i386 0:0.88.7-1 set to be updated
--> Running transaction check
--> Processing Dependency: clamav-db = 0.88.7-1 for package: clamav
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for clamav-db to pack into transaction set.
clamav-db-0.88.7-1.i386.r 100% |=========================| 2.6 kB 00:00
---> Package clamav-db.i386 0:0.88.7-1 set to be updated
--> Running transaction check
.
Dependencies Resolved
.
=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
dansguardian-av i386 2.8.0.6-1 SecurityTeamUS 309 k
Installing for dependencies:
clamav i386 0.88.7-1 SecurityTeamUS 944 k
clamav-db i386 0.88.7-1 SecurityTeamUS 7.3 M
clamd i386 0.88.7-1 SecurityTeamUS 64 k
libesmtp i386 0.8.12-1 SecurityTeamUS 176 k
.
Transaction Summary
=============================================================================
Install 5 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 8.8 M
Is this ok [y/N]: y
.
Start ClamAV daemon :
service clamd start
By default, clamd should listen on 127.0.0.1:3310
Set up DansGuardian-av this way :
reportinglevel = 3
languagedir = '/etc/dansguardian/languages'
language = 'ukenglish'
loglevel = 3
logexceptionhits = on
logfileformat = 1
loglocation = '/var/log/dansguardian/access.log'
filterip =
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128
nonstandarddelimiter = on
usecustombannedimage = 1
custombannedimagefile = '/etc/dansguardian/transparent1x1.gif'
filtergroups = 1
filtergroupslist = '/etc/dansguardian/filtergroupslist'
bannediplist = '/etc/dansguardian/bannediplist'
exceptioniplist = '/etc/dansguardian/exceptioniplist'
banneduserlist = '/etc/dansguardian/banneduserlist'
exceptionuserlist = '/etc/dansguardian/exceptionuserlist'
showweightedfound = on
weightedphrasemode = 0
urlcachenumber = 3000
urlcacheage = 900
phrasefiltermode = 2
preservecase = 0
hexdecodecontent = 0
forcequicksearch = 0
reverseaddresslookups = off
reverseclientiplookups = off
createlistcachefiles = on
maxuploadsize = -1
maxcontentfiltersize = 256
usernameidmethodproxyauth = on
usernameidmethodident = off
preemptivebanning = on
forwardedfor = off
usexforwardedfor = off
logconnectionhandlingerrors = on
maxchildren = 120
minchildren = 8
minsparechildren = 4
preforkchildren = 6
maxsparechildren = 32
maxagechildren = 500
ipcfilename = '/tmp/.dguardianipc'
urlipcfilename = '/tmp/.dguardianurlipc'
pidfilename = '/var/run/dansguardian.pid'
nodaemon = off
nologger = off
daemonuser = 'nobody'
daemongroup = 'nobody'
softrestart = off
virusscan = on
virusengine = 'clamav'
tricklelength = 32768
forkscanlength = 32768
firsttrickledelay = 10
followingtrickledelay = 10
maxcontentscansize = 41904304
virusscanexceptions = on
urlcachecleanonly = on
virusscannertimeout = 60
notify = 2 # will notify the admin only
emaildomain = 'domain.be'
postmaster = 'admin@domain.be'
emailserver = '127.0.0.1:25'
downloaddir = '/tmp/dgvirus'
clmaxfiles = 1500
clmaxreclevel = 3
clmaxfilesize = 10485760
clblockencryptedarchives = off
cldetectbroken = off
clamdsocket = '127.0.0.1:3310'
This is my configuration, please review it to match your needs
Make sure dansguardian will start at boot :
chkconfig dansguardian on
Start DansGuardian :
service dansguardian start
Now, you can set up your browser preference to use the antivirus web proxy (IP:8080)
If you want to set dansguardian as a transparent proxy :
1. Edit /etc/squid/squid.conf and add :
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
2. Type this at the command prompt (where your local subnet is 10.0.0.0/24 and your LAN interface is eth0) :
iptables -t nat -A PREROUTING -i eth0 -s 10.0.0.0/24 -p tcp --dport 80 -j REDIRECT --to-port 8080
3. Save your iptables configuration, type :
iptables-save > /etc/sysconfig/iptables
Squid logs can be tailed here :
tail -f /var/log/squid/access.log
DansGuardian logs can be tailed here :
tail -f /var/log/dansguardian/access.log
Comments
Sébastien Wains
Nilesh,
You can set up DansGuardian under /etc/dansguardian/banned* and /etc/dansguardian/exception*
ClamAV will scan any file that could be infected.
I’ll work on a script that would generate a daily report, but, by default, the admin would get an email any time someone tries to download an infected file.
Diego
En realidad es muy buen manual, tan bueno que parece una receta de cocina.
Diana
Hola, estoy instalando dansguardian.tar en CentOS y tengo el siguiente error
configure: error: pcre-config not found!
configure: WARNING: Cache variable ac_cv_prog_PCRE contains a newline.
Y si sigo las instrucciones del presente manual, tengo el siguiente error …
yum install dansguardian-av Setting up Install Process
Setting up repositories
http://repo.securityteam.us/repository/redhat/el4/x86_64/repodata/repomd.xml: [E rrno 14] HTTP Error 404: Not Found
Trying other mirror.
Cannot open/read repomd.xml file for repository: SecurityTeamUS
failure: repodata/repomd.xml from SecurityTeamUS: [Errno 256] No more mirrors to try.
Error: failure: repodata/repomd.xml from SecurityTeamUS: [Errno 256] No more mir rors to try.
Alguien me puede ayudar???
Can someone help me please???
jan
Hi, I tried out your HOWTO on creating the web proxy with antivirus. I have successfully installed it on my CentOS 4.4 Server, but it seems that everything works except the antivirus. Since I tried accessing files that I know are infected. And also it does not work with the EICAR test file too. I used the configuration that you are using above. Did I miss something?
TIA.
Ryan Mok
Hi, I have follow your manual to setup CentOS + Dansguardian + squid, strange things happen…..
The service can started, once started, it works fine, but after few minutes, all the web page will forward to a TomCat page!!!!If I stop the Dansguardian, and restart the squid, everything fine again…
I use CentOS 4.5……is that a problem?
Nirmal
Hi, I tried to set up dansguardian-av on rhel5 but the yum couldn’t resolve several dependencies.
Error: Missing Dependency: libclamav.so.1 is needed by package dansguardian-av
Error: Missing Dependency: libssl.so.4 is needed by package dansguardian-av
Error: Missing Dependency: libcrypto.so.4 is needed by package dansguardian-av
Error: Missing Dependency: libcrypto.so.4 is needed by package libesmtp
Error: Missing Dependency: libssl.so.4 is needed by package libesmtp
Can You please upload the dansguardian-av package for rhel5 or any suggestion about how to go about this situation?
jtech
./configure –enable-pcre=no
Nirmal
Hi jtech,
what is ./configure –enable-pcre=no ?? I’m not compiling from source, I’m using RPM or Yum to resolve dependencies.
Vito
Hello
How to do it with Centos 5?
There are no dansguardian-av rpms for Centos 5.
Amin
Hi Wains, your installation step is flawless, but when I try to run Dansguardians, it fails
[root@proxy etc]# service dansguardian start
Starting Web Content Filter (dansguardian):
LibClamAV Warning: ***********************************************************
LibClamAV Warning: *** This version of the ClamAV engine is outdated. ***
LibClamAV Warning: *** DON’T PANIC! Read http://www.clamav.net/support/faq ***
LibClamAV Warning: ***********************************************************
[FAILED]
I assume because right now there a newer version of clamav 0.94.1 and SecurityTeam.US repo is still using version 0.90
how to fix it? do I need to recompile clamav ?
thx b4
Amin
Found a way to fix it,
download latest clamav packages from http://packages.sw.be/clamav/
# wget http://packages.sw.be/clamav/clamav-db-0.94.1-1.el4.rf.i386.rpm
# wget http://packages.sw.be/clamav/clamav-0.94.1-1.el4.rf.i386.rpm
# wget http://packages.sw.be/clamav/clamd-0.94.1-1.el4.rf.i386.rpm
# rpm -Uh –force –nodeps clam*.rpm
# ln -s /usr/lib/libclamav.so.5 /usr/lib/libclamav.so.1
# service dansguardian start
and it back to normal, I should monitored clamav incase their new version came out.
Amin
your welcome and thanks for providing this how to, so simple and straight-forward, anyway based on your tutorial, I have added another function: Adzapper to remove ads, and OpenDNS to block sites based their category. My how to is on http://am3n.net/2008/11/14/proxy-server-using-squid-dansguardian-and-clamav/ if you or other interest.
cheers.
errornous
hi..
[root@gateway ~]# yum install dansguardian-av
Loading “fastestmirror” plugin
Loading mirror speeds from cached hostfile
* epel: http://ftp.jaist.ac.jp
* SecurityTeamUS: repo.securityteam.us
* rpmforge: ftp-stud.fht-esslingen.de
* base: centosv.centos.org
* updates: centosk2-msync-dvd.centos.org
* addons: centosq.centos.org
* extras: centosq.centos.org
Setting up Install Process
Parsing package install arguments
No package dansguardian-av available.
Nothing to do
issit still available in security repo?
Sébastien Wains
I haven’t built the package since 2006.. deps are broken with new clam releases.. Please consider this howto as not working anymore.
Amin
Wains, see my previous comment about it.
I can installed the dansguardian-av using the latest clamav (at that time) or you can see my installation how to at http://am3n.net/2008/11/14/proxy-server-using-squid-dansguardian-and-clamav/
—
Found a way to fix it,
download latest clamav packages from http://packages.sw.be/clamav/
# wget http://packages.sw.be/clamav/clamav-db-0.94.1-1.el4.rf.i386.rpm
# wget http://packages.sw.be/clamav/clamav-0.94.1-1.el4.rf.i386.rpm
# wget http://packages.sw.be/clamav/clamd-0.94.1-1.el4.rf.i386.rpm
# rpm -Uh –force –nodeps clam*.rpm
# ln -s /usr/lib/libclamav.so.5 /usr/lib/libclamav.so.1
# service dansguardian start
and it back to normal, I should monitored clamav incase their new version came out.
—
Sébastien Wains
Thanks for the feedback Amin, that’s correct.. forgot you put up a more up-to-date howto..
Cheers
errornous
hi Sebastian and amin, i think it not work anymore on latest centos 5, im using centos 5.2. cant find any available dansguardian-av that suit this version. Maybe i can try out later on install dansguardian 1st and then clamav
chaitanya
Well yes, it does seem that all the repositories here are for centos4. And hence there is no package for dansguardian-av in there. I go the same error and some reading suggests that repositories might be for centos4.
But there is always the sourceforge page for the project.
seb
This howto is a bit outdated, if you look at the date.
I’m not working on CentOS anymore, so don’t expect updated packages from me anytime soon.
Cheers
Leave Comment
Please consider visiting the partners below if you enjoyed this article :If this post saved you time and money, please consider checking my Amazon wishlist.
Search
About me
-
Internet & Technology junkie.
Photographer.
Backpacker.
I'm the Linux registered user #350986 and RedHat Certified Engineer #804007797825578 (Verify).
This « blog » is some kind of personal notebook about my discoveries in the IT world.
While some tips may seem obvious (we learn a new thing every day eh), hopefully you'll find some of them informative !
Check out my wishlist at Amazon !
Categories
- Android (1)
- Apache (18)
- Apple/Mac OS (7)
- Asterisk (5)
- Bash (15)
- DNS (7)
- Debian/Ubuntu (27)
- Firefox (5)
- Gnome (7)
- Hardware (16)
- High-Availability (2)
- Howto (112)
- Iptables (7)
- LDAP (9)
- Linux (240)
- Linux-Anti-Theft (1)
- Misc (11)
- NSLU2 (5)
- Networking (16)
- Postfix (24)
- Proxy (10)
- RADIUS (2)
- RHCE (22)
- RRDWeather (5)
- Red Hat/CentOS (31)
- Rewards (2)
- SQL (12)
- SSH (13)
- Scripts (4)
- Security (63)
- Tools (15)
- VPN (7)
- Versioning (10)
- Virtualization (2)
- VoIP (6)
- Wifi (9)
- Windows (12)
Links
- Belgian spammers
- Christopher Murray
- Dedicated Servers
- Open Source Heaven
- RRDWeather
- The Admin Blogger
- Yannick
My favorite projects
Nilesh
Excellent !! very much helpful.
How do we know the scanlist and where to find the scan report ??
Nilesh