[Sysadmins] SQUID+CLAMAV+ICAP

[Eugene Azarkin <admin@ligalomb.ru>]

[-- Attachment #1: Type: text/plain, Size: 739 bytes --]

Доброе время суток

Настраиваю связку SQUID+CLAMAV через c-icap на ALS4.

SQUID вылетает с
(squid): xstrdup: tried to dup a NULL pointer!
: Squid Parent: child process 31465 exited due to signal 6
clamav установлен, служба  и c-icap вроде работает.
Конф.файлы в аттаче.

Вроде бы эту ошибку в сквиде пофиксили еще в 2.6stable2 а унас уже
stable13 (может забыли патчик :-))
У кого нибудь эта штука  работает на ALS4 ?
Что можно сделать для запуска данной связки ?

С уважением
Азаркин Евгений



[-- Attachment #2: c-icap.conf --]
[-- Type: text/plain, Size: 4619 bytes --]

#
# This file contains the default settings for c-icap
#


PidFile /var/run/c-icap/c-icap.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
# set KeepAliveTimeout to -1 for no timeout
KeepAliveTimeout 600  
StartServers 3
MaxServers 10
MinSpareThreads     10
MaxSpareThreads     20
ThreadsPerChild     10
MaxRequestsPerChild  0


Port 1344 
User _c_icap
Group nobody


#ServerAdmin you@your.address # Not implemented yet
#ServerName localhost:1344 # Not implemented yet

TmpDir /var/tmp/c-icap
MaxMemObject 131072

ServerLog /var/log/c-icap/server.log
AccessLog /var/log/c-icap/access.log
#DebugLevel 3

ModulesDir /usr/lib/c-icap
Module logger sys_logger.so
Module perl_handler perl_handler.so

sys_logger.Prefix "C-ICAP"
sys_logger.Facility daemon

##Specify wich logger to use......
#Logger sys_logger
Logger file_logger

## AclControlers example. The default_acl is the buildin acl controller
## To load an extrernal access controller named my_acl.so use:
#Module access_controller  my_acl.so

## This parameter needed to specify the order of used acl controllers
## If not specified access control will be disabled
#AclControllers default_acl

## An example of acl lists for default_acl controller.
## acl and icap_access  are aliases for default_acl.acl and default_acl.icap_access 
acl localnet_options src 192.168.1.0/255.255.255.0 type options
acl localnet_respmod src 192.168.1.0/255.255.255.0 type respmod
acl localnet src 192.168.1.0/255.255.255.0
##Use the folllowing to demand use of username ......
acl localnet src 192.168.1.0/255.255.255.0 user *
acl externalnet src 0.0.0.0/0.0.0.0
#acl barbarian src 192.168.1.5

## An example of acl lists for default_acl controller.
## acl and icap_access  are aliases for default_acl.acl and default_acl.icap_access 
#acl localnet_options src 127.0.0.1/255.0.0.0 type options
#acl localnet_respmod src 127.0.0.1/255.0.0.0 type respmod
#acl localnet src 127.0.0.1/255.0.0.0
##Use the folllowing to demand use of username ......
#acl localnet src 127.0.0.1/255.0.0.0 user *
#acl externalnet src 0.0.0.0/0.0.0.0
#acl barbarian src 192.168.1.5


##An example to specify access to server
#icap_access deny barbarian
icap_access allow localnet_options
icap_access allow localnet_respmod
icap_access allow localnet
## http_auth mean that the icap server must try to authenticate the request
## using the http headers ....
#icap_access  http_auth localnet
icap_access deny externalnet

#Also you can specify which hosts to log or not.
# Comment out the folowing two lines to log only the external net
icap_access log localnet
icap_access log externalnet



##An example for authentication methods ....
## To load an extarnal authentication method module named my_authmethod.so  use:
#Module auth_method my_authmethod.so

##The following parameter needed to specify the order of authenticators for
##specific authentication method. file_basic is a buildin authenticator
##for buildin basic authentication method (Not implemented yet......) ......
#AuthMethod basic file_basic 


ServicesDir /usr/lib/c-icap
Service echo_module srv_echo.so
Service url_check_module srv_url_check.so
Service antivirus_module srv_clamav.so


# Antivirus module settings
# For allowed file types or groups of file types look at  c-icap.magic
srv_clamav.ScanFileTypes TEXT DATA EXECUTABLE ARCHIVE GIF JPEG MSOFFICE
#The percentage of data to sent if the downloaded file exceeds the StartSendPercentDataAfter size
srv_clamav.SendPercentData 5
srv_clamav.StartSendPercentDataAfter 2M

##Comment out the following line to enable 204 responces outside previews for srv_clamav
## if your icap client support it. For squid let it off
#srv_clamav.Allow204Responces on

# The Maximum object to be scanned.
srv_clamav.MaxObjectSize  5M
#The directory which clamav library will use as temporary.
srv_clamav.ClamAvTmpDir /var/tmp/c-icap
#Sets the maximum number of files in archive.)i Set it to 0 to disable it
srv_clamav.ClamAvMaxFilesInArchive 0
#Sets the maximal archived file size. Set it to 0 to disable it.
srv_clamav.ClamAvMaxFileSizeInArchive 100M
#The maximal recursion level.Set it to 0 to disable it.
srv_clamav.ClamAvMaxRecLevel 5

# And here the viralator-like mode.
# where to save documents
srv_clamav.VirSaveDir /var/www/html/downloads/
# from where the documents can be retrieved (you can find the get_file.pl script in contrib dir)
srv_clamav.VirHTTPServer  "http://fortune/cgi-bin/get_file.pl?usename=%f&remove=1&file="
# The refresh  rate....
srv_clamav.VirUpdateTime   15
# For which filetypes the "virelator like mode" will be used.
srv_clamav.VirScanFileTypes ARCHIVE EXECUTABLE