[Sysadmins] SQUID+CLAMAV+ICAP

[Sysadmins] SQUID+CLAMAV+ICAP

[Eugene Azarkin]

[-- Attachment #1: Type: text/plain, Size: 739 bytes --]

Доброе время суток

Настраиваю связку SQUID+CLAMAV через c-icap на ALS4.

SQUID вылетает с
(squid): xstrdup: tried to dup a NULL pointer!
: Squid Parent: child process 31465 exited due to signal 6
clamav установлен, служба  и c-icap вроде работает.
Конф.файлы в аттаче.

Вроде бы эту ошибку в сквиде пофиксили еще в 2.6stable2 а унас уже
stable13 (может забыли патчик :-))
У кого нибудь эта штука  работает на ALS4 ?
Что можно сделать для запуска данной связки ?

С уважением
Азаркин Евгений



[-- Attachment #2: c-icap.conf --]
[-- Type: text/plain, Size: 4619 bytes --]

#
# This file contains the default settings for c-icap
#


PidFile /var/run/c-icap/c-icap.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
# set KeepAliveTimeout to -1 for no timeout
KeepAliveTimeout 600  
StartServers 3
MaxServers 10
MinSpareThreads     10
MaxSpareThreads     20
ThreadsPerChild     10
MaxRequestsPerChild  0


Port 1344 
User _c_icap
Group nobody


#ServerAdmin you@your.address # Not implemented yet
#ServerName localhost:1344 # Not implemented yet

TmpDir /var/tmp/c-icap
MaxMemObject 131072

ServerLog /var/log/c-icap/server.log
AccessLog /var/log/c-icap/access.log
#DebugLevel 3

ModulesDir /usr/lib/c-icap
Module logger sys_logger.so
Module perl_handler perl_handler.so

sys_logger.Prefix "C-ICAP"
sys_logger.Facility daemon

##Specify wich logger to use......
#Logger sys_logger
Logger file_logger

## AclControlers example. The default_acl is the buildin acl controller
## To load an extrernal access controller named my_acl.so use:
#Module access_controller  my_acl.so

## This parameter needed to specify the order of used acl controllers
## If not specified access control will be disabled
#AclControllers default_acl

## An example of acl lists for default_acl controller.
## acl and icap_access  are aliases for default_acl.acl and default_acl.icap_access 
acl localnet_options src 192.168.1.0/255.255.255.0 type options
acl localnet_respmod src 192.168.1.0/255.255.255.0 type respmod
acl localnet src 192.168.1.0/255.255.255.0
##Use the folllowing to demand use of username ......
acl localnet src 192.168.1.0/255.255.255.0 user *
acl externalnet src 0.0.0.0/0.0.0.0
#acl barbarian src 192.168.1.5

## An example of acl lists for default_acl controller.
## acl and icap_access  are aliases for default_acl.acl and default_acl.icap_access 
#acl localnet_options src 127.0.0.1/255.0.0.0 type options
#acl localnet_respmod src 127.0.0.1/255.0.0.0 type respmod
#acl localnet src 127.0.0.1/255.0.0.0
##Use the folllowing to demand use of username ......
#acl localnet src 127.0.0.1/255.0.0.0 user *
#acl externalnet src 0.0.0.0/0.0.0.0
#acl barbarian src 192.168.1.5


##An example to specify access to server
#icap_access deny barbarian
icap_access allow localnet_options
icap_access allow localnet_respmod
icap_access allow localnet
## http_auth mean that the icap server must try to authenticate the request
## using the http headers ....
#icap_access  http_auth localnet
icap_access deny externalnet

#Also you can specify which hosts to log or not.
# Comment out the folowing two lines to log only the external net
icap_access log localnet
icap_access log externalnet



##An example for authentication methods ....
## To load an extarnal authentication method module named my_authmethod.so  use:
#Module auth_method my_authmethod.so

##The following parameter needed to specify the order of authenticators for
##specific authentication method. file_basic is a buildin authenticator
##for buildin basic authentication method (Not implemented yet......) ......
#AuthMethod basic file_basic 


ServicesDir /usr/lib/c-icap
Service echo_module srv_echo.so
Service url_check_module srv_url_check.so
Service antivirus_module srv_clamav.so


# Antivirus module settings
# For allowed file types or groups of file types look at  c-icap.magic
srv_clamav.ScanFileTypes TEXT DATA EXECUTABLE ARCHIVE GIF JPEG MSOFFICE
#The percentage of data to sent if the downloaded file exceeds the StartSendPercentDataAfter size
srv_clamav.SendPercentData 5
srv_clamav.StartSendPercentDataAfter 2M

##Comment out the following line to enable 204 responces outside previews for srv_clamav
## if your icap client support it. For squid let it off
#srv_clamav.Allow204Responces on

# The Maximum object to be scanned.
srv_clamav.MaxObjectSize  5M
#The directory which clamav library will use as temporary.
srv_clamav.ClamAvTmpDir /var/tmp/c-icap
#Sets the maximum number of files in archive.)i Set it to 0 to disable it
srv_clamav.ClamAvMaxFilesInArchive 0
#Sets the maximal archived file size. Set it to 0 to disable it.
srv_clamav.ClamAvMaxFileSizeInArchive 100M
#The maximal recursion level.Set it to 0 to disable it.
srv_clamav.ClamAvMaxRecLevel 5

# And here the viralator-like mode.
# where to save documents
srv_clamav.VirSaveDir /var/www/html/downloads/
# from where the documents can be retrieved (you can find the get_file.pl script in contrib dir)
srv_clamav.VirHTTPServer  "http://fortune/cgi-bin/get_file.pl?usename=%f&remove=1&file="
# The refresh  rate....
srv_clamav.VirUpdateTime   15
# For which filetypes the "virelator like mode" will be used.
srv_clamav.VirScanFileTypes ARCHIVE EXECUTABLE

Re: [Sysadmins] SQUID+CLAMAV+ICAP

[Motsyo Gennadi aka Drool]

Eugene Azarkin пишет:
> Доброе время суток
> 
> Настраиваю связку SQUID+CLAMAV через c-icap на ALS4.

	Может посмотреть на вот это:
====================================================================
rpm -qi squidclamav
Name        : squidclamav                  Relocations: (not relocateable)
Version     : 3.0                               Vendor: ALT Linux Team
Release     : alt1                          Build Date: Птн 28 Сен 2007 
17:07:45
Install date: Птн 28 Сен 2007 17:21:59      Build Host: 
drool.hasher.altlinux.org
Group       : Мониторинг          Source RPM: squidclamav-3.0-alt1.src.rpm
Size        : 66077                            License: GPL
Packager    : Grigory Fateyev <greg at altlinux.ru>
URL         : http://www.samse.fr/GPL/squidclamav/
Summary     : Squid ClamAV, is a Squid helper Script, to get Virus 
scanning for defined Extensions
Description :
SquidClamAV is a Squid helper script which adds virus scanning
for defined filename extensions. It has been tested with ClamAV,
and Squid. Squid has to be configured to use "redirect_program"
and to either deny access to a URL defined in the SquidClamAV
configuration or to redirect to a remote Site which displays
an error (and some information). SquidClamAV handles the request
as given from Squid, downloads the URL, and scans it for known
viruses. It rewrites the URL from Squid to a blocked URL or an
information page with information about the scanning results.
====================================================================
	Этого еще нет в альте, кроме как у Packager-а. На сквиде ветки 2.5 у 
него этот редиректор, по его словам, работает нормально. У меня на 2.6 
не вышло пока, так как изменились названия параметров в squid.conf. 
Сейчас Григорий рассматривает мой конфиг сквида :-)

Re: [Sysadmins] SQUID+CLAMAV+ICAP

[Alexey Shabalin]

Кажется эта связка у нас мёртвая.
Я пробовал месяца два назад и не смог заставить работать.
кажется проблемы с c-icap.

02.10.07, Eugene Azarkin<admin@ligalomb.ru> написал(а):
> Доброе время суток
>
> Настраиваю связку SQUID+CLAMAV через c-icap на ALS4.
>
> SQUID вылетает с
> (squid): xstrdup: tried to dup a NULL pointer!
> : Squid Parent: child process 31465 exited due to signal 6
> clamav установлен, служба  и c-icap вроде работает.
> Конф.файлы в аттаче.
>
> Вроде бы эту ошибку в сквиде пофиксили еще в 2.6stable2 а унас уже
> stable13 (может забыли патчик :-))
> У кого нибудь эта штука  работает на ALS4 ?
> Что можно сделать для запуска данной связки ?
>
> С уважением
> Азаркин Евгений
>

-- 
Alexey Shabalin

Re: [Sysadmins] SQUID+CLAMAV+ICAP

[Slava Dubrovskiy]

[-- Attachment #1: Type: text/plain, Size: 858 bytes --]

Eugene Azarkin пишет:
> Доброе время суток
>
> Настраиваю связку SQUID+CLAMAV через c-icap на ALS4.
>
> SQUID вылетает с
> (squid): xstrdup: tried to dup a NULL pointer!
> : Squid Parent: child process 31465 exited due to signal 6
> clamav установлен, служба  и c-icap вроде работает.
> Конф.файлы в аттаче.
>
> Вроде бы эту ошибку в сквиде пофиксили еще в 2.6stable2 а унас уже
> stable13 (может забыли патчик :-))
> У кого нибудь эта штука  работает на ALS4 ?
> Что можно сделать для запуска данной связки ?
>   
Я использую havp. Это как вариант рабочей схемы.

-- 
WBR,
Dubrovskiy Vyacheslav


[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/x-pkcs7-signature, Size: 3249 bytes --]