Chained ICAP Anti Virus Server
If eCAP antivirus adapter is not applicable, it is also possible to chain any third party ICAP antivirus server with Web Safety. Admin UI has support of minimal ICAP chain configuration (enable/disable) built in.
The following screenshot illustrates the configuration.
Important / Danger
Please note there were reports of some random inconsistencies on some sites that result into ICAP errors when using both Web Safety and ICAP Antivirus engine in an ICAP chain. Unfortunately the reason for this is still unknown. Currently recommended solution for this problem is to exclude such sites from ICAP filtering.
ESET ICAP AntiVirus
For example, to add ESET ICAP AntiVirus to Web Safety virtual appliance, install ESET antivirus for gateways as described in its administrator guide.
Then navigate to Admin UI / Anti Virus / Other ICAP / Network and set the REQMOD and RESPMOD fields as indicated on the screenshot below.
Squid ClamAV
Another example shows how to install and chain SquidClamAV ICAP anti virus with Web Safety virtual appliance.
Note
SquidClamav is an antivirus for Squid proxy based on the Awards winnings ClamAv anti-virus toolkit. Using it will help you securing your home or enterprise network web traffic. SquidClamav is the most efficient Squid Redirector and ICAP service antivirus tool for HTTP traffic available for free, it is written in C and can handle thousand of connections. The way to add more securing on your network for free is at http://squidclamav.darold.net. Thanks a lot to Gilles Darold - SquidClamav developer and maintainer!
Install Packages
In order to install all necessary packages, run the 01_install.sh script from our repository at GitHub.
#!/bin/bash
# check we are root
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
# stop immediately on any error
set -e
# install clamav
apt-get -y install clamav
apt-get -y install clamav-daemon
# install c-icap
apt-get -y install c-icap
apt-get -y install libicapapi-dev
# drop build folder for squidclamav
rm -R build/squidclamav 2>&1 > /dev/null || true
# make build folder
mkdir -p build/squidclamav
# decend into working directory
pushd build/squidclamav
# get it
wget http://downloads.sourceforge.net/project/squidclamav/squidclamav/6.16/squidclamav-6.16.tar.gz \
&& gunzip squidclamav-6.16.tar.gz \
&& tar -xvf squidclamav-6.16.tar
# configure and build the package
cd squidclamav-6.16 && ./configure --with-c-icap=/usr && make
# install it
make install
# revert
popd
Configure SquidClamAv
Now configure all services by running the 02_configure.sh script from our repository at GitHub.
#!/bin/bash
# check we are root
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
# patch /etc/default/c-icap (make c-icap autostart)
if [ ! -f /etc/default/c-icap.default ]; then
cp -f /etc/default/c-icap /etc/default/c-icap.default
fi
patch /etc/default/c-icap < c-icap.patch
# patch settings in c-icap.conf (enable squidclamav)
if [ ! -f /etc/c-icap/c-icap.conf.default ]; then
cp -f /etc/c-icap/c-icap.conf /etc/c-icap/c-icap.conf.default
fi
patch /etc/c-icap/c-icap.conf < c-icap.conf.patch
# patch settings in squidclamav.conf (disable redirect and DNS lookup)
if [ ! -f /etc/c-icap/squidclamav.conf.default ]; then
cp -f /etc/c-icap/squidclamav.conf /etc/c-icap/squidclamav.conf.default
fi
patch /etc/c-icap/squidclamav.conf < squidclamav.conf.patch
# good now restart all related services
systemctl stop clamav-daemon
systemctl stop c-icap
systemctl start clamav-daemon
systemctl start c-icap
# check status (must be running)
systemctl status clamav-daemon
systemctl status c-icap
There are three patches mentioned in the above scripts. All of them are to be found in our repository at GitHub. The patches make minor changes to configuration files of c-icap, squidclamav and clamav daemons.
Integrate SquidClamav and Web Safety
Finally to integrate SquidClamav and Web Safety into one ICAP chain, navigate to Admin UI / Anti Virus / Other AV / Network* and set the REQMOD and RESPMOD fields as indicated on the screenshot below.
