Squid ClamAV & HAVP

Originally from here

HAVP (HTTP AntiVirus proxy) is a proxy with an anti-virus filter. It does not cache or filter content and in this how-to it is set as a parent proxy of squid, i can be run on it’s own.

Name: Squid
HomePage: http://www.squid-cache.org/
Function: proxy caching server for web clients

Name: HAVP (HTTP anti-Virus Proxy)
HomePage: http://www.server-side.de/
Function: HAVP (HTTP AntiVirus proxy) is a proxy with an anti-virus filter

1. Download clamAV from the website http://www.clamav.net , the fedora binarys can be found at http://crash.fce.vutbr.cz/crash-hat/3/clamav/ . once they have been downloaded then install all of them.

clamav-0.87.1-2.i386.rpm
clamav-db-0.87.1-2.i386.rpm
clamav-devel-0.87.1-2.i386.rpm
clamav-milter-0.87.1-2.i386.rpm
clamav-server-0.87.1-2.i386.rpm

rpm -ivh clamav-*

2. Add the user havp ‘useradd havp’ and switch to that user ‘su havp’

3. Now download havp from this website http://www.server-side.de/ and extract it

gzip -d havp-0.74.tar.gz
tar -xf havp-0.74.tar

4. Then install it using clamav as your virus filter

configure –with-scanner=libclamav
make
make install

5. Once it is installed copy the configuration files into the /etc/ section

cd sourcetohavp/havp/etc
cp -r havp /etc/

6. Now edit the configuation file to your settings

vi /usr/local/etc/havp/havp.config

7. Now we need to mount the directory with mandatory looks

mount /dev/hda9 /var/tmp/havp -o mand

8. Now we need to set all the permissions, so change the root user.

chown -R havp:havp /var/tmp/havp/
chmod ug+rwx -R /var/tmp/havp/

chown -R havp:havp /etc/havp/
chmod ug+rwx -R /etc/havp/

chown -R havp:havp /var/log/havp/
chmod ug+rwx -R /var/log/havp/

9. Once clamav and HAVP have been setup we need to setup squid to run with HAVP. edit the squid.conf file and add the following line

nano /etc/squid/squid.conf

squid.conf:
cache_peer 127.0.0.1 parent 8000 0 no-query no-digest no-netdb-exchange default

10. Now we need to start/restart all the services

/etc/init.d/havp start
/etc/init.d/clamd start
/etc/init.d/squid restart

Bad Behavior has blocked 198 access attempts in the last 7 days.