The c-icap project


Go to the sources directory and run:

  ./configure --prefix=/usr/local/c-icap

If you don't have ClamAV installed, run:

     ./configure --prefix=/usr/local/c-icap --without-clamav

In this case, only the echo service will be created.

For more configure options run:

./configure --help

After the configuration process, you can compile and install the software as follows:

    make install

Then, edit to the file /usr/local/c-icap/etc/c-icap.conf. It contains a set of default values that configure the c-icap server. Finally, you can run the c-icap server:


If you want to display debugging information on the terminal, the previous command should be executed with following arguments:

    /usr/local/c-icap/bin/c-icap -N -D -d 10

The first argument -N prevents the c-icap server from forking in the background, the second argument -D enables the printing of messages to standard output, and the third argument -d 10 enables the printing of full debugging information.

FreeBSD users can also download the c-icap from FreshPorts site.

Testing your instalation

To test your c-icap server you can use the icap-client utility which included in c-icap package. From the same host simply run icap-client without any arguments. This will do an options request to the icap server in localhost. You must see something like that:
tsantila@barbarian:~>  /usr/local/c-icap/bin/icap-client
ICAP server:localhost, ip:, port:1344

        Allow 204: Yes
        Preview: 1024
        Keep alive: Yes

        ICAP/1.0 200 OK
        Methods: RESPMOD, REQMOD
        Service: C-ICAP/030606 server - Echo demo service
        ISTag: "5BDEEEA9-12E4-2"
        Max-Connections: 20
        Options-TTL: 3600
        Date: Sun, 04 Jun 2006 16:18:55 GMT
        Preview: 1024
        Allow: 204
        Transfer-Preview: *
        Encapsulated: null-body=0
To check the "/bin/ls" file with clamav antivirus using the icap server run:
tsantila@barbarian:~> /usr/local/c-icap/bin/icap-client -f /bin/ls  \
            -s "srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple"
ICAP server:localhost, ip:, port:1344

No modification needed (Allow 204 responce)
The Allow204 responce means that no virus found in this file.
In this example we called the srv_clamav service with arguments:
allow204=on to allow 204 responces outside previews. If you omit this argument then the srv_clamav service will send back unmodified the file we sent.
force=on to scan the file even if its file type does not included in srv_clamav.ScanFileTypes directive in c-icap.conf file.
sizelimit=off to ignore srv_clamav.MaxObjectSize directive in c-icap.conf file
mode=simple to only repsonce with allow204 whan no virus found and an error message if virous found.

Send a virus file to examine srv_clamav's behaviour when a virus found:

tsantila@barbarian:~> /usr/local/c-icap/bin/icap-client -f /usr/local/src/clamav-0.83/test/clam.exe \
   -s "srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple"
ICAP server:localhost, ip:, port:1344


You try to upload/download a file that contain the virus
This message generated by C-ICAP srvClamAV/antivirus module

Installing SQUID

Download the Squid 3.0 proxy server from squid site.

To enable ICAP support in Squid, you must configure it using --enable-icap-client. Below, is the command I used in my workstation running Linux SUSE 9.1:

    ./configure --with-pthreads --enable-basic-auth-helpers=getpwnam,LDAP,PAM\
                --enable-snmp --enable-ssl\
                --enable-linux-netfilter --enable-icap-client\

In the configuration file of Squid enter the following lines:

	icap_enable          on
	icap_preview_enable  on
	icap_preview_size    128
	icap_send_client_ip  on
	icap_send_auth_user  on
	icap_auth_scheme     Local://%u

	icap_service         service_avi_req reqmod_precache 0 icap://localhost:1344/srv_clamav
	icap_service         service_avi respmod_precache 1 icap://localhost:1344/srv_clamav
        icap_class           class_antivirus service_avi service_avi_req
	icap_access          class_antivirus allow all

If c-icap does not reside in the same machine as Squid, change the line icap://localhost:1344/srv_clamav to icap://cicap_hostname:1344/srv_clamav, where cicap_hostname is the hostname or the IP address of the c-icap server. For more information, read the Squid's manual.

You can use icap_access directive to define sites which must passed or no to the icap server.

© Tsantilas Christos, email: chtsanti at users dot sourceforge dot net