The c-icap project


INSTALL

Go to the sources directory and run: 

 
  ./configure --prefix=/usr/local/c-icap

If you don't have ClamAV installed, run: 

     ./configure --prefix=/usr/local/c-icap --without-clamav

In this case, only the echo service will be created.

For more configure options run: 

./configure --help

After the configuration process, you can compile and install the software as follows: 

 
    make
    make install

Then, edit to the file /usr/local/c-icap/etc/c-icap.conf. It contains a set of default values that configure the c-icap server. Finally, you can run the c-icap server: 

    /usr/local/c-icap/bin/c-icap

If you want to display debugging information on the terminal, the previous command should be executed with following arguments: 

    /usr/local/c-icap/bin/c-icap -N -D -d 10

The first argument -N prevents the c-icap server from forking in the background, the second argument -D enables the printing of messages to standard output, and the third argument -d 10 enables the printing of full debugging information.

FreeBSD users can also download the c-icap from FreshPorts site.

Testing your instalation

To test your c-icap server you can use the icap-client utility which included in c-icap package. From the same host simply run icap-client without any arguments. This will do an options request to the icap server in localhost. You must see something like that: 
tsantila@barbarian:~>  /usr/local/c-icap/bin/icap-client
ICAP server:localhost, ip:127.0.0.1, port:1344

OPTIONS:
        Allow 204: Yes
        Preview: 1024
        Keep alive: Yes

ICAP HEADERS:
        ICAP/1.0 200 OK
        Methods: RESPMOD, REQMOD
        Service: C-ICAP/030606 server - Echo demo service
        ISTag: "5BDEEEA9-12E4-2"
        Max-Connections: 20
        Options-TTL: 3600
        Date: Sun, 04 Jun 2006 16:18:55 GMT
        Preview: 1024
        Allow: 204
        Transfer-Preview: *
        Encapsulated: null-body=0
To check the "/bin/ls" file with clamav antivirus using the icap server run: 
tsantila@barbarian:~> /usr/local/c-icap/bin/icap-client -f /bin/ls  \
            -s "srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple"
ICAP server:localhost, ip:127.0.0.1, port:1344

No modification needed (Allow 204 responce)
The Allow204 responce means that no virus found in this file.
In this example we called the srv_clamav service with arguments:
allow204=on to allow 204 responces outside previews. If you omit this argument then the srv_clamav service will send back unmodified the file we sent.
force=on to scan the file even if its file type does not included in srv_clamav.ScanFileTypes directive in c-icap.conf file.
sizelimit=off to ignore srv_clamav.MaxObjectSize directive in c-icap.conf file
mode=simple to only repsonce with allow204 whan no virus found and an error message if virous found.

Send a virus file to examine srv_clamav's behaviour when a virus found: 

tsantila@barbarian:~> /usr/local/c-icap/bin/icap-client -f /usr/local/src/clamav-0.83/test/clam.exe \
   -s "srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple"
ICAP server:localhost, ip:127.0.0.1, port:1344

VIRUS FOUND

You try to upload/download a file that contain the virus
ClamAV-Test-File
This message generated by C-ICAP srvClamAV/antivirus module

Installing SQUID

Download the Squid 3.0 proxy server from squid site.

To enable ICAP support in Squid, you must configure it using --enable-icap-client. Below, is the command I used in my workstation running Linux SUSE 9.1: 

    ./configure --with-pthreads --enable-basic-auth-helpers=getpwnam,LDAP,PAM\
                --enable-snmp --enable-ssl\
                --enable-linux-netfilter --enable-icap-client\
                --enable-external-acl-helpers=ip_user,ldap_group,unix_group\
                --enable-digest-auth-helpers=password

In the configuration file of Squid enter the following lines: 

	icap_enable          on
	icap_preview_enable  on
	icap_preview_size    128
	icap_send_client_ip  on
	icap_send_auth_user  on
	
	icap_auth_scheme     Local://%u

	icap_service         service_avi_req reqmod_precache 0 icap://localhost:1344/srv_clamav
	icap_service         service_avi respmod_precache 1 icap://localhost:1344/srv_clamav
	
        icap_class           class_antivirus service_avi service_avi_req
	icap_access          class_antivirus allow all

If c-icap does not reside in the same machine as Squid, change the line icap://localhost:1344/srv_clamav to icap://cicap_hostname:1344/srv_clamav, where cicap_hostname is the hostname or the IP address of the c-icap server. For more information, read the Squid's manual.

You can use icap_access directive to define sites which must passed or no to the icap server.


© Tsantilas Christos, email: chtsanti at users dot sourceforge dot net