The c-icap project
Go to the sources directory and run:
If you don't have ClamAV installed, run:
./configure --prefix=/usr/local/c-icap --without-clamav
In this case, only the echo service will be created.
For more configure options run:
After the configuration process, you can compile and install the software as follows:
make make install
Then, edit to the file /usr/local/c-icap/etc/c-icap.conf. It contains a set of default values that configure the c-icap server. Finally, you can run the c-icap server:
If you want to display debugging information on the terminal, the previous command should be executed with following arguments:
/usr/local/c-icap/bin/c-icap -N -D -d 10
The first argument -N prevents the c-icap server from forking in the background, the second argument -D enables the printing of messages to standard output, and the third argument -d 10 enables the printing of full debugging information.FreeBSD users can also download the c-icap from FreshPorts site.
Testing your instalationTo test your c-icap server you can use the icap-client utility which included in c-icap package. From the same host simply run icap-client without any arguments. This will do an options request to the icap server in localhost. You must see something like that:
tsantila@barbarian:~> /usr/local/c-icap/bin/icap-client ICAP server:localhost, ip:127.0.0.1, port:1344 OPTIONS: Allow 204: Yes Preview: 1024 Keep alive: Yes ICAP HEADERS: ICAP/1.0 200 OK Methods: RESPMOD, REQMOD Service: C-ICAP/030606 server - Echo demo service ISTag: "5BDEEEA9-12E4-2" Max-Connections: 20 Options-TTL: 3600 Date: Sun, 04 Jun 2006 16:18:55 GMT Preview: 1024 Allow: 204 Transfer-Preview: * Encapsulated: null-body=0To check the "/bin/ls" file with clamav antivirus using the icap server run:
tsantila@barbarian:~> /usr/local/c-icap/bin/icap-client -f /bin/ls \ -s "srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple" ICAP server:localhost, ip:127.0.0.1, port:1344 No modification needed (Allow 204 responce)The Allow204 responce means that no virus found in this file.
In this example we called the srv_clamav service with arguments:
allow204=on to allow 204 responces outside previews. If you omit this argument then the srv_clamav service will send back unmodified the file we sent.
force=on to scan the file even if its file type does not included in srv_clamav.ScanFileTypes directive in c-icap.conf file.
sizelimit=off to ignore srv_clamav.MaxObjectSize directive in c-icap.conf file
mode=simple to only repsonce with allow204 whan no virus found and an error message if virous found.
Send a virus file to examine srv_clamav's behaviour when a virus found:
tsantila@barbarian:~> /usr/local/c-icap/bin/icap-client -f /usr/local/src/clamav-0.83/test/clam.exe \ -s "srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple" ICAP server:localhost, ip:127.0.0.1, port:1344 VIRUS FOUND You try to upload/download a file that contain the virus ClamAV-Test-File This message generated by C-ICAP srvClamAV/antivirus module
Download the Squid 3.0 proxy server from squid site.
To enable ICAP support in Squid, you must configure it using --enable-icap-client. Below, is the command I used in my workstation running Linux SUSE 9.1:
./configure --with-pthreads --enable-basic-auth-helpers=getpwnam,LDAP,PAM\ --enable-snmp --enable-ssl\ --enable-linux-netfilter --enable-icap-client\ --enable-external-acl-helpers=ip_user,ldap_group,unix_group\ --enable-digest-auth-helpers=password
In the configuration file of Squid enter the following lines:
icap_enable on icap_preview_enable on icap_preview_size 128 icap_send_client_ip on icap_send_auth_user on icap_auth_scheme Local://%u icap_service service_avi_req reqmod_precache 0 icap://localhost:1344/srv_clamav icap_service service_avi respmod_precache 1 icap://localhost:1344/srv_clamav icap_class class_antivirus service_avi service_avi_req icap_access class_antivirus allow all
If c-icap does not reside in the same machine as Squid, change the line icap://localhost:1344/srv_clamav to icap://cicap_hostname:1344/srv_clamav, where cicap_hostname is the hostname or the IP address of the c-icap server. For more information, read the Squid's manual.
You can use icap_access directive to define sites which must passed or no to the icap server.
© Tsantilas Christos, email: chtsanti at users dot sourceforge dot net