wiki.ipfire.org

User Tools

Site Tools

You are here: start » en » addons » clamav
en:addons:clamav:start

Table of Contents

CLAMAV Addon

ClamAV (Clam AntiVirus) is, like IPFire, under the the GNU “general public license” . It is a virus scanner and a phishing-filter.

Install “clamav” like all the other addons with PakFire or with the Console. Install the two packets “clamav” and “squidclamav” for your AntiVir solution.

Configuration

After the installation clamav activates itself automatically, which can be verified under status -> Services.

ClamAV is now installed, so activate the “squidclamav” in the proxy settings. If “squidclamav” does not show up here, verifiy that you installed BOTH packages.

addon_clamav_install-proxy_.jpg

<note>ClamAV requires more filter processes (so change the processes to 20), which leads to a higher memory consumption. If your IPFire box has not that much memory (< 512MB), advise yourself.</note>.

Optimization and More

If you see problems with stream-providers like Youtube, find some help to optimize your ClamAV here.

Update your virus signatures with the following command over the Console: 

/usr/bin/freshclam --quiet

If you like to test the security of your ClamAV, try it without any danger here. These are only virus signatures - without any harmful content. (Please verify yourself)

In the actual configuration ”squidclamav” runs without the proxy-cache. This is the safest way to face infected objects in the cache, but not the most elegant.

The following configuration is recommended to essentially speed up ”squidclamav” in bigger environments, as the cache effect will effectivly increase speed. (Remember: more cache means more memory used)

Open the file ”include.acl” with winscp (or directly on the console) and insert the following lines:

File: /var/ipfire/proxy/advanced/acls/include.acl 

http_port 127.0.0.1:800 transparent
acl to_localhost dst 127.0.0.0/8
acl purge method PURGE
http_access deny to_localhost
http_access allow localhost
http_access allow purge localhost
http_access deny purge
url_rewrite_access deny localhost

In the file ”squidclamav.conf” insert/update the following (and replace “proxy none”). Remember: The port must be the same as in the configuration in the Proxy page (default is port 800).

File: /etc/squidclamav.conf 

squid_ip 127.0.0.1
squid_port 800
trust_cache enable
logfile /var/log/squid/squidclamav.log
redirect http://127.0.0.1:81/clwarn.cgi
debug 0
stat 0

After the modifications you should restart the proxy.

en/addons/clamav/start.txt · Last modified: 2013/03/22 15:23 by axel2078

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
CC Attribution-Noncommercial-Share Alike 3.0 Unported Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki