This wiki is a community-maintained resource about everything there is to know about IPFire. Join us and help us improving it!
Use the search and find answers to everything about IPFire. If you cannot find what you are looking for, join our community and talk to fellow IPFire users, developers and everybody else involved in the project.
In IPFire, ClamAV is automatically configured but to make advanced configuration files needs to be manually edited using the console or an SSH session.
After the installation ClamAV activates itself automatically, which can be verified under status -> Services.
ClamAV is now installed, so activate the "squidclamav" in the proxy settings.
If "squidclamav" does not show up here, verify that you installed both packages.
ClamAV requires more Squid proxy filter processes (when enabled it, increases the number of Squid proxy processes by 10). This in turn leads to a more memory being used. If your IPFire box has a small amount of memory (< 512MB) you should seek advice in the IPFire forum.
To test the security of your ClamAV installation, download the standard Anti-Malware test file from the EICAR organisation using HTTP (not HTTPS!). This is not an actual virus and should do no damage to your system.
If working correctly, ClamAV should automatically prevent you from downloading the file and show the following message:
You can manually update your virus signatures with the following command using an SSH session or on the Console:
If have problems with streaming media, like Youtube, you can stop Adobe Flash applications and videos from being scanned.
Add the following line to your /etc/squidclamav.conf.
It must be added before the line containing:
Restart the proxy so that ClamAV is restarted and re-reads its configuration.
If you must exclude a file from being scanned, use the following line in your /etc/squidclamav.conf file;
Where *.website.com is the URL of the website you wish to exclude.
Specific file types can also be excluded from scans by adding lines like;
where ico is a file extension of the kind you do not want to have scanned.
The proxy must reloaded or restarted after any configuration changes in order for the changes to take effect.