squid a pyclamav - delsi

pepox na tiscali.cz pepox na tiscali.cz
Středa Říjen 12 12:08:40 CEST 2005 

Zdravim.

Pokousim se zprovoznit pyclamav se squidem. Nastaveni mam podle howto k pyclamavu,
ale chova se nejak divne.
Pokud zkusim pyclamav rucne pod normalnim uzivatelem a nebo pod rootem, spravne
testovany soubor vyhodnoti.
Takze spoluprace s clamavem by mela byt v poradku.
Squid mam nastaveny podle navodu, redirector podle vypisu procesu taky bezi.
Ale pokud zkusim ztahnout testovaci virus eicar, tak mi to dovoli. Dovoli
mi i zobrazit testovaci eicar.com.txt v prohlizeci.
Pripony .com .txt mam v seznamu pro scanovani samozrejme uvedeny.

V logu squidu se objevi tohle:

1129067017.281      4 127.0.0.1 TCP_DENIED/403 1453 GET http://www.eicar.org/download/eicar.com
- NONE/- text/html
1129067017.289   1068 192.168.1.10 TCP_HIT/200 545 GET http://www.eicar.org/download/eicar.com
- NONE/- application/x-msdos-program

Clamavem filtruji jeste maily, ale to by nejspis nemelo mit vliv.

Diky za kazdou (dobrou) radu.


#### RUCNI TEST PYCLAMAV

Python 2.3.5 (#1, Oct 11 2005, 15:46:55)
[GCC 3.3.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import pyclamav
>>> ret=pyclamav.scanfile('/tmp/eicar.com.txt')
>>> print ret
(1, 'Eicar-Test-Signature')
>>>

#### KONFIGURACE REDIRECTORU

[SquidClamAV]
restricted = http://192.168.1.1/denyurl.php?virus=restricted
virusurl = http://192.168.1.1/denyurl.php
cleancache = 300
ForceProtocol = http
MaxRedirection = 99
MaxRequestsize = 5Mb
log_priority = LOG_INFO
log_facility = LOG_LOCAL6
acceptredirects = 300 301 302 303
MIMETypes = all image/bmp image/gif image/jpeg image/png image/tiff
text/html text/plain text/css application/x-msdos-program

[Debug]
Infected = true
Clean = true
Error = true
Ignored = true

[Extensions]
pattern = all .jpg .exe .zip .rar .ar .com .bzip .gz .scr .bat .pif
.vbs .wsh .chm .hlp .reg .shs .vbe .wsf .xla .txt .ini .diz .cpp .cpl
.vxd .sys .lnk .hta .exe .zip .rar .ar .com .bzip .gz .eml .dll .ade
.adp .adt .app .bas .bin .btm .cla .class .cmd .crt .csc .doc .dot .drv
.email .fon .inf .ins .isp .jse .lib .mdb .mde .msi .msp .mst .ocx .pcd
.pgm .ppt .rtf .sct .shb .vb .wsc .wss .dat .cab .svr .txt

[Proxy]
http = http://localhost:3128

[Whitelist]
www.jackal-net.at       = 0


##### KONFIGURACE SQUID
http_port 3128
icp_port 0
htcp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 16 MB
cache_swap_low 50
cache_swap_high 60
maximum_object_size 256 KB
maximum_object_size_in_memory 16 KB
cache_replacement_policy lru
memory_replacement_policy lru
cache_dir ufs /squid 1500 16 256
cache_access_log /squid/access.log
cache_log /squid/cache.log
cache_store_log /squid/store.log
pid_filename /var/run/squid.pid
debug_options ALL,1

redirect_program /usr/local/bin/SquidClamAV_Redirector.py -c /etc/squid/SquidClamAV_Redirector.conf
redirect_children 10

auth_param basic program /usr/lib/squid/ncsa_auth /usr/local/etc/admuser/allpass
auth_param basic children 10

auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl localnet1 src 192.168.1.0/24
acl localnet2 src 192.168.2.0/24
acl heslo proxy_auth REQUIRED
acl filtrovane proxy_auth "/usr/local/etc/admuser/filtered"
acl nikam proxy_auth "/usr/local/etc/admuser/denyall"
acl volne proxy_auth "/usr/local/etc/admuser/freeall"
acl porn url_regex "/etc/squid/porn"
acl noporn url_regex "/etc/squid/noporn"
acl smseur src 192.168.1.120/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

redirector_access deny localhost
http_reply_access allow all

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow smseur
http_access allow localnet1 heslo
http_access allow localnet2 heslo
http_access deny all

icp_access allow all

cache_effective_user squid
cache_effective_group squid

logfile_rotate 5

snmp_port 0

snmp_access deny all

coredump_dir /var/spool/squid


--------------------------------------------------------------------------------
S TISCALI ušetříte za volání na mobily!
Služba TISCALI CALL zlevní vaše volání z pevné linky na mobily i do pevných
sítí.
http://volani.tiscali.cz

Další informace o konferenci Linux