Hello Everyone,
I am stumped here. I have c-icap setup on Ubuntu using clamav-daemon.
Everything appears to be working correctly other than the fact that clamav
does not pick up any of the eicar test files as virus' but clamscan does. I
have tried many things to remedy this with no luck. I am pasting the
relevant output below:
c-icap/server.log:
Fri Jul 21 11:10:53 2017, main proc, Server stats:
Children: 3
Free servers: 30
Used servers:0
Requests served:2
Fri Jul 21 11:10:53 2017, 16328/4241311552, Going to execute child commands
Fri Jul 21 11:10:53 2017, 16329/4241311552, Going to execute child commands
Fri Jul 21 11:10:53 2017, 16327/4241311552, Going to execute child commands
Fri Jul 21 11:10:54 2017, 16329/4163168000, Allocate a new entity of type 0
Fri Jul 21 11:10:54 2017, 16329/4163168000, Allocate a new entity of type 2
Fri Jul 21 11:10:54 2017, 16329/4163168000,
type:2 Entities: 0 2 -1 -1
Fri Jul 21 11:10:54 2017, 16329/4163168000, Going to check request for
access control restrictions
Fri Jul 21 11:10:54 2017, 16329/4163168000, Access control: ALLOW
Fri Jul 21 11:10:54 2017, 16329/4163168000, squidclamav.c(283)
squidclamav_init_request_data: Fri Jul 21 11:10:54 2017, 16329/4163168000,
DEBUG initializing request data handler.
Fri Jul 21 11:10:54 2017, 16329/4163168000, pool hits:2 allocations: 1
Fri Jul 21 11:10:54 2017, 16329/4163168000, Allocating from objects pool
object 6
Fri Jul 21 11:10:54 2017, 16329/4163168000, Requested service: squidclamav
Fri Jul 21 11:10:54 2017, 16329/4163168000, Read preview data if there are
and process request
Fri Jul 21 11:10:54 2017, 16329/4163168000, squidclamav.c(337)
squidclamav_check_preview_handler: Fri Jul 21 11:10:54 2017,
16329/4163168000, DEBUG processing preview header.
Fri Jul 21 11:10:54 2017, 16329/4163168000, squidclamav.c(358)
squidclamav_check_preview_handler: Fri Jul 21 11:10:54 2017,
16329/4163168000, DEBUG X-Client-IP: 1.1.1.5
Fri Jul 21 11:10:54 2017, 16329/4163168000, squidclamav.c(1324)
extract_http_info: Fri Jul 21 11:10:54 2017, 16329/4163168000, DEBUG method
GET
Fri Jul 21 11:10:54 2017, 16329/4163168000, squidclamav.c(1335)
extract_http_info: Fri Jul 21 11:10:54 2017, 16329/4163168000, DEBUG url
/eicarcom2.zip
Fri Jul 21 11:10:54 2017, 16329/4163168000, squidclamav.c(389)
squidclamav_check_preview_handler: Fri Jul 21 11:10:54 2017,
16329/4163168000, DEBUG URL requested: /eicarcom2.zip
Fri Jul 21 11:10:54 2017, 16329/4163168000, squidclamav.c(429)
squidclamav_check_preview_handler: Fri Jul 21 11:10:54 2017,
16329/4163168000, DEBUG Content-Length: 0
Fri Jul 21 11:10:54 2017, 16329/4163168000, pool hits:4 allocations: 3
Fri Jul 21 11:10:54 2017, 16329/4163168000, Geting buffer from pool 15:0
Fri Jul 21 11:10:54 2017, 16329/4163168000, pool hits:5 allocations: 3
Fri Jul 21 11:10:54 2017, 16329/4163168000, Geting buffer from pool 2:0
Fri Jul 21 11:10:54 2017, 16329/4163168000, pool hits:6 allocations: 3
Fri Jul 21 11:10:54 2017, 16329/4163168000, Geting buffer from pool 8:0
Fri Jul 21 11:10:54 2017, 16329/4163168000, squidclamav.c(483)
squidclamav_check_preview_handler: Fri Jul 21 11:10:54 2017,
16329/4163168000, WARNING can not begin to scan url: No preview data.
Fri Jul 21 11:10:54 2017, 16329/4163168000, pool hits:2 allocations: 1
Fri Jul 21 11:10:54 2017, 16329/4163168000, Allocating from objects pool
object 4
Fri Jul 21 11:10:54 2017, 16329/4163168000, squidclamav.c(499)
squidclamav_check_preview_handler: Fri Jul 21 11:10:54 2017,
16329/4163168000, DEBUG End of method squidclamav_check_preview_handler
Fri Jul 21 11:10:54 2017, 16329/4163168000, Preview handler receives all
body data
Fri Jul 21 11:10:54 2017, 16329/4163168000, squidclamav.c(597)
squidclamav_end_of_data_handler: Fri Jul 21 11:10:54 2017,
16329/4163168000, DEBUG ending request data handler.
Fri Jul 21 11:10:54 2017, 16329/4163168000, squidclamav.c(1621) dconnect:
Fri Jul 21 11:10:54 2017, 16329/4163168000, entering.
Fri Jul 21 11:10:54 2017, 16329/4163168000, squidclamav.c(1640) dconnect:
Fri Jul 21 11:10:54 2017, 16329/4163168000, DEBUG Connected to Clamd (
2.2.2.5:3310)
Fri Jul 21 11:10:54 2017, 16329/4163168000, squidclamav.c(620)
squidclamav_end_of_data_handler: Fri Jul 21 11:10:54 2017,
16329/4163168000, DEBUG Sending zINSTREAM command to clamd.
Fri Jul 21 11:10:54 2017, 16329/4163168000, squidclamav.c(628)
squidclamav_end_of_data_handler: Fri Jul 21 11:10:54 2017,
16329/4163168000, DEBUG Ok connected to clamd.
Fri Jul 21 11:10:54 2017, 16329/4163168000, squidclamav.c(632)
squidclamav_end_of_data_handler: Fri Jul 21 11:10:54 2017,
16329/4163168000, DEBUG: Scanning data now
Fri Jul 21 11:10:54 2017, 16329/4163168000, squidclamav.c(666)
squidclamav_end_of_data_handler: Fri Jul 21 11:10:54 2017,
16329/4163168000, DEBUG received from Clamd: stream: OK
Fri Jul 21 11:10:54 2017, 16329/4163168000, squidclamav.c(682)
squidclamav_end_of_data_handler: Fri Jul 21 11:10:54 2017,
16329/4163168000, DEBUG Closing Clamd connection.
Fri Jul 21 11:10:54 2017, 16329/4163168000, squidclamav.c(696)
squidclamav_end_of_data_handler: Fri Jul 21 11:10:54 2017,
16329/4163168000, DEBUG unlocking data to be sent.
Fri Jul 21 11:10:54 2017, 16329/4163168000, Going to send response headers
Fri Jul 21 11:10:54 2017, 16329/4163168000, Going to send http headers on
entity :0
Fri Jul 21 11:10:54 2017, 16329/4163168000, rest response: going to read:
4064 bytes
Fri Jul 21 11:10:54 2017, 16329/4163168000, Has EOF and no data to read,
send EOF
Fri Jul 21 11:10:54 2017, 16329/4163168000, rest response: read: -2 bytes
Fri Jul 21 11:10:54 2017, 16329/4163168000, The req->status is EOF (remain
to send bytes:5)
Fri Jul 21 11:10:54 2017, 16329/4163168000, The req->status is EOF (remain
to send bytes:0)
Fri Jul 21 11:10:54 2017, 16329/4163168000, squidclamav.c(304)
squidclamav_release_request_data: Fri Jul 21 11:10:54 2017,
16329/4163168000, DEBUG Releasing request data.
Fri Jul 21 11:10:54 2017, 16329/4163168000, Storing to objects pool object 4
Fri Jul 21 11:10:54 2017, 16329/4163168000, Store buffer to short pool 15:0
Fri Jul 21 11:10:54 2017, 16329/4163168000, Store buffer to short pool 2:0
Fri Jul 21 11:10:54 2017, 16329/4163168000, Store buffer to short pool 8:0
Fri Jul 21 11:10:54 2017, 16329/4163168000, Storing to objects pool object 6
Fri Jul 21 11:10:54 2017, 16329/4163168000, Log request to access log file
/var/log/c-icap/access.log
Fri Jul 21 11:10:54 2017, 16329/4163168000, Width: 0, Parameter:
Fri Jul 21 11:10:54 2017, 16329/4163168000, Width: 0, Parameter:
Fri Jul 21 11:10:54 2017, 16329/4163168000, Width: 0, Parameter:
Fri Jul 21 11:10:54 2017, 16329/4163168000, Width: 0, Parameter:
Fri Jul 21 11:10:54 2017, 16329/4163168000, Width: 0, Parameter:
Fri Jul 21 11:10:54 2017, 16329/4163168000, Width: 0, Parameter:
Fri Jul 21 11:10:54 2017, 16329/4163168000, Keep-alive:1
Fri Jul 21 11:10:54 2017, 16329/4163168000, Server 16329 going to serve new
request from client (keep-alive)
Fri Jul 21 11:10:54 2017, 16329/4163168000, Error 10 while parsing headers
:(0)
Fri Jul 21 11:10:54 2017, 16329/4163168000, Process request timeout or
interrupted....
Fri Jul 21 11:10:54 2017, 16329/4163168000, Waiting for a request....
Fri Jul 21 11:10:54 2017, 16328/4241311552, Going to execute child commands
Fri Jul 21 11:10:54 2017, 16329/4241311552, Going to execute child commands
Fri Jul 21 11:10:54 2017, 16327/4241311552, Going to execute child commands
Fri Jul 21 11:10:54 2017, main proc, Server stats:
Children: 3
Free servers: 30
Used servers:0
Requests served:3
clamav.conf:
#Automatically Generated by clamav-base postinst
#To reconfigure clamd run #dpkg-reconfigure clamav-base
#Please read /usr/share/doc/clamav-base/README.Debian.gz for details
TCPSocket 3310
TCPAddr 2.2.2.5
# TemporaryDirectory is not set to its default /tmp here to make overriding
# the default with environment variables TMPDIR/TMP/TEMP possible
User clamav
AllowSupplementaryGroups true
ScanMail true
ScanArchive true
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
LogSyslog true
LogRotate true
LogFacility LOG_LOCAL6
LogClean false
LogVerbose true
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav
SelfCheck 3600
Foreground false
Debug false
ScanPE true
MaxEmbeddedPE 10M
ScanOLE2 true
ScanPDF true
ScanHTML true
MaxHTMLNormalize 10M
MaxHTMLNoTags 2M
MaxScriptNormalize 5M
MaxZipTypeRcg 1M
ScanSWF true
DetectBrokenExecutables false
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
IdleTimeout 30
PhishingSignatures true
PhishingScanURLs true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
PartitionIntersection false
DetectPUA false
ScanPartialMessages false
HeuristicScanPrecedence false
StructuredDataDetection false
CommandReadTimeout 5
SendBufTimeout 200
MaxQueue 100
ExtendedDetectionInfo true
OLE2BlockMacros false
ScanOnAccess false
AllowAllMatchScan true
ForceToDisk false
DisableCertCheck false
DisableCache true
MaxScanSize 100M
MaxFileSize 25M
MaxRecursion 10
MaxFiles 10000
MaxPartitions 50
MaxIconsPE 100
PCREMatchLimit 10000
PCRERecMatchLimit 5000
PCREMaxFileSize 25M
ScanXMLDOCS true
ScanHWP3 true
MaxRecHWP3 16
StatsEnabled false
StatsPEDisabled true
StatsHostID auto
StatsTimeout 10
StreamMaxLength 25M
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0
Bytecode true
BytecodeSecurity TrustSigned
BytecodeTimeout 60000
OfficialDatabaseOnly false
CrossFilesystems true
c-icap.conf:
#
# This file contains the default settings for c-icap
#
#
# TAG: PidFile
# Format: PidFile pid_file
# Description:
# The file to store the pid of the main process of the c-icap server.
# Default:
# PidFile /var/run/c-icap/c-icap.pid
PidFile /var/run/c-icap/c-icap.pid
# TAG: CommandsSocket
# Format: CommandsSocket socket_file
# Description:
# The path of file to use as control socket for c-icap
# Default:
# CommandsSocket /var/run/c-icap/c-icap.ctl
CommandsSocket /var/run/c-icap/c-icap.ctl
# TAG: Timeout
# Format: Timeout seconds
# Description:
# The time in seconds after which a connection without activity
# can be cancelled.
# Default:
# Timeout 300
Timeout 300
# TAG: MaxKeepAliveRequests
# Format: MaxKeepAliveRequests number
# Description:
# The maximum number of requests can be served by one connection
# Set it to -1 for no limit
# Default:
# MaxKeepAliveRequests 100
MaxKeepAliveRequests -1
# TAG: KeepAliveTimeout
# Format: KeepAliveTimeout seconds
# Description:
# The maximum time in seconds waiting for a new requests before a
# connection will be closed.
# If the value is set to -1, there is no timeout.
# Default:
# KeepAliveTimeout 600
KeepAliveTimeout 600
# TAG: StartServers
# Format: StartServers number
# Description:
# The initial number of server processes. Each server process
# generates a number of threads, which serve the requests.
# Default:
# StartServers 3
StartServers 3
# TAG: MaxServers
# Format: MaxServers number
# Description:
# The maximum allowed number of server processes.
# Default:
# MaxServers 10
MaxServers 10
# TAG: MinSpareThreads
# Format: MinSpareThreads number
# Description:
# If the number of the available threads is less than number,
# the c-icap server starts a new child.
# Default:
# MinSpareThreads 10
MinSpareThreads 10
# TAG: MaxSpareThreads
# Format: MaxSpareThreads number
# Description:
# If the number of the available threads is more than number then
# the c-icap server kills a child.
# Default:
# MaxSpareThreads 20
MaxSpareThreads 20
# TAG: ThreadsPerChild
# Format: ThreadsPerChild number
# Description:
# The number of threads per child process.
# Default:
# ThreadsPerChild 10
ThreadsPerChild 10
# TAG: MaxRequestsPerChild
# Format: MaxRequestsPerChild number
# Description:
# The maximum number of requests that a child process can serve.
# After this number has been reached, process dies. The goal of this
# parameter is to minimize the risk of memory leaks and increase the
# stability of c-icap. It can be disabled by setting its value to 0.
# Default:
# MaxRequestsPerChild 0
MaxRequestsPerChild 0
# TAG: Port
# Format: Port port
# Description:
# The port number that the c-icap server uses to listen to requests.
# Default:
# Port 1344
Port 1344
# TAG: User
# Format: User username
# Description:
# The user owning c-icap's processes. By default, the owner is the
# user who runs the program.
# Default:
# No value
# Example:
# User wwwrun
User c-icap
# TAG: Group
# Format: Group groupname
# Description:
# The group of users owning c-icap's processes, which, by default
# is the group of the current user.
# Default:
# No value
# Example:
# Group nogroup
Group c-icap
# TAG: ServerAdmin
# Format: ServerAdmin admin_mail
# Description:
# The Administrator of this server. Used when displaying information
# about this server (logs, info service, etc)
# Default:
# No value
ServerAdmin you@your.address
# TAG: ServerName
# Format: ServerName aServerName
# Description:
# A name for this server. Used when displaying information about this
# server (logs, info service, etc)
# Default:
# No value
ServerName YourServerName
# TAG: TmpDir
# Format: TmpDir dir
# Description:
# dir is the location of temporary files.
# Default:
# TmpDir /var/tmp
TmpDir /tmp
# TAG: MaxMemObject
# Format: MaxMemObject bytes
# Description:
# The maximum memory size in bytes taken by an object which
# is processed by c-icap . If the size of an object's body is
# larger than the maximum size a temporary file is used.
# Default:
# MaxMemObject 131072
MaxMemObject 131072
# TAG: DebugLevel
# Format: DebugLevel level
# Description:
# The level of debugging information to be logged.
# The acceptable range of levels is between 0 and 10.
# Default:
# DebugLevel 1
DebugLevel 10
# TAG: ModulesDir
# Format: ModulesDir dir
# Description:
# The location of modules
# Default:
# ModulesDir /usr/lib/c_icap
ModulesDir /usr/lib/x86_64-linux-gnu/c_icap
# TAG: ServicesDir
# Format: ServicesDir dir
# Description:
# The location of services
# Default:
# ServicesDir /usr/lib/c_icap
ServicesDir /usr/lib/x86_64-linux-gnu/c_icap
# TAG: TemplateDir
# Format: TemplateDir dir
# Description:
# The location of the text templates used by c-icap and its services,
# categorized by language and services/modules
# Default:
# No value
# Example:
TemplateDir /usr/share/c_icap/templates/
# TAG: TemplateDefaultLanguage
# Format: TemplateDefaultLanguage lang
# Description:
# Sets the default language to use for text templates
# Default:
# TemplateDefaultLanguage en
TemplateDefaultLanguage en
#TemplateReloadTime 360
#TemplateCacheSize 20
#TemplateMemBufSize 8192
# TAG: LoadMagicFile
# Format: LoadMagicFile path
# Description:
# Load a c-icap magic file. A magic file contains various
# data type definitions. Look inside default c-icap.magic file
# for more informations.
# It can be used more than once to use multiple magic files.
# Default:
# LoadMagicFile /etc/c-icap/c-icap.magic
LoadMagicFile /etc/c-icap/c-icap.magic
# TAG: RemoteProxyUsers
# Format: RemoteProxyUsers onoff
# Description:
# Set it to on if you want to use username provided by the proxy server.
# This is the recomended way to use users in c-icap.
# If the RemoteProxyUsers is off and c-icap configured to use users or
# groups the internal authentication mechanism will be used.
# Default:
# RemoteProxyUsers off
RemoteProxyUsers off
# TAG: RemoteProxyUserHeader
# Format: RemoteProxyUserHeader Header
# Description:
# Used to specify the icap header used by the proxy server to send
# the authenticated client username to c-icap server
# Default:
# RemoteProxyUserHeader X-Authenticated-User
RemoteProxyUserHeader X-Authenticated-User
# TAG: RemoteProxyUserHeaderEncoded
# Format: RemoteProxyUserHeaderEncoded onoff
# Description:
# Set it to off if the RemoteProxyUserHeader is not base64 encoded
# Default:
# RemoteProxyUserHeaderEncoded on
RemoteProxyUserHeaderEncoded on
# TAG: AuthMethod
# Format: AuthMethod Method Authenticator
# Description:
# Used to define the internal authentication mechanism to use. This
# feature is not well tested and may cause problems. It is better to use
# RemoteProxyUser configuration.
# Method is the authentication method to use (basic, digest, etc).
# Currently only basic authentication method is implemented as build in
# module
# Authenticator currently can only be "basic_simple_db"
# It can be considered as a user/password store and can be
# implemented as external module. The basic_simple_db is implemented as
# build it module
# Default:
# No set
# Example:
# AuthMethod basic basic_simple_db
# TAG: basic.Realm
# Format: basic.Realm ARealm
# Description:
# Specify the basic method realm
# Default:
# basic.Realm "Basic authentication"
# Example:
# basic.Realm "c-icap server authentication"
# TAG: basic_simple_db.UsersDB
# Format: basic_simple_db.UsersDB LookupTable
# Description:
# Specify the lookup table where the usernames/passwords pairs
# are stored. The paswords must be unencrypted
# For more information about c-icap lookup tables read c-icap server
# manual page
# Default:
# No value
# Example:
# basic_simple_db.UsersDB hash:/usr/local/c-icap/etc/c-icap-users.txt
# TAG: GroupSourceByGroup
# Format: GroupSourceByGroup LookupTable
# Description:
# Defines a lookup table where the groups of users are stored indexed
# by group. It can be used more than once.
# For more information about c-icap lookup tables read c-icap server
# manual page
# Default:
# No set
# Example:
# GroupSourceByGroup hash:/usr/local/c-icap/etc/c-icap-groups.txt
# TAG: GroupSourceByUser
# Format: GroupSourceByUser LookupTable
# Description:
# Defines a lookup table where the groups of users are stored indexed
# by user. It can be used more than once.
# For more information about c-icap lookup tables read c-icap server
# manual page
# Default:
# No set
# Example:
# GroupSourceByUser hash:/usr/local/c-icap/etc/c-icap-user-groups.txt
# TAG: acl
# Format: acl name type[{param}] value1 [value2] [...]
# Description:
# Supported acl types are:
# acl aclname service service1 ...
# The servicename
# acl aclname type OPTIONS|RESPMOD|REQMOD ...
# The icap method
# acl aclname port port1 ...
# The icap server port
# acl aclname src ip1/netmask1 ...
# The client ip address
# acl aclname srvip ip1/netmask1 ...
# The c-icap server ip address
# acl aclname icap_header{HeaderName} value1 ...
# Matches the icap header HeaderName with value1 ...
# The values are in regex form: /avalue/
# acl aclname icap_resp_header{HeaderName} value1 ...
# The icap response header
# The values are in regex form: /avalue/
# acl aclname http_req_header{HeaderName} value1 ...
# The http request header
# The values are in regex form: /avalue/
# acl aclname http_resp_header{HeaderName} value1 ...
# The http response header
# The values are in regex form: /avalue/
# acl aclname data_type type1 ...
# The data type as recognized by the internal data type
# recognizer. The types are defined in c-icap.magic file
# acl aclname auth username|* ...
# The authenticated users. Using * instead of username means
# all users.
# acl aclname group group1 ...
# if the user of request belongs to given groups
# Default:
# None set
# Examples:
# acl OPTIONS type OPTIONS
# acl RESPMOD type RESPMOD
# acl REQMOD type REQMOD
# acl ALLREQUESTS type OPTIONS RESPMOD REQMOD
# acl XHEAD icap_header{X-Test} /value/
# acl ECHO service echo
# acl localnet src 192.168.1.0/255.255.255.0
# acl localhost src 127.0.0.1/255.255.255.255
# acl all src 0.0.0.0/0.0.0.0
# TAG: icap_access
# Format: icap_access allow|deny [!]acl1 ...
# Description:
# Allowing or denying ICAP access based on defined access lists
# Default:
# None set
# Example:
# icap_access deny XHEAD
# #Allow OPTIONS method for all:
# icap_access allow localnet OPTIONS
# #Require authentication for all users from local network:
# icap_access allow AUTH localnet
# icap_access deny all
# TAG: client_access
# Format: client_access allow|deny acl1 [acl2] [...]
# Description:
# Allowing or denying connections on c-icap based on
# defined access lists. Only the acl types src, srvip and port
# can be used.
# Default:
# None set
# Example:
# client_access allow all
# TAG: LogFormat
# Format: LogFormat Name Format
# Description:
# Name is a name for this log format.
# Format is a string with embedded % format codes. % format codes
# has the following form:
# % [-] [width] [{argument}] formatcode
# if - is specified then the output is left aligned
# if width specified then the field is exactly width size
# some formatcodes support arguments given as {argument}
#
# Format codes:
# %a: Remote IP-Address
# %la: Local IP Address
# %lp: Local port
# %>a: Http Client IP Address. Only supported if the proxy
# client supports the "X-Client-IP" header
# %<A: Http Server IP Address. Only supported if the proxy
# client supports the "X-Server-IP" header
# %ts: Seconds since epoch
# %tl: Local time. Supports optional strftime format argument
# %tg: GMT time. Supports optional strftime format argument
# %>ho: Modified Http request header. Supports header name
# as argument. If no argument given the first line returned
# %huo: Modified Http request url
# %<ho: Modified Http reply header. Supports header name
# as argument. If no argument given the first line returned
# %iu: Icap request url
# %im: Icap method
# %is: Icap status code
# %>ih: Icap request header. Supports header name
# as argument. If no argument given the first line returned
# %<ih: Icap response header. Supports header name
# as argument. If no argument given the first line returned
# %Ih: Http bytes received
# %Oh: Http bytes sent
# %Ib: Http body bytes received
# %Ob: Http body bytes sent
# %I: Bytes received
# %O: Bytes sent
# %bph: The first 5 bytes of the body preview data. Non
# printable characters printed in hex form.
# Supports the number of bytes to output as argument.
# %un: Username
# %Sl: Service log string
# %Sa: Attribute value set by service. The attribute name must
# given as argument.
# Default:
# None set
# Example:
# LogFormat myFormat "%tl, %a %im %iu %is %I %O %Ib %Ob %{10}bph"
# TAG: ServerLog
# Format: ServerLog LogFile
# Description:
# the file used by the build-in logger file_logger to
# store debugging information, errors and other
# information about the c-icap server.
# Default:
# ServerLog /var/log/c-icap/server.log
ServerLog /var/log/c-icap/server.log
# TAG: AccessLog
# Format: AccessLog LogFile [LogFormat] [[!]acl1] [[!]acl2] [...]
# Description:
# LogFile is a file where to log access information.
# LogFormat is the log format to use. If ommited c-icap uses:
# "%tl, %la %a %im %iu %is"
# Also acls can be used to select certain requests to be logged.
# This directive can be used more than once to specify more than
# one access log files
# Default:
# AccessLog /var/log/c-icap/access.log
# Example:
# AccessLog /var/log/c-icap/access.log MyFormat all
AccessLog /var/log/c-icap/access.log
# TAG: Logger
# Format: Logger LoggerName
# Description:
# Specify wich logger to use. By default uses the build in "file_logger"
which
# uses files for access and server logging.
# Default:
# Logger file_logger
# Example:
# Logger sys_logger
# TAG: Module
# Format: Module Type ModuleFile
# Description:
# Load an external module/plugin to c-icap.
# ModuleFile is the filename of the module. If no full path given then
c-icap
# searche in path defined by the ModulesDir configuration parameter.
# Type is the type of the external module and can be one of the following:
# - "logger" for modules implement a logger
# - "common" for general purpose modules
# Default:
#
# Example:
# Module logger sys_logger.so
# TAG: Service
# Format: Service aName ServiceFile
# Description:
# It loads the service ServiceFile. The argument aName used
# as alias name for the service
# Default:
Service squidclamav squidclamav.so
#
# Example:
# Service echo_service srv_echo.so
# TAG: ServiceAlias
# Format: ServiceAlias AliasName
ServiceName[?param1=value1¶m2=value2...]
# Description:
# Used to define an alias name for a service.
# Default:
#
# Example:
# ServiceAlias avscan srv_clamav?allow204=on&sizelimit=off&mode=simple
#
# TAG: General configuration parameters for all services
# Description:
# PreviewSize: The preview data size to advertise to the icap client
# MaxConnections: The client should not use more than MaxConnections
# for this service.
# TransferPreview: The list of file extensions, seperated by commas,
# for which the client should send preview data.
# TransferIgnore: The list of file extensions that should not be sent
# to the icap server
# TransferComplete: The list of file extensions that should be sent
# in their entirety, without preview, to the icap server
# OptionsTTL: The options ttl for the service. The "sec[s]", "min" or
# "hour[s]" can be used to secify that the time is in seconds
# minutes or hours respectively. If no time-units given
# seconds are assumed.
# Allow206 on|off: Enable/disable advertise of 206 responses.
#
# Example:
# echo.PreviewSize 512
# echo.TransferIgnore gif, jpeg
# echo.OptionsTTL 3 min
######################################################
# External modules comming with core c-icap server
#
# Module: echo
# Description:
# Simple test service
# Example:
# Service echo srv_echo.so
Service echo srv_echo.so
# Module: sys_logger
# Description:
# Add support for logging access and server events to syslog server
# Use "Module" configuration parameter to load this module and "Logger"
# to make it default logger for the c-icap.
# Example:
# Module logger sys_logger.so
# Logger sys_logger
# TAG: sys_logger.Prefix
# Format: sys_logger.Prefix string
# Description:
# string is be presented in every syslog message.
# Default:
# sys_logger.Prefix "C-ICAP:"
# TAG: sys_logger.Facility
# Format: sys_logger.Facility
daemon|user|local1|local2|local3|local4|local5|local6|local7
# Description:
# specifies the facility type of syslog.
# Default:
# sys_logger.Facility daemon
# TAG: sys_logger.access_priority
# Format: sys_logger.access_priority
alert|crit|debug|emerg|err|info|notice|warning
# Description:
# determines the importance of the access log message
# Default:
# sys_logger.access_priority info
# TAG: sys_logger.server_priority
# Format: sys_logger.server_priority
alert|crit|debug|emerg|err|info|notice|warning
# Description:
# determines the importance of the server log message
# Default:
# sys_logger.server_priority crit
# TAG: sys_logger.LogFormat
# Format: sys_logger.LogFormat LOGFORMAT
# Description:
# The log format to use. If no log format defined then
# the following will be used:
# "%la %a %im %iu %is"
# Default:
# None set
# Example:
# Logformat BasicFormat "%la %a %im %iu %is"
# sys_logger.LogFormat BasicFormat
# TAG: sys_logger.access
# Format: sys_logger.access [!]acl1 ...
# Description:
# Allow selecting ICAP requests to be logged using acls.
# By default all requests will be logged.
# Default:
# None set
# Example:
# sys_logger.access all
# End module: sys_logger
# Module: bdb_tables
# Description:
# Add support for Berkeley DB based lookup tables. The format for
# bdb path of the lookup table is:
# bdb:/path/to/bdb
# Use the c-icap-mkbdb utility to build Berkeley DB c-icap lookup tables
# Example:
# Module common bdb_tables.so
# End module: bdb_tables
# Module: dnsbl_tables
# Description:
# Add support for dns lookup tables. Can be used to access
# dns block lists. The dnsbl lookup table path definition is:
# dnsbl:domainname
# For example the lookup table for accessing the black.uribl.com
# dns black list is:
# dnsbl:black.uribl.com
# Example:
# Module common dnsbl_tables.so
# End module: dnsbl_tables
# Module: ldap_module
# Description:
# Add LDAP support to c-icap. The user can use LDAP based lookup tables
# using the following lookup table path:
# ldap://[username:password@
]ldapserver?base?attr1,attr2?filter[{[cache=no]}]
# The filter can contain the "%s" formating code which will be replaced by
# the search key
# Examples of supported ldap urls:
# ldap://ldap.chtsanti.net?o=chtsanti?cn,uid?uid=%s
# ldap://cn=Directory
Manager:apassw...@ldap.chtsanti.net?o=chtsanti?mermberUid?(&(objectClass=posixGroup)(cn=%s))
#
# WARNING: is not enough tested it may contain bugs!
# Example:
# Module common ldap_module.so
# End module: ldap_module
squidclamav.conf:
#-----------------------------------------------------------------------------
# SquidClamav default configuration file
#
# To know to customize your configuration file, see squidclamav manpage
# or go to http://squidclamav.darold.net/
#
#-----------------------------------------------------------------------------
#
# Global configuration
#
# Maximum size of a file that may be scanned. Any file bigger that this
value
# will not be scanned.
maxsize 5000000
# When a virus is found then redirect the user to this URL
redirect http://1.1.1.10/virus.html
# Path to the squiGuard binary if you want URL filtering, note that you'd
better
# use the squid configuration directive 'url_rewrite_program' instead.
squidguard /usr/local/squidGuard/bin/squidGuard
# Path to the clamd socket, use clamd_local if you use Unix socket or if
clamd
# is listening on an Inet socket, comment clamd_local and set the clamd_ip
and
# clamd_port to the corresponding value.
#clamd_local /var/run/clamav/clamd.ctl
clamd_ip 2.2.2.5
clamd_port 3310
# Set the timeout for clamd connection. Default is 1 second, this is a good
# value but if you have slow service you can increase up to 3.
timeout 3
# Force SquidClamav to log all virus detection or squiguard block
redirection
# to the c-icap log file.
logredir 1
# Enable / disable DNS lookup of client ip address. Default is enabled '1'
to
# preserve backward compatibility but you must desactivate this feature if
you
# don't use trustclient with hostname in the regexp or if you don't have a
DNS
# on your network. Disabling it will also speed up squidclamav.
dnslookup 0
# Enable / Disable Clamav Safe Browsing feature. You mus have enabled the
# corresponding behavior in clamd by enabling SafeBrowsing into
freshclam.conf
# Enabling it will first make a safe browsing request to clamd and then the
# virus scan request.
safebrowsing 0
#
# Here is some defaut regex pattern to have a high speed proxy on system
# with low resources.
#
# Do not scan images
#abort ^.*\.(ico|gif|png|jpg)$
#abortcontent ^image\/.*$
# Do not scan text files
#abort ^.*\.(css|xml|xsl|js|html|jsp)$
#abortcontent ^text\/.*$
#abortcontent ^application\/x-javascript$
# Do not scan streamed videos
#abortcontent ^video\/x-flv$
#abortcontent ^video\/mp4$
# Do not scan flash files
#abort ^.*\.swf$
#abortcontent ^application\/x-shockwave-flash$
# Do not scan sequence of framed Microsoft Media Server (MMS) data packets
#abortcontent ^.*application\/x-mms-framed.*$
# White list some sites
#whitelist .*\.clamav.net
# See also 'trustuser' and 'trustclient' configuration directives
clamscan:
ubuntu-icap:~$ clamscan eicarcom2.zip
eicarcom2.zip: Eicar-Test-Signature FOUND
----------- SCAN SUMMARY -----------
Known viruses: 6301441
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 9.272 sec (0 m 9 s)
===================
Please let me know if there is anything else I can provide for this. Any
help is greatly appreciated!
Thank you in advnace,
Colin
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
