nixp.ru v3.0

20 октября 2017,
пятница,
10:08:36 MSK

DevOps с компанией «Флант»
tosh17 написал 23 ноября 2007 года в 14:53 (930 просмотров) Ведет себя неопределенно; открыл 3 темы в форуме, оставил 5 комментариев на сайте.

пытался прикрутить антивирус к squid

вроде все сделал и ниначе не ругается но вирусы не ловит

проверял на тестовой страничке

http://www.eicar.org/anti_virus_test_file.htm

вот конфиги сквида

http_port 192.168.111.11:3128

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?

cache deny QUERY

acl apache rep_header Server ^Apache

broken_vary_encoding allow apache

cache_mem 300 MB

cache_dir ufs /var/spool/squid 4000 16 256

access_log /var/log/squid/access.log squid

url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

url_rewrite_children 50

url_rewrite_host_header on

location_rewrite_children 5

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern . 0 20% 4320

acl all src 0.0.0.0/255.255.255.255

acl locnet src 192.168.111.0/255.255.255.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl Rsync_ports port 873

acl Jabber_ports port 5222 5223

acl CONNECT method CONNECT

http_access allow manager localhost

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports !Jabber_ports !Rsync_ports

acl blacklist url_regex «/etc/squid/blacklist»

http_access deny blacklist

acl our_networks src «/etc/squid/our_networks»

http_access allow our_networks

http_reply_access allow locnet

cache_mgr tosh17

icap_enable on

icap_preview_enable on

icap_preview_size 128

icap_send_client_ip on

icap_service service_avi_req reqmod_precache 0 icap://localhost:1344/srv_clamav

icap_service service_avi respmod_precache 1 icap://localhost:1344/srv_clamav

icap_class class_antivirus service_avi service_avi_req

icap_access class_antivirus allow all

coredump_dir /var/spool/squid

redirector_bypass on

http_port 192.168.111.11:3128

acl bad_sites url_regex -i «/etc/squid/bad_words.regex»

http_access deny bad_sites

http_access allow locnet

http_access deny all

и ipcap

PidFile /var/run/c-icap/c-icap.pid

Timeout 300

KeepAlive On

MaxKeepAliveRequests 100

KeepAliveTimeout 600

MaxServers 10

MinSpareThreads 10

MaxSpareThreads 20

ThreadsPerChild 10

MaxRequestsPerChild 0

Port 1344

User _c_icap

Group nobody

TmpDir /tmp/

MaxMemObject 131072

AccessLog /var/log/c-icap/access.log

ModulesDir /usr/lib/c-icap

Module logger sys_logger.so

Module perl_handler perl_handler.so

sys_logger.Prefix «C-ICAP»

sys_logger.Facility daemon

Logger file_logger

acl localsquid_respmod src 127.0.0.1 type respmod

acl localsquid src 127.0.0.1

acl externalnet src 0.0.0.0/0.0.0.0

icap_access allow localsquid_respmod

icap_access allow localsquid

icap_access deny externalnet

srv_clamav.ScanFileTypes TEXT DATA EXECUTABLE ARCHIVE GIF JPEG MSOFFICE

srv_clamav.SendPercentData 5

srv_clamav.StartSendPercentDataAfter 2M

srv_clamav.MaxObjectSize 5M

srv_clamav.ClamAvTmpDir /tmp/

srv_clamav.ClamAvMaxFilesInArchive 0

srv_clamav.ClamAvMaxFileSizeInArchive 100M

srv_clamav.ClamAvMaxRecLevel 5

srv_clamav.VirSaveDir /var/infected

srv_clamav.VirHTTPServer «192.168.111.11»

srv_clamav.VirUpdateTime 15

srv_clamav.VirScanFileTypes ARCHIVE EXECUTABLE

Anarchist

Всё — это что именно?

Базу clamav’а загрузил? Обновление в crond поставил?

В логах антивируса что пишется?

tosh17

да все сделал

Mon Nov 26 08:06:02 2007 -> SelfCheck: Database modification detected. Forcing reload.

Mon Nov 26 08:06:02 2007 -> Reading databases from /var/lib/clamav

Mon Nov 26 08:06:04 2007 -> Database correctly reloaded (170782 signatures)

Mon Nov 26 10:45:21 2007 -> SelfCheck: Database modification detected. Forcing reload.

Mon Nov 26 10:45:21 2007 -> Reading databases from /var/lib/clamav

Mon Nov 26 10:45:23 2007 -> Database correctly reloaded (170795 signatures)