ソスvソスソスソスLソスVソスTソス[ソスoソス[ソスナウソスCソスソスソスXソス`ソスFソスbソスN(Squid+SquidClamAV+ClamAV)

ソスナ終ソスXソスVソスソスソスF 2017.11.25

ソスソスソスTソスv

ソスvソスソスソスLソスVソスTソス[ソスoソス[ソスナウソスCソスソスソスXソス`ソスFソスbソスNソスソスソスsソスソスソスBソスソスソスソスソスナは、Squid+SquidClamAV+CalmAntiVirusソスナ構ソスzソスソスソスソスソスvソスソスソスLソスVソスTソス[ソスoソス[ソスナ、ソスNソスソスソスCソスAソスソスソスgソスソスソスソスソスYソスvソスソスソスLソスVソスTソス[ソスoソス[ソスoソスRソスナアソスNソスZソスXソスソスソスソスyソス[ソスWソスフウソスCソスソスソスXソス`ソスFソスbソスNソスソスソスsソスソスソスAソスEソスCソスソスソスXソスソスソスソスソスoソスソスソスソスソス鼾ソスヘアソスNソスZソスXソスソスソスuソスソスソスbソスNソスソスソスソスB

ソスソスSquidソスACalmAntiVirusソスAApacheソスソスソス\ソスzソスマでゑソスソス驍アソスソス


ソスソスSquidClamAVソスCソスソスソスXソスgソス[ソスソス

[root@centos ~]# yum -y install curl-develソス@ソスソスソス@SquidClamAVソスCソスソスソスXソスgソス[ソスソスソスノ必ソスvソスソスcurl-develソスCソスソスソスXソスgソス[ソスソス

[root@centos ~]# wget http://nchc.dl.sourceforge.net/sourceforge/squidclamav/squidclamav-4.0.tar.gzソス@ソスソスソス@SquidClamAVソス_ソスEソスソスソスソスソス[ソスh

ソスソスソスナ新ソスナゑソスURLソスソスソス_ソスEソスソスソスソスソス[ソスhソスyソス[ソスWソスナ確ソスFソスソスソス驍アソスソス

[root@centos ~]# tar zxvf squidclamav-4.0.tar.gzソス@ソスソスソス@SquidClamAVソスWソスJ

[root@centos ~]# cd squidclamav-4.0ソス@ソスソスソス@SquidClamAVソスWソスJソスソスfソスBソスソスソスNソスgソスソスソスヨ移難ソス

[root@centos squidclamav-4.0]# ./configure && make && make installソス@ソスソスソス@SquidClamAVソスCソスソスソスXソスgソス[ソスソス

[root@centos squidclamav-4.0]# cp squidclamav.conf.dist /etc/squidclamav.confソス@ソスソスソス@SquidClamAVソスン抵ソスtソス@ソスCソスソスソスソスソスソスソスソスフデソスBソスソスソスNソスgソスソスソスヨコソスsソス[

[root@centos squidclamav-4.0]# cp clwarn.cgi /var/www/cgi-bin/ソス@ソスソスソス@ソスEソスCソスソスソスXソスソスソスoソスソスソスフソスソス_ソスCソスソスソスNソスgソスソスXソスNソスソスソスvソスgソスソスソスソスソスソスフデソスBソスソスソスNソスgソスソスソスヨコソスsソス[

[root@centos squidclamav-4.0]# cdソス@ソスソスソス@SquidClamAVソスWソスJソスソスfソスBソスソスソスNソスgソスソスソス抜ゑソスソスソス

[root@centos ~]# rm -rf squidclamav-4.0ソス@ソスソスソス@SquidClamAVソスWソスJソスソスfソスBソスソスソスNソスgソスソスソスソスソス除

[root@centos ~]# rm -f squidclamav-4.0.tar.gzソス@ソスソスソス@ソス_ソスEソスソスソスソスソス[ソスhソスソスソスソスソスtソス@ソスCソスソスソスソスソス除

ソスソスSquidClamAVソスン抵ソス

ソスiソスPソスjSquidソスン抵ソス
[root@centos ~]# vi /etc/squid/squid.confソス@ソスソスソス@Squidソスン抵ソスtソス@ソスCソスソスソスメ集
#  TAG: url_rewrite_program
#       Specify the location of the executable for the URL rewriter.
#       Since they can perform almost any function there isn't one included.
#
#       For each requested URL rewriter will receive on line with the format
#
#       URL  client_ip "/" fqdn  user  method  urlgroup 
#
#       And the rewriter may return a rewritten URL. The other components of
#       the request line does not need to be returned (ignored if they are).
#
#       The rewriter can also indicate that a client-side redirect should
#       be performed to the new URL. This is done by prefixing the returned
#       URL with "301:" (moved permanently) or 302: (moved temporarily).
#
#       It can also return a "urlgroup" that can subsequently be matched
#       in cache_peer_access and similar ACL driven rules. An urlgroup is
#       returned by prefixing the returned url with "!urlgroup!"
#
#       By default, a URL rewriter is not used.
#
#Default:
# none
url_rewrite_program /usr/local/bin/squidclamavソス@ソスソスソス@ソスヌ会ソス

#  TAG: url_rewrite_children
#       The number of redirector processes to spawn. If you start
#       too few Squid will have to wait for them to process a backlog of
#       URLs, slowing it down. If you start too many they will use RAM
#       and other system resources.
#
#Default:
# url_rewrite_children 5
url_rewrite_children 15ソス@ソスソスソス@ソスヌ会ソス

#  TAG: url_rewrite_access
#       If defined, this access list specifies which requests are
#       sent to the redirector processes.  By default all requests
#       are sent.
#
#Default:
# none
url_rewrite_access deny localhostソス@ソスソスソス@ソスヌ会ソス

http_access deny to_localhostソス@ソスソスソス@ソスsソスソスソスソス#ソスソスソス除ソスソスソストコソスソスソスソスソスgソスソスソスソス

ソスiソスQソスjClamAVソスン抵ソス
[root@centos ~]# vi /etc/clamd.confソス@ソスソスソス@clamdソスン抵ソスtソス@ソスCソスソスソスメ集
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /var/run/clamav/clamd.sockソス@ソスソスソス@clamdソス\ソスPソスbソスgソスソスソスマ更

# TCP port address.
# Default: disabled
TCPSocket 3310
ソスソス
#TCPSocket 3310ソス@ソスソスソス@ソスsソスソスソスソス#ソスソスヌ会ソスソスソスソストコソスソスソスソスソスgソスAソスEソスg(clamdソスソスTCPソスハ信ソス無鯉ソスソスソス)

[root@centos ~]# /etc/rc.d/init.d/clamd restartソス@ソスソスソス@clamdソスト起ソスソス
Stopping Clam AntiVirus Daemon:                            [  OK  ]
Starting Clam AntiVirus Daemon:                            [  OK  ]

ソスiソスRソスjSquidClamAVソスン抵ソス
[root@centos ~]# vi /etc/squidclamav.confソス@ソスソスソス@SquidClamAVソスtソス@ソスCソスソスソスメ集
proxy http://127.0.0.1:3128/
logfile /var/log/squidclamav.log
redirect http://localhost/cgi-bin/clwarn.cgi
debug 0
force 1
clamd_local /var/run/clamav/clamd.sock
timeout 60
abort ^.*\.gz$
abort ^.*\.bz2$
abort ^.*\.pdf$
abort ^.*\.js$
abort ^.*\.html$
abort ^.*\.css$
abort ^.*\.xml$
abort ^.*\.xsl$
abort ^.*\.js$
abort ^.*\.ico$
aborti ^.*\.gif$
aborti ^.*\.png$
aborti ^.*\.jpg$
aborti ^.*\.swf$
content ^.*application\/.*$

[root@centos ~]# touch /var/log/squidclamav.logソス@ソスソスソス@SquidClamAVソスソスソスOソスtソス@ソスCソスソスソス成

[root@centos ~]# chown squid:squid /var/log/squidclamav.logソス@ソスソスソス@SquidClamAVソスソスソスOソスtソス@ソスCソスソスソスソスソスLソスメ変更

[root@centos ~]# vi /etc/logrotate.d/squidclamavソス@ソスソスソス@SquidClamAVソスソスソスOソスソスソス[ソスeソス[ソスVソスソスソスソスソスン抵ソスtソス@ソスCソスソスソス成
/var/log/squidclamav.log {
    missingok
    notifempty
    sharedscripts
    postrotate
        killall -HUP squidclamav > /dev/null 2>/dev/null || true
    endscript
}

ソスソスSquidClamAVソスNソスソス

[root@centos ~]# /etc/rc.d/init.d/squid restartソス@ソスソスソス@Squidソスト起ソスソス
Stopping squid:                                            [  OK  ]
Starting squid: .                                          [  OK  ]

ソスソスSquidClamAVソスmソスF

ソスeソスXソスgソスpソスEソスCソスソスソスXソスヨアソスNソスZソスXソスソスソスト以会ソスソスフようソスネペソス[ソスWソスソスソス\ソスソスソスソスソスソストウソスCソスソスソスXソスソスソス_ソスEソスソスソスソスソス[ソスhソスナゑソスソスネゑソスソスソスソスニゑソスソスmソスFソスB

SquidClamAv 3.5: Virus detection

The requested URL http://www.eicar.org/download/eicar_com.zip
contains the virus: Eicar-Test-Signature

This URL can not be downloaded.

Origin: 192.168.1.10 / -

Powered by SquidClamAv 3.5.

ソスソスclwarn.cgiソスソスソス{ソス皷サ

[root@centos ~]# vi /var/www/cgi-bin/clwarn.cgiソス@ソスソスソス@clwarn.cgiソスメ集
my $TITLE_VIRUS = "SquidClamAv $VERSION: Virus detection";
ソスソス
my $TITLE_VIRUS = "SquidClamAv $VERSION: ソスEソスCソスソスソスXソスソスソスo";ソス@ソスソスソス@ソスマ更

print $cgi->header();
ソスソス
print $cgi->header(-expires=>'+1m',-charset=>'UTF-8');ソス@ソスソスソス@ソスマ更

print $cgi->start_html(-title => $TITLE_VIRUS);
ソスソス
print $cgi->start_html(-title => $TITLE_VIRUS,-lang =>'ja');ソス@ソスソスソス@ソスマ更

The requested URL $url <br>
contains the virus: $virus
ソスソス
ソスAソスNソスZソスXソスソスソスソスURL $url <br>ソス@ソスソスソス@ソスマ更
ソスソスソスoソスEソスCソスソスソスX: $virusソス@ソスソスソス@ソスマ更

This URL can not be downloaded.
ソスソス
ソスソスソスソスURLソスソスソス_ソスEソスソスソスソスソス[ソスhソスナゑソスソスワゑソスソスソスBソス@ソスソスソス@ソスマ更

Origin: $source / $user
ソスソス
ソスAソスNソスZソスXソスソス: $source / $userソス@ソスソスソス@ソスマ更

ソスeソスXソスgソスpソスEソスCソスソスソスXソスヨアソスNソスZソスXソスソスソスト以会ソスソスフようソスネペソス[ソスWソスソスソス\ソスソスソスソスソスソストウソスCソスソスソスXソスソスソス_ソスEソスソスソスソスソス[ソスhソスナゑソスソスネゑソスソスソスソスニゑソスソスmソスFソスB

SquidClamAv 3.5: ソスEソスCソスソスソスXソスソスソスo

ソスAソスNソスZソスXソスソスソスソスURL http://www.eicar.org/download/eicar_com.zip
ソスソスソスoソスEソスCソスソスソスX: Eicar-Test-Signature

ソスソスソスソスURLソスソスソス_ソスEソスソスソスソスソス[ソスhソスナゑソスソスワゑソスソスソスB

ソスAソスNソスZソスXソスソス: 192.168.1.10 / -

Powered by SquidClamAv 3.5.


ソスソスソスヨ連ソスRソスソスソスeソスソスソスc

<!ソス\ソスeソスLソスXソスgソスフみゑソス4ソスsソス\ソスソスソスノ追会ソスソスソスCソスソスソスソスソスソス\>



ソスソスソスソスソスフペソス[ソスWソスフトソスbソスvソスヨ戻ゑソス

ソスvソスソスソスCソスoソスVソス[ソス|ソスソスソスVソス[
centossrv.com