Listing 1 /etc/httpd/conf/httpd-clamav-proxy.conf
ServerTokens OS
ServerRoot "/etc/httpd"
PidFile run/proxy-clamav-minimal.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
User clamav
Group clamav
ServerAdmin admin@yourdomain.com
ServerName proxy.yourdomain.com:8080
UseCanonicalName Off
AccessFileName .htaccess # if access control is desired
# proxy requests
Listen 192.168.1.9:8080
# use default web port for client virusdb requests
# make sure DNS is updated to use this!
Listen 192.168.1.140:80
# Dynamic Shared Object (DSO) Support
# just the one's necessary for a virus scanning proxy.
#
# mod_access is only needed if requiring user authentication to proxy
# server
LoadModule access_module modules/mod_access.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule clamav_module modules/mod_clamav.so
#
# Proxy Server directives.
#
<IfModule mod_proxy.c>
ProxyRequests On
AllowCONNECT 8080
<Proxy *>
# make sure content gets filtered!
SetOutputFilter CLAMAV
Order deny,allow
Deny from all
# your local subnet
Allow from 192.168.1.
# or if you prefer
# Allow from yourcompany.com
</Proxy>
ProxyVia On
# To enable the cache as well, edit and uncomment the following lines:
# (no cacheing without CacheRoot)
#
#CacheRoot "/etc/httpd/proxy"
#CacheSize 5
#CacheGcInterval 4
#CacheMaxExpire 24
#CacheLastModifiedFactor 0.1
#CacheDefaultExpire 1
#NoCache a-domain.com another-domain.edu joes.garage-sale.com
</IfModule>
# End of proxy directives.
ClamavTmpdir /var/tmp/clamav
ClamavDbdir /var/lib/clamav
ClamavSafetypes image/jpg
ClamavMode daemon
ClamavSocket /var/run/clamav/clamd.sock
ClamavTrickleInterval 10
ClamavTrickleSize 1024
ClamavSizelimit 1000000
# names for shared memory and mutex. Note that we don't know exactly
# what apache does in the background. However, we should make sure
# that apache can create these files if necessary
#ClamavShm /usr/local/apache2/logs/clamav.shm
#ClamavMutex /usr/local/apache2/logs/clamav.lock
# if the clamd daemon crashes, we will have a problem connecting to it.
# while it'll prevent web access, i'll hear about it soon enough.
ClamavAcceptDaemonproblem off
LogLevel warn
# we would laike to get a more complete log file
ClamavExtendedLogging on
LogFormat "%t %!304{clamav:status}n %{clamav:details}n \
%{clamav:virusname}n request=\"%r\", status=%>s, sent=%!304b, \
delay=%!304D" clamav_stats
CustomLog logs/clamav.scan_log clamav_stats
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \
\"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
ErrorLog logs/proxy.error_log
CustomLog logs/proxy.access_log combined
# define the location for status information
<Location /clamav>
SetHandler clamav
order deny,allow
allow from 192.168.1.
</Location>
# safe patterns is much better than ClamavSavetypes
# also found in the distribution samba-vscan-src/clamav dir
Include conf/safepatterns.conf
# we have a customized message in case we find a virus
ClamavMessage "\
<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0//EN\">\
<html>\
<head>\
<title>%i found virus</title>\
</head>\
<body text=\"#000000\" bgcolor=\"#ffffff\">\
<basefont size=\"4\">\
<h1><center>%i found virus</center></h1>\
<p>The virus <b>%v</b> was found while downloading <i>%u</i>.\
The transfer has been aborted.</p>\
</basefont>\
</body>\
</html>\
"
<VirtualHost 192.168.1.9:80>
ServerAdmin root@localhost
ServerName virusdb
DocumentRoot /var/lib/clamav
ErrorLog logs/virusdb.error_log
CustomLog logs/virusdb.access_log common
</VirtualHost> |