Clamav ICAP service and redirector for Squid

SquidClamav is an antivirus for Squid proxy based on the Awards winnings ClamAv anti-virus toolkit. Using it will help you securing your home or enterprise network web traffic. SquidClamav is the most efficient Squid Redirector and ICAP service antivirus tool for HTTP traffic available for free, it is written in C and can handle thousand of connections. The way to add more securing on your network for free is here.

SquidClamav is build for speed and security in mind, it is first used and tested to secure a network with 2,500 and more users. It is also known to working fast with 15000+ users.

How it works

SquidClamav since version 6.x works as an ICAP service through the c-icap server. It is faster than previous v5.x releases and also remove old limitation on POST request, sites with sessions like webmail and audio/video streaming. The v6.x branch still allow chaining squidGuard with high performance.

The new 6.0 version works exactly as previous versions, this is just a port of releases 5.x to the ICAP protocol.Also, old configuration files are fully compatible. Next release will tend to have real on stream scanning and bypass the size limitation.

If you still want to use use SquidClamav as a Squid redirector the v5.x branch is still supported and available for download. SquidClamav v5.x like any other Squid redirector is called through a single squid.conf directive redirect_program (Squid 2.5) or url_rewrite_program (Squid 2.6 / 2.7 / 3.x).

As Squid do not allow call to multiple redirector, SquidClamav v5.x add this feature by a call to any other redirector like SquidGuard.

With SquidClamav You have full control of what kind of HTTP stream must be scanned by Clamav antivirus, this control operate at 3 different levels:

  • At URL level, you can disable virus scanning for a set of web site, filename extension or anything that can be matched in an URL.
  • At client side by disabling virus scan and other redirector call to a set of username, source Ip addresses or computer DNS name.
  • At HTTP header level, where you can disable virus scanning following the content type or file size.

Note: Since version 5.0 SquidClamav scan all HTTP traffic by default.

More information on SquidClamav

SquidClamav will not allow you to scan big files on the fly or at least not entirely, this is a limitation on how Squid redirector works or when using ICAP protocol this is a limitation on how clamd works. The files are downloaded and scanned first, if no virus is found then Squid deliver the file to the client. If a virus is found SquidClamav redirect Squid to a warning page or script. This mean that the client must wait the end of the scan before receiving any data so with big files it could probably enter on timeout. This size limit depends directly of the proxy server performance.

Although you must understand that it is not possible to scan an ISO file (cd/dvd image) "on the fly" because it must be mount before scanning, so SquidClamav can not do that unless we have a virilator mode, i-e file is downloaded in background and the user can get it later after it has been scanned.

Development

SquidClamav v6.x

Source Lines of Code: 11,106
Estimated Cost to Develop: $ 338,436

(Generated using David A. Wheeler's 'SLOCCount'.)

SquidClamav v5.x

Source Lines of Code: 11,526
Estimated Cost to Develop: $ 351,888

(Generated using David A. Wheeler's 'SLOCCount'.)
Free and Open Source...
but worth more! Consider
a Donation