SquidClamav


Clamav ICAP service for Squid

Securing Web Delivery since 2005

About


SquidClamav is an antivirus for Squid proxy based on the Awards winnings ClamAv anti-virus toolkit. Using it will help you securing your home or enterprise network web traffic. SquidClamav is the most efficient Squid ICAP service antivirus tool for HTTP traffic available for free, it is written in C and can handle thousand of connections. SquidClamav is built for speed and security in mind, it is first used and tested to secure a network with 2,500 and more users. It is also known to working fast with 15000+ users.

SquidClamav works as an ICAP service through the c-icap server. With SquidClamav you have full control of what kind of HTTP stream must be scanned by Clamav antivirus, this control operate at 3 different levels:

  • At URL level, you can disable / enable virus scanning for a set of web site, filename extension or anything that can be matched in an URL.
  • At client side by disabling / enabling virus scan to a set of username, source Ip addresses or computer DNS name.
  • At HTTP header level, where you can disable / enable virus scanning following the content type or file size.

SquidClamav scan all HTTP traffic by default (mode "ScanAllExcept") but it can be turned into a "ScanNothingExcept" mode to scan only some files.

News


SquidClamav 7.2 Wednesday July 06 2022

This version fixes some bugs reported by users since previous release and especially a crash with call to deprecated gethostbyname() function.

Full list of changes:

  - Update copyright year
  - Fix compilation warning about strlen
  - Add .gitignore file
  - Merge some redundant code related to whitelist/abort and blacklist/scan.
    Thanks to rdpmc Oleg for the report.
  - Fix call to CGI::param without scalar context. Thanks to Frank Crawford
    for the report.
  - Replace deprecated gethostbyname() by getaddrinfo(). Thanks to Jean-noel
    Leclercq for the patch.
  - Create http response entity if not present in icap request. Thanks to
    Saurabh Ram Tripathi for the patch.
  - Re-work/Updated debian/*. Thanks to Louis van Belle for the patch.

SquidClamav 7.1 Saturday March 18 2019

This version fixes some bugs reported by users since previous release and add a new configure option to set the search path to libarchive header file.

  * Add --with-libarchive configure option to specify where to find
    archive.h. It is searched in /usr/include and /usr/local/include
    by default, if the header file is not in these directory you must
    use this option. Example: ./configure --with-libarchive=/opt/csw.

Full list of changes:

  - Fix some compilation warnings.
  - Fix typos/translation error. Thanks to Yuri Voinov for the patch.
  - Allow base dir to --with-libarchive option, /opt/csw/ instead of
    /opt/csw/include. Thanks to Yuri Voinov for the report.
  - Fix formatting of configure usage output. Thanks to Yuri Voinov
    for the report.
  - Defined max() macro even if libarchive is not used. Thanks to Yuri
    Voinov for the report.

SquidClamav 7.0 Saturday March 17 2019

This major version adds some useful features, new configuration directives and fix some bugs reported by users since previous release.

New features are:

  * New scan mode. By default squidclamav scan everything excepted the exclusions defined in 'abort', 'abortcontent', 'whitelist', 'trustuser'
    and 'trustclient' configuration directives. There is now a mode where squidclamav will scan nothing excepted the inclusions defined with
    directives 'scan', 'scancontent', 'blacklist', 'untrustuser' and 'untrustclient'. The scan mode is controlled by a new configuration
    directive 'scan_mode'. Possible values are 'ScanAllExcept' (the default) and 'ScanNothingExcept'.

  * Add support to libarchive to be able to ban archive with some suspect files inside that are not detected by ClamAv. This feature is disabled
    by default and can be enable using 'enable_libarchive'. The ban archive can be stored to be recovered by the user through the redirect CGI script
    if directive 'recoverpath' is set.

  * An archive banned by libarchive can be recovered through the redirect CGI. See cgi-bin/clwarn.cgi and the redirect configuration directive.
    recoverpath must be set to use this feature.

Backward compatibility with version 6 of squidclamav and existing configuration files is fully preserved except for the obsolete 'squidguard' directive that has been removed. Chained program using this directive is no longer supported, use the 'url_rewrite_program' squid.conf directive instead to call squidGuard or any other Url checker.

SquidClamav 6.16 Tuesday August 30 2016

This release fixes a major bug with debugs macro that can have bad side effects like printing an error after configuration reload an possibly some other wrong behaviors.

  - Change log level of configuration reloading message.
  - Show line in configuration file that can not be parsed
    by add_pattern().
  - Enclose debugs macro to avoid misusage. Thanks to Denis Volpato
    Martins for the patch.
  - Fix Apache complain "AH01215: CGI::param called in list context
    from package main line 14, this can lead to vulnerabilities."
    Thanks to thctlo for the report.

Licence / Pricing


Pricing

SquidClamav is Free Software and is made fully available free of charge, you can use it as you want without having to pay anything. If you like the software please just pay attention to support SquidClamav with your donation.

 

Licence

Copyright (c) 2005-2019 Gilles Darold - All rights reserved.

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see < http://www.gnu.org/licenses/ >

Support


Bugs / Feature request

Please report any bugs, patches, discussion, feature requests, etc. to <squidclamav AT darold DOT net> or use tools on the git repository at https://github.com/darold/squidclamav. This help a lot to develop a better/useful tool.

Contributing

Any contribution to build a better tool is welcome, you just have to send me your ideas, features request, patches or use tools on the git repository at https://github.com/darold/squidclamav and there will be applied. You can also support the developper by donate some contribution by clicking on the "Donate" button.

Acknowledgement

Thanks to Squid-cache.org and Clamav.net for their great softwares and to all the great contributors, they are all cited in the ChangeLog file.

Author / Maintainer

Gilles Darold <gilles AT darold DOT net>

Development effort

Total Physical Source Lines of Code (SLOC)       = 6,597
Total Estimated Cost to Develop                  = $ 195,864
(Generated using David A. Wheeler's 'SLOCCount'.)
	  

Download


Official releases

Official release are published to the GitHub Release page of SquidClamav.

Binary packages

SquidClamav may have a binary package corresponding to your distribution.

Development code

The latest development code can always be found into the pgBadger's GitHub repository

Latest release source code

GH: Download v7.2 Now! SF: Download v7.2 Now!