Installation guide


Requirement


Squid

You must have Squid already installed, if not you can get it here: http://www.squid-cache.org/

Clamd

Clam Antivirus Toolkit must also be installed and a clamd daemon must running, no matter if it is configured to use Unix or TCP socket SquidClamav can use both. ClamAv can be fond here: http://www.clamav.net/

SquidGuard (optional)

If you want to chain Squidguard with SquidClamav it must also be installed. Download it from here: http://www.squidguard.org/

cURL

SquidClamav require the cURL library > 7.12.1 to download files to scan. You can get it here: http://curl.haxx.se/

Installation

Once all requirements are installed you can proceed to SquidClamav installation as root user.

	tar xzf squidclamav-5.x.tar.gz
	cd squidclamav-5.x/
	./configure
	make && make install

By default squidclamav binary is installed into /usr/local/bin/, but you can change this path with the --prefix configuration option. Default configuration file is installed in /etc/squidclamav.conf.

SquidClamav used to log running informations to file /var/log/squid/squidclamav.log, you can change this path in the configuration file but remember that squidclamav is run as squid user so the path to log file must be writable by this user.

Once you've installed all software you first have to configure Squid to use SquidClamav Redirector.

Squid configuration

Squid 2.5 configuration

To integrate squidclamav to your squid cache just edit the squid.conf file and set the following:

on ACL definition you should have declared:

        acl localhost src 127.0.0.1/255.255.255.255
        acl to_localhost dst 127.0.0.0/8
        acl purge method PURGE

on http_acces definition you should declared the following :

        http_access deny to_localhost
        http_access allow localhost
        http_access allow purge localhost
        http_access deny purge
        redirector_access deny localhost

and on the redirect section the following:

        redirect_program /usr/local/bin/squidclamav
        redirect_children 15

If you have huge access and enough memory set the redirect_children to upper value.

Note that the purge acl is only required if you enable the recommanded 'trust_cache' option.

Squid 2.6, 2.7, 3.x configuration

As 2.6 has signifiant change in the configuration file regarding redirector, to integrate squidclamav to your squid cache just edit the squid.conf file and set the following:

on ACL definition you should have declared:

        acl localhost src 127.0.0.1/255.255.255.255
        acl to_localhost dst 127.0.0.0/8
        acl purge method PURGE

on http_acces definition you should declared the follwing :

        http_access deny to_localhost
        http_access allow localhost
        http_access allow purge localhost
        http_access deny purge
        url_rewrite_access deny localhost

and on the redirect section the following:

        url_rewrite_program /usr/local/bin/squidclamav
        url_rewrite_children 15

If you have huge access and enough memory set the url_rewrite_children to upper value.

Note that the purge acl is only required if you enable the recommanded 'trust_cache' option.

Signals

To force SquidClamav to reread his configuration file you have to reconfigure Squid. To do that just send the 'reconfigure' signal to Squid:

	squid -k reconfigure
Squid will reread his configuration file and restart all redirectors gracefully.

 

Packaging

If you want to build binary package for your prefered Linux distribution take a look at the packaging/ directory of the source tarball. There's everything to build RPM, Slackware and Debian packages. See README file in that directory.

Free and Open Source...
but worth more! Consider
a Donation