duduzinhu
(usa Fedora)
Enviado em 20/09/2007 - 16:11h
Caro Amigo
Estou com problemas no meu SQUID ao colocar ele com suporte a antivirus.
Uso o SQUID 3.1, o SQUIDCLAMAV 2.5 e o CLAMAV 0.91.2. Todos devidamente configurados (eu acho =D). O servidor antivirus do clamav (clamd) esta rodando em minha maquina, assim como o SQUID. Acontece que quando eu entro em algum site ou faço algum download de um arquivo com a estensão que deve ser escaneada pelo CLAMAV, os logs do squidclamav me retornam a seguinte mensagem:
Thu Sep 20 11:14:13 2007 [28974]:Request:
http://rapidshare.com/files/27602652/setup-4.1.2.e... 127.0.0.1/localhost.localdomain eduardo GET
Thu Sep 20 11:14:13 2007 [28974]:regex matched:
http://rapidshare.com/files/27602652/setup-4.1.2.e...
Thu Sep 20 11:14:15 2007 [28974]:File size is 172970.00
Thu Sep 20 11:14:15 2007 [28974]:Sending STREAM to clamd.
Thu Sep 20 11:14:15 2007 [28974]:Received port 30830 from clamd.
Thu Sep 20 11:14:15 2007 [28974]:Trying to connect to clamd [port: 30830].
Thu Sep 20 11:14:15 2007 [28974]:Error when downloading url
http://rapidshare.com/files/27602652/setup-4.1.2.e...
Thu Sep 20 11:14:15 2007 [28974]:CURLOPT_ERRORBUFFER: The requested URL returned error: 407
Já quando faço download de um arquivo com estensão que não deve ser escaneada os logs do squidclamav me retornam a seguinte mensagem:
Thu Sep 20 11:14:16 2007 [28974]:Request:
http://images.rapidshare.com/img/img/terminatr_bac... 127.0.0.1/localhost.localdomain eduardo GET
Thu Sep 20 11:14:16 2007 [28974]:No antivir check for url:
http://images.rapidshare.com/img/img/terminatr_bac...
Thu Sep 20 11:14:16 2007 [28974]:Total process time 0.000 sec for URL:
http://images.rapidshare.com/img/img/terminatr_bac... 127.0.0.1/localhost.localdomain eduardo GET
O meu squidclamav.conf é o seguinte:
proxy
http://127.0.0.1:3128
logfile /usr/local/squidclamav/logs/squidclamav.log
redirect
http://127.0.0.1/cgi-bin/clwarn.cgi
debug 1
force 1
stat 1
clamd_ip 127.0.0.1
clamd_port 3310
timeout 60
regexi ^.*\.exe$
regexi ^.*\.com$
regexi ^.*\.zip$
regexi ^.*\.bz2$
regexi ^.*\.tgz$
regexi ^.*\.tar$
regexi ^.*\.gz$
regexi ^.*\.rar$
regexi ^.*\.iso$
regexi ^.*\.pdf$
regexi ^.*\.bat$
regexi ^.*\.src$
abort ^.*\/cgi-bin\/.*$
abort ^.*\..html$
abort ^.*\..htm$
abort ^.*\..css$
abort ^.*\..xml$
abort ^.*\..xsl$
abort ^.*\..js$
abort ^.*\..ico$
aborti ^.*\..gif$
aborti ^.*\..png$
aborti ^.*\..jpg$
aborti ^.*\..tif$
aborti ^.*\..swf$
A parte do squid.conf que envolve o squidclamav é a seguinte:
redirect_program /usr/local/squidclamav/bin/squidclamav
redirect_children 15
Quando inicio o CLAMD (servidor de antivirus do clamav) os logs do clamav são os seguintes:
Thu Sep 20 10:48:44 2007 -> +++ Started at Thu Sep 20 10:48:44 2007
Thu Sep 20 10:48:44 2007 -> clamd daemon 0.91.2 (OS: linux-gnu, ARCH: i386, CPU: i386)
Thu Sep 20 10:48:44 2007 -> Running as user root (UID 0, GID 0)
Thu Sep 20 10:48:44 2007 -> Log file size limit disabled.
Thu Sep 20 10:48:44 2007 -> Reading databases from /var/lib/clamav
Thu Sep 20 10:48:48 2007 -> Loaded 305982 signatures.
Thu Sep 20 10:48:48 2007 -> Bound to address 127.0.0.1 on tcp port 3310
Thu Sep 20 10:48:48 2007 -> Setting connection queue length to 300
Thu Sep 20 10:48:48 2007 -> Unix socket file /tmp/clamd.socket
Thu Sep 20 10:48:48 2007 -> Setting connection queue length to 300
Thu Sep 20 10:48:48 2007 -> Listening daemon: PID: 28359
Thu Sep 20 10:48:48 2007 -> Archive: Archived file size limit set to 3145728000 bytes.
Thu Sep 20 10:48:48 2007 -> Archive: Recursion level limit set to 10.
Thu Sep 20 10:48:48 2007 -> Archive: Files limit set to 5000000.
Thu Sep 20 10:48:48 2007 -> Archive: Compression ratio limit set to 300.
Thu Sep 20 10:48:48 2007 -> Archive: Limited memory usage.
Thu Sep 20 10:48:48 2007 -> Archive support enabled.
Thu Sep 20 10:48:48 2007 -> Algorithmic detection enabled.
Thu Sep 20 10:48:48 2007 -> Portable Executable support enabled.
Thu Sep 20 10:48:48 2007 -> ELF support enabled.
Thu Sep 20 10:48:48 2007 -> Detection of broken executables enabled.
Thu Sep 20 10:48:48 2007 -> Mail files support enabled.
Thu Sep 20 10:48:48 2007 -> Mail: Recursion level limit set to 128.
Thu Sep 20 10:48:48 2007 -> OLE2 support enabled.
Thu Sep 20 10:48:48 2007 -> PDF support enabled.
Thu Sep 20 10:48:48 2007 -> HTML support enabled.
Thu Sep 20 10:48:48 2007 -> Self checking every 3600 seconds.
O CLAMD está rodando na porta 3310 e no ip 127.0.0.1 com o usuario root.
Ja desabilitei o Selinux e o firewall mas nada muda.
Uso o Fedora Core 7
Ja testei com o SQUID 2.5 e uma versão mais antiga do SQUIDCLAMAV mas tbm não muda os logs.
Espero que possas me ajudar
Obrigado
Eduardo
