wget http://www.measurement-factory.com/tmp/ecap/libecap-0.0.3.tar.gz tar xf libecap-0.0.3.tar.gz
Securepoint eCAP antivirus adapter is an loadable eCAP adapter for the popular Squid HTTP-Proxy which allows you to scan all traffic going through for known viruses. Currently the only supported virus scan engines are clamav and commtouch csamd. The very latest version can be downloaded @ sourceforge.net.
Development of this adapter started in March 2011 because nothing comparable could be found at this time. In the meantime (2011-03-17) at least one similar project exists, which you can find here.
content type detection via libmagic
configurable skiplist dependent of the detected content type
data trickling
patience pages (not yet)
eCAP support was introduced with SQUID version 3.1.. You cannot use the Securepoint eCAP antivirus adapter with earlier versions of SQUID.
wget http://www.measurement-factory.com/tmp/ecap/libecap-0.0.3.tar.gz tar xf libecap-0.0.3.tar.gz
cd libecap-0.0.3/ ./configure make make install
In addition to libecap, libmagic is required to build the Securepoint eCAP antivirus adapter. Any modern Linux distribution should have libmagic installed already because its part of the file package. Anyhow, you have to install the development headers too. On Fedora this is done by typing:
yum install file-devel
Project homepage is http://sourceforge.net/projects/squid-ecap-av/. If you like living on the bleeding edge, you can pull the working branch directly from git://squid-ecap-av.git.sourceforge.net/gitroot/squid-ecap-av/squid-ecap-av.
wget http://downloads.sourceforge.net/project/squid-ecap-av/1.x.x/squid-ecap-av-1.0.5.tar.bz2 tar xf squid-ecap-av-1.0.5.tar.bz2
mkdir squid-ecap-av-1.0.5/build cd squid-ecap-av-1.0.5/build cmake -DCMAKE_INSTALL_PREFIX=/usr .. make make install
Add the following lines to your /etc/squid/squid.conf:
acl HTTP_STATUS_OK http_status 200 loadable_modules /usr/libexec/squid/ecap_adapter_av.so ecap_enable on ecap_service AVRESP respmod_precache bypass=0 ecap://www.securepoint.de/ecap_av adaptation_access AVRESP allow HTTP_STATUS_OK
To skip scanning of html pages and all image types add the following lines to /etc/squid/ecap_adapter_av.skip:
text/html image/.*
To skip scanning of bodies larger than 1MB add the following directive to /etc/squid/ecap_adapter_av.conf:
maxscansize = 1048576
Currently the following options are supported:
avdsocket: path to the unix socket the AV-daemon is listening on (/tmp/clamd.sock)
trickletime (sec): send some bytes each trickletime seconds (30)
maxscansize (bytes): skip scanning of bodies larger than maxscansize, set to 0 to always scan the whole body (0)
magicdb: path to the magic database file (/usr/share/misc/magic.mgc)
skiplist: path to the file containing the list of mimetypes not to scan (/etc/squid/ecap_adapter_av.skip)
tempdir: directory to store temporary files in
Point your browser to go through the proxy and try to download the eicar Anti-Malware test file from here.
Report bugs through the SourceForge.net squid-ecap-av project page.
In the address bar type about:config
Tell it that you will be careful, Promise!!
In the filter type encoding
There should be one option reading network.http.accept-encoding
Click in the value column and type true
We are working on this issue, but currently we have no idea what happens. :-(