Securepoint eCAP antivirus adapter is an loadable eCAP adapter for the popular Squid HTTP-Proxy which allows you to scan all traffic going through for known viruses. Currently the only supported virus scan engines are clamav and commtouch csamd. The very latest version can be downloaded @ sourceforge.net.

Development of this adapter started in March 2011 because nothing comparable could be found at this time. In the meantime (2011-03-17) at least one similar project exists, which you can find here.


eCAP support was introduced with SQUID version 3.1.. You cannot use the Securepoint eCAP antivirus adapter with earlier versions of SQUID.


Download and install libecap

Download and unpack:
wget http://www.measurement-factory.com/tmp/ecap/libecap-0.0.3.tar.gz
tar xf libecap-0.0.3.tar.gz
Build and install:
cd libecap-0.0.3/
make install

Download and install Securepoint eCAP antivirus adapter

In addition to libecap, libmagic is required to build the Securepoint eCAP antivirus adapter. Any modern Linux distribution should have libmagic installed already because its part of the file package. Anyhow, you have to install the development headers too. On Fedora this is done by typing:

yum install file-devel
Download and unpack:

Project homepage is http://sourceforge.net/projects/squid-ecap-av/. If you like living on the bleeding edge, you can pull the working branch directly from git://squid-ecap-av.git.sourceforge.net/gitroot/squid-ecap-av/squid-ecap-av.

wget http://downloads.sourceforge.net/project/squid-ecap-av/1.x.x/squid-ecap-av-1.0.5.tar.bz2
tar xf squid-ecap-av-1.0.5.tar.bz2
Build and install:
mkdir squid-ecap-av-1.0.5/build
cd squid-ecap-av-1.0.5/build
make install


Add the following lines to your /etc/squid/squid.conf:

acl HTTP_STATUS_OK http_status 200
loadable_modules /usr/libexec/squid/ecap_adapter_av.so

ecap_enable on
ecap_service AVRESP respmod_precache bypass=0 ecap://www.securepoint.de/ecap_av
adaptation_access AVRESP allow HTTP_STATUS_OK

To skip scanning of html pages and all image types add the following lines to /etc/squid/ecap_adapter_av.skip:


To skip scanning of bodies larger than 1MB add the following directive to /etc/squid/ecap_adapter_av.conf:

maxscansize = 1048576


Currently the following options are supported:


Point your browser to go through the proxy and try to download the eicar Anti-Malware test file from here.

Bug reporting

Report bugs through the SourceForge.net squid-ecap-av project page.

A note for Firefox Users

How to solve "Content Encoding Error" on firefox?

From http://answers.yahoo.com/question/index?qid=20100804010634AAxaUGD

We are working on this issue, but currently we have no idea what happens. :-(

Hosted on SourceForge.net