Table of Contents:
-------------------

1.0 Status
2.0 Thanks
3.0 Install
	3.1 Squidclam config
4.0 Performance
5.0 Tempfs
6.0 Common Errors
7.0 Sample squid.conf

Code Status:
-------------

This Code ist in a very early stage but maybe it's usefull to someone ;)

squidclam is going to be a program to scan files served to win32
machines by a squid proxy. It hast du be fast and small to get
this job done. Also it has to be secure to not weaken the server
system.

At the moment squidclam is pretty small, scans files up to 100kB for viruses
and is doing it's job pretty well for me.

If you know what your doing and have some knowledge in C and secure
programing please give it a try and provide some feedback.


Thanks:
--------
to
    the clamav team www.clamav.net for there OSS virus scanner
    the squid team www.squid-cache.org for there HTTP Proxy
    Michael Lang http://www.jackal-net.at/ for the idea.


Install:
---------

    - get and install clamav
    - get and install curl 

    - create a tmpfs or ramdisk and mount it at /tmpdata

    - compile squidclam

        cd squidclam-$RELEASENUM
        change ERROR and MY_PROXY DEBUG ERRIGNORE TMPF in squidclam.c to suite your needs.
        ./configure
        make
        make install OR just copy the file squidclam to a location you like.
		make DESTDIR=/usr/local/bin install is another option.

    - configure squid to use squidclam

        add the following to your squid.conf
        "redirect_program /usr/local/bin/squidclam"
        "redirect_children 15"  # make a wise choice

        and this line to your acl list to prevent loops
        "redirector_access deny localhost"

        squid doesn't pass complete ssl urls to the redirector.
        Therefor scanning them is pretty useless add something like the following 
        to avoid this and save bandwidth.
        "acl SSL_ports port 443 563"
        "redirector_access deny SSL_ports"

    - test it at www.eicar.com

    - provide me some feedback to squidclam AT users DoT sourceforge DoT net ;)
      don't use such an braindeath mailer with blacklist if you want me to answer

Squidclam config:
-----------------

	Since version 0.10 there is support for a config file in squidclam.
	Default this is /etc/squidclam.conf. There is a sample.conf file in
	the source tarball where you can get an idea of the syntax.
	Lines longer than 100 characters aren't allowed. This
	should be enough in nearly any case. Mixed lines (config and comments)
	are not allowed. So please use

	# define which proxy to use
	proxy = http://127.0.0.1:3128

	instead of

	proxy = http://127.0.0.1:3128  # define which proxy to use
	

Performance:
-------------

    There is a performance decrease. That couldn't be avoided using the
    redirector technic. You can probably increase the speed by allowing
    more squidclam instances. But this will produce higher load for your
    proxy system.

    The access to the www now is working the following way.

    browser    -> squid
    squid      -> squidclam
    squidclam  -> fetch from www and cache in your proxy listening on lo
    squidclam <-> check for virus
    squidclam  -> squid (answer)
    squid      -> serve page to browser which should already be cached because
                  squidclam fetched it just befor

    So there is the time squidclam needs to check the file for a virus
    thats added to the normal time to get a file. Because there are so
    many different files which may contain a virus squidclam scanns every
    file.

    You can increase the performance of your system with the following tweaks.
    
        - use a ramdisk for the temporary files. You REALLY want this!
        - make sure squidclam uses your proxy
        - Make sure squidclam has access to a fast (local) nameserver to
          avoid lookup delays
        - if you have a high load system change the virus db reload
          intervall to something to suite your needs #define RLDB (1000)
        - place the virus db on a ramdisk too
		- squidclam prozesses = 15 + users 


Tempfs: 
--------

    Add the following line to /etc/fstab
    "tmpfs /tmpdata tmpfs rw,noexec 0 0"

    Make the new Directory
    mkdir /tmpdata

    Mount tmpfs
    mount /tmpdata
    
    
Common Errors:
---------------

Sample squid.conf:
-------------------

icp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
redirect_program /usr/local/bin/squidclam
redirect_children 15
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp:       1440    20% 10080
refresh_pattern ^gopher:    1440    0%  1440
refresh_pattern .       0   20% 4320
refresh_pattern         \.gif$          10080   100%  43200 override-expire
refresh_pattern         \.jpg$          10080  100%  43200 override-expire
refresh_pattern .               960     90%     43200   reload-into-ims
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl network  src  192.168.11.0/255.255.255.0
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70      # gopher
acl Safe_ports port 210     # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280     # http-mgmt
acl Safe_ports port 488     # gss-http
acl Safe_ports port 591     # filemaker
acl Safe_ports port 777     # multiling http
acl Safe_ports port 901     # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
redirector_access deny SSL_ports
redirector_access deny localhost
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow network
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
forwarded_for off
