Search okapi website
Subscribe to newsletter
Antivirus Configuration |
|
Introduction
The Antivirus scans all the incoming HTTP traffic through it and if a virus is found , a virus alert page is shown to the client.It works in combination with the HttpProxy server i.e. HttpProxy server must be running for antivirus service to work.First the HttpProxy server's acl rules are checked.The httpProxy server sends the URL(redirected URL if acl is matched otherwise the same URL) to the antivirus.The antivirus will use a squid Proxy server (by default the local httpProxy server configured.It can also be some other squid Proxy server on some other machine) to fetch the data.The data will be scanned and after that will be sent to the HttpProxy server which will then deliver the data to the client.
Network Diagram 
A running HttpProxy server is the prerequisite to start the antivirus service. First configure and start the HttpProxy server (as if there is no antivirus service available). Okapi(config)# service httpProxy
The antivirus service can be very well started with its default configuration. Starting Antivirus with Default Configuration Now you can start the antivirus service using the following command. Okapi(config)# service antivirus This will start the antivirus service with the default configuration.The antivirus service is ready to be used now.Just configure your browser to use the HttpProxy server configured above and all the incoming HTTP traffic will be scanned by the antivirus. The antivirus can obviously be configured first & then started. Starting Antivirus after changing Default Configuration The antivirus configuration can be done by using the following command Okapi(config)# configure antivirus
*Using remote squid proxy server to fetch the data The default configuration allows the antivirus to use the local squid-proxy server on default port 3128 to fetch the pages/data.This can be changed by using the following command okapi(config-antivirus)# squid-connect 10.20.50.50 This command will configure the antivirus to use the squid-proxy server located on 10.20.50.50 at port 3128(default port).To specify a different port(say 3100), use the following command. okapi(config-antivirus)# squid-connect 10.20.50.50 3100 The above squid-connect commands are used to configure the antivirus to use some remote host as squid-proxy server.To use the local squid-proxy-server(which is default) use the following command. okapi(config-antivirus)# squid-connect localhost The following command can also be used for the same purpose okapi(config-antivirus)# no squid-connect
*Skipping Antivirus Scan The default configuration scans all the incoming HTTPtraffic.The antivirus scan can be disabled if you want based on three different rules/conditions. 1.URL based 2.Content-Type based 3.Client's IP address based 4.Size based 1. URL based okapi(config-antivirus)# abort google\.com This will disable the antivirus scan for HTTP traffic coming from this google.com. okapi(config-antivirus)# abort .*\.(png|gif|jpg)$ This command will exclude all PNG, GIF and JPEG image from antivirus scanning. 2. Content-Type based okapi(config-antivirus)# abortcontent ^image\/.*$ okapi(config-antivirus)# abortcontent ^video\/x-flv$ The first command will disable antivirus scan for any image. The second command will skip the scan for streamed videos. 3. Client's IP address based okapi(config-antivirus)# trustclient ^192\.168\.1\.1$ okapi(config-antivirus)# trustclient ^192\.168\.1\..*$ okapi(config-antivirus)# trustclient ^mypc\.domain\.dom$ The first and the last command will disable chained program and virus scan for a single computer and the second command will do for an entire class C network. 4. Size based okapi(config-antivirus)# maxsize 24000000 This command will configure the antivirus to skip the scan for any file larger than 24MB(i.e. 24000000 bytes).
*Specify the maximum connection queue length okapi(config-antivirus)# maxconnectionqueue 20 This command sets the limit to the length of the queue of connections that are pending to the Antivirus to 20.It means at a time a max of 20 connections may be made to the antivirus(that are pending).
*Specify the maximum no of threads that can run simultaneously okapi(config-antivirus)# maxthreads 15 This command sets the maximum no of Antivirus threads that can run simultaneously to 15.
*Cache Options The antivirus also supports a cache.The antivirus detects if the file to download is already stored in HttpProxy server's cache. If cache is enabled ,antivirus will not scan a file coming from proxy server's cache as it may have already been scanned during the first download. If cache is disabled, no matter if the file is stored in the cache, antivirus will rescan the same file at each client request. It is disabled by default.But it is recommended to enable it. okapi(config-antivirus)# enable cache okapi(config-antivirus)# no enable cache
*Antivirus Database Update The antivirus database must be updated frequently.This can be done in two ways 1.Enabling Autoupdate 2.Manual Update 1. Enabling autoupdate The autoupdate of database can be enabled by using the following command : okapi(config-antivirus)# enable autoupdate This will configure the antivirus to download updates in the background.The database is checked for update every two hours by default.This can be changed by using the following command: okapi(config-antivirus)# dbcheck-interval 24 This command will set the update to be checked every hour.Its the maximum value. The autoupdate can be disabled using following command: okapi(config-antivirus)# no enable autoupdate 2. Manual Update The database can be manually updated by using the following command. okapi(config-antivirus)# updatedb-antivirus After issuing the command ,update starts in the background.The details can be checked in the file /var/log/clamav/freshclam.log.
*Country code The country code is required to use the closest download mirror for update download.This is in by default which is the code for India.It should be set to the respective country code. okapi(config-antivirus)# countrycode au This command will set the country code for Australia.A list of country codes can be found at http://www.iana.org/domains/root/db/ The code must be given excluding the starting dot(.).
|