Configuring Squid & HAVP(ClamAV) in Ubuntu : Example # 1

March 4, 2010

In this article, it is assumed that Squid has been installed and running well, because the contents of this article will not discuss the installation of squid. The following is just an example of the steps in configuring Squid as a transparent proxy and HAVP (in collaboration with ClamAV) as a virus scanner (parent proxy).

1. Information schema.

               Transparent Proxy*
               192.168.0.253:3128
                      ||                    [eth1]
                      ||                      ||
 [Intranet]--------[Squid]-+-[HAVP]--------[Internet]
     ||                        ||
   [eth0]                  Parent Proxy
192.168.0.0/24            127.0.0.1:8080
                               ||
                               ||
                            [ClamAV]

2. Installing HAVP, ClamAV and ClamAV update virus databases for the first time.

~# apt-get install havp clamav
~# freshclam

3. Add the following line into file “/etc/squid/squid.conf”.

cache_peer 127.0.0.1 parent 8080 0 no-query no-diggest no-netdb-exchange default

4. Make sure the configuration files in “/etc/havp/havp.config”, at least as the following lines.

USER havp
GROUP havp
DAEMON true
PIDFILE /var/run/havp/havp.pid
SERVERNUMBER 20 # please adjust itself
MAXSERVERS 100 # please adjust ifself
ACCESSLOG /var/log/havp/access.log
ERRORLOG /var/log/havp/havp.log
USESYSLOG false
SYSLOGNAME havp
SYSLOGFACILITY daemon
SYSLOGLEVEL info
LOG_OKS true
LOGLEVEL 1
SCANTEMPFILE /var/spool/havp/havp-XXXXXX
TEMPDIR /var/tmp
DBRELOAD 60
TRANSPARENT false
FORWARDED_IP true
PORT 8080
BIND_ADDRESS 127.0.0.1
TEMPLATEPATH /etc/havp/templates/en
ENABLECLAMLIB true
CLAMDBDIR /var/lib/clamav
ENABLECLAMD false
ENABLEFPROT false
ENABLEAVG false
ENABLEAVESERVER false
ENABLESOPHIE false
ENABLETROPHIE false
ENABLENOD32 false
ENABLEAVAST false
ENABLEARCAVIR false
ENABLEDRWEB false

5. Make sure the rules in the IPTables NAT in this case as step 1, at least as the following lines.

~# iptables -t nat -A PREROUTING -j REDIRECT -p tcp -i eth0 -s 192.168.0.0/24 –dport 80 –to-ports 3128
~# iptables -t nat -A POSTROUTING -j MASQUERADE -p tcp -s 192.168.0.0/24 -o eth1

6. Restart Squid and HAVP service.

~# squid -k reconfigure
~# /etc/init.d/havp force-reload
– or –
~# /etc/init.d/squid restart
~# /etc/init.d/havp restart

7. Finish.

*) Don’t forget to open tcp ports 80 & 3128.

In this article, I use Ubuntu Server 8.04 LTS, Squid 2.6, HAVP 0.89, and ClamAV 0.94.2.
For more information, please visit the website at http://www.server-side.de.

Advertisements

5 Responses to “Configuring Squid & HAVP(ClamAV) in Ubuntu : Example # 1”

  1. Mark Johnson Says:

    Thanks for this post, answers a bunch of questions I was having.

  2. Eric Appelboom Says:

    Strongly recommend that you configure ramdrives as your tmp working directories.


  3. There is obviously a lot to learn about this. There were some pretty good points.

  4. Steve Holdoway Says:

    Couple of points…

    . no-diggest should be spelt correctly.
    . why are you masquerading your outgoing traffic? MASQUERADE isn’t the correct option in most places, and I don’t think it’s necessary anyay.

  5. Bizax Says:

    First, Thanks for a great tutorial. I want to ask, why HAVP eating a lot of memory (RAM). Do you have any advise to decrase memory consume by HAVP?

    Thank you


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: