| View previous topic :: View next topic |
| Author |
Message |
tazinblack
Veteran
Joined: 23 Jan 2005
Posts: 1146
Location: Baden / Germany
|
 Posted: Fri May 29, 2009 12:28 pm Post subject: squid mit squidclamav. Ich krieg die Krise [solved] |
 |
|
Hallo zusammen,
ich versuch hier grad squid per squidclamav mit clamav zu verheiraten.
Also sprich zentral auf dem Proxy nach Viren scannen.
hier meine configs
squid :
| Code: |
auth_param basic program /usr/bin/ntlm_auth --require-membership-of="S-1-5-21-1416334993-3778034040-475538095-1204" --helper-protocol=squid-2.5-basic
auth_param basic children 10
auth_param basic realm Proxy-Server USA
auth_param basic credentialsttl 2 hours
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl localhost src 172.20.90.113/32
acl to_localhost dst 127.0.0.0/8
acl office proxy_auth REQUIRED src 172.20.60.0/24
acl office proxy_auth REQUIRED src 172.20.90.103/32
acl office proxy_auth REQUIRED src 172.20.90.104/32
acl production proxy_auth REQUIRED src 172.20.65.0/24
acl datacenter src 172.20.90.199/32
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl User_ports port 80 # http
acl Update_ports port 21 # ftp
acl Update_ports port 80 # http
acl Update_ports port 873 # rsync
acl SSL_crypt_ports port 443 # https
acl deny_rep_mime_flashvideo rep_mime_type video/flv
acl https_urls dstdom_regex -i "/etc/squid/https_whitelist"
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow datacenter Update_ports
http_access allow office User_ports
http_access allow production User_ports
http_reply_access deny deny_rep_mime_flashvideo
http_access allow https_urls datacenter
http_access allow https_urls office
http_access allow https_urls production
http_access allow localhost
http_access deny all
icp_access allow datacenter
icp_access deny all
htcp_access allow datacenter
htcp_access deny all
http_port 3128
hierarchy_stoplist cgi-bin ?
cache_dir ufs /var/cache/squid 2000 16 256
logformat combined %>a %ul %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/access.log combined
logfile_rotate 30
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_mgr me@somewhere.org
visible_hostname li77x113.usa01.boysen
icp_port 3130
forwarded_for off
coredump_dir /var/cache/squid
url_rewrite_program /usr/sbin/squidclamav
url_rewrite_children 15
url_rewrite_access deny localhost
url_rewrite_access deny SSL_crypt_ports
|
squidclamav
| Code: |
squid_ip 127.0.0.1
squid_port 3128
trust_cache 0
logfile /var/log/squidclamav/squidclamav.log
redirect http://localhost/virus.php
#squidguard /usr/bin/squidGuard
debug 1
force 1
stat 1
clamd_local /var/run/clamav/clamd.sock
#clamd_ip 127.0.0.1
#clamd_port 3310
timeout 300
regexi ^.*\.*$
content ^.*\/.*$
|
Das schöne ist, dass clamav die Sachen wohl scannen will, aber dann mit curl ein Problem hat und das dann doch lässt :
| Code: |
Fri May 29 08:23:20 2009 [23144] DEBUG Request:http://www.google.de/ 172.20.90.103/- edv-kie GET
Fri May 29 08:23:20 2009 [23144] DEBUG regex matched: http://www.google.de/
Fri May 29 08:23:20 2009 [23144] DEBUG Curl will use proxy: http://127.0.0.1:3128
Fri May 29 08:23:20 2009 [23144] DEBUG Force scanning bad header from url http://www.google.de/
Fri May 29 08:23:20 2009 [23144] DEBUG Sending STREAM to clamd.
Fri May 29 08:23:20 2009 [23144] ERROR fail downloading url http://www.google.de/
Fri May 29 08:23:20 2009 [23144] ERROR CURLOPT_ERRORBUFFER: The requested URL returned error: 407
Fri May 29 08:23:20 2009 [23144] STAT Total process time 0.002 second(s)
Fri May 29 08:23:20 2009 [23144] DEBUG Request:http://www.google.de/csi?v=3&s=webhp&action=&tran=undefined&ei=xNMfSp2WLtKEsAa-rcmSDA&e=20240,20572&rt=prt.31,ol.63,xjs.78 172.20.90.103/- edv-kie GET
Fri May 29 08:23:20 2009 [23144] DEBUG regex matched: http://www.google.de/csi?v=3&s=webhp&action=&tran=undefined&ei=xNMfSp2WLtKEsAa-rcmSDA&e=20240,20572&rt=prt.31,ol.63,xjs.78
Fri May 29 08:23:20 2009 [23144] DEBUG Curl will use proxy: http://127.0.0.1:3128
Fri May 29 08:23:20 2009 [23144] DEBUG Force scanning bad header from url http://www.google.de/csi?v=3&s=webhp&action=&tran=undefined&ei=xNMfSp2WLtKEsAa-rcmSDA&e=20240,20572&rt=prt.31,ol.63,xjs.78
Fri May 29 08:23:20 2009 [23144] DEBUG Sending STREAM to clamd.
Fri May 29 08:23:20 2009 [23144] ERROR fail downloading url http://www.google.de/csi?v=3&s=webhp&action=&tran=undefined&ei=xNMfSp2WLtKEsAa-rcmSDA&e=20240,20572&rt=prt.31,ol.63,xjs.78
Fri May 29 08:23:20 2009 [23144] ERROR CURLOPT_ERRORBUFFER: The requested URL returned error: 407
Fri May 29 08:23:20 2009 [23144] STAT Total process time 0.002 second(s)
Fri May 29 08:23:20 2009 [23144] DEBUG Request:http://clients1.google.de/generate_204 172.20.90.103/- edv-kie GET
Fri May 29 08:23:20 2009 [23144] DEBUG regex matched: http://clients1.google.de/generate_204
Fri May 29 08:23:20 2009 [23144] DEBUG Curl will use proxy: http://127.0.0.1:3128
Fri May 29 08:23:20 2009 [23144] DEBUG Force scanning bad header from url http://clients1.google.de/generate_204
Fri May 29 08:23:20 2009 [23144] DEBUG Sending STREAM to clamd.
Fri May 29 08:23:20 2009 [23144] ERROR fail downloading url http://clients1.google.de/generate_204
Fri May 29 08:23:20 2009 [23144] ERROR CURLOPT_ERRORBUFFER: The requested URL returned error: 407
Fri May 29 08:23:20 2009 [23144] STAT Total process time 0.002 second(s)
|
Das Ende vom Lied ist, dass ich problemlos den Eicar-Testvirus downloaden kann.  )
Google hat zwar jede Menge, aber nicht was jetzt fuinktioniert hat.
Ich glaub ich werfs gleich ins Eck.
Ich hab auch schon versucht, ohne
| Code: |
squid_ip 127.0.0.1
squid_port 3128
|
also das curl das quasi am squid vorbeilädt und dann scannt und dann erst an squid weitergibt, aber das bringt auch nichts.
Error 407 bedeutet, das der Proxy die Authentifizierung nicht akzeptiert.
_________________
Gruß / Regards
tazinblack
_______________________________________________________
what's the point in being grown up if you can't be childish sometimes
Last edited by tazinblack on Fri May 29, 2009 1:13 pm; edited 1 time in total |
|
| Back to top |
|
 |
tazinblack
Veteran
Joined: 23 Jan 2005
Posts: 1146
Location: Baden / Germany
|
| Posted: Fri May 29, 2009 1:13 pm Post subject: |
|
|
Ich habs gefunden.
Ich hab jetzt die Zeile
| Code: |
http_access allow localhost |
als erste http_access - Zeile eingetragen und jetzt gehts.
Man war das ein Gesuche, nur wegen der falschen Position.
_________________
Gruß / Regards
tazinblack
_______________________________________________________
what's the point in being grown up if you can't be childish sometimes |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Deutsches Forum (German) 
