El menaje que obtengo es el que se muestra más abajo desde una máquina cliente con XP, configurado el servidor proxy en el navegador web al intentar acceder a cualquier url.
Para integrar clamav con dansguardian he hecho lo siguiente.
Primero instalo clamav y su demonio (clamav clamav-daemon).
Edito el archivo de configuración que se encuentra en /etc/dansguardian/dansguardian.conf y descomento las siguientes lineas:
Código:
Edito /etc/dansguardian/contentscanners/clamdscan.conf y descomento esta linea clamdudsfile = '/var/run/clamav/clamd.ctl' para iniciar clamav en modo demonio.contentscanner = '/etc/dansguardian/contentscanners/clamav.conf' contentscanner = '/etc/dansguardian/contentscanners/clamdscan.conf'
El contenido de /etc/dansguardian/contentscanners/clamav.conf es:
Código:
Y /etc/dansguardian/contentscanners/clamav.conf tiene lo siguiente:# edit this to match the location of your ClamD UNIX domain socket clamdudsfile = '/var/run/clamav/clamd.ctl' # If this string is set, the text it contains shall be removed from the # beginning of filenames when passing them to ClamD. # Use it to - for example - support a ClamD running inside a chroot jail: # if DG's filecachedir is set to "/var/clamdchroot/downloads/" and pathprefix # is set to "/var/clamdchroot", then file names given to ClamD will be of the # form "/downloads/tf*" instead of "/var/clamdchroot/downloads/tf*". #pathprefix = '/var/clamdchroot' exceptionvirusmimetypelist = '/etc/dansguardian/lists/contentscanners/exceptionvirusmimetypelist' exceptionvirusextensionlist = '/etc/dansguardian/lists/contentscanners/exceptionvirusextensionlist' exceptionvirussitelist = '/etc/dansguardian/lists/contentscanners/exceptionvirussitelist' exceptionvirusurllist = '/etc/dansguardian/lists/contentscanners/exceptionvirusurllist'
Código:
Por último el log /var/log/dansguardian/access.log muestra lo siguiente:plugname = 'clamav' # scanbuffmethod # # As of 2.9.4.0, DG uses libclamav's cl_scandesc method instead of # cl_scanbuff when scanning memory buffers. Unfortunately, this means # that memory contents must be written to a file before scanning even # if the file is below maxcontentramcachescansize. # This option specifies how temp files will be created: # # file - create files in scanbuffdir # # shm - use POSIX shared memory # scanbuffmethod = 'file' # scanbuffdir - where to create temp files in scanbuffmethod 'file'. # You can specify a ramfs/tmpfs partition to minimise performance # impact. # Defaults to the configured filecachedir. #scanbuffdir = '/path/to/tmpfs' # tempdir - temporary directory for internal use by clamav. # When scanning archive files, clamav can create temporary files of # its own; this allows you to specify where they will be created. # Used regardless of scanbuffmethod. # Defaults to the configured filecachedir. #tempdir = '/path/to/tmpfs' #maxfiles - The maximum number of files to scan from a single # archive. Like clamd.conf's MaxFiles. maxfiles = 15000 #maxreclevel - The maximum recursion level when unpacking archives # within archives. Like clamd.conf's MaxRecursion. maxreclevel = 10 #maxscansize - Upper limit on the amount of data that whill be # scanned when unpacking an archive, in kilobytes. Like clamd.conf's # MaxScanSize. maxscansize = 100000 exceptionvirusmimetypelist = '/etc/dansguardian/lists/contentscanners/exceptionvirusmimetypelist' exceptionvirusextensionlist = '/etc/dansguardian/lists/contentscanners/exceptionvirusextensionlist' exceptionvirussitelist = '/etc/dansguardian/lists/contentscanners/exceptionvirussitelist' exceptionvirusurllist = '/etc/dansguardian/lists/contentscanners/exceptionvirusurllist'
Código:
Me da la impresión que me deniega cualquier acceso porque el pid de clamav no está comunicándose con dansguardian.2010.11.12 13:31:18 - 192.168.1.2 http://www.google.es *INFECTED* *DENIED* /tmp/tffhBbBK: Access denied. ERROR GET 1215 0 Content scanning 1 403 text/html
Saludos y gracias.
