关于在smoothwall上安装anti-virus的文章

srsman

Mod version 4.1
Last edited: 06/09/2005

History:
1.0 - First release (10/08/04)
1.01 - Updated archive to include /tmp/dgvirus directory (14/08/04)
1.02 - Edited logrotate file to compress logs (16/08/04)
1.1 - Recompiled and now patched with AV 6.3.2 - Fixes a problem with large downloads.
2 - New DG version (2.8.0.3) and new AV patch version (6.3.6) for ClamAV 0.80
2.01 - Fixed problem with missing log & tmp dirs
3.0 - Updated archive to latest stable build (DG 2.8.0.3 & AV 6.3.8 )
4.0 - Updated archive to latest build (DG 2.8.0.6 & AV 6.4.2a )
4.1 - Updated archive to latest build (DG 2.8.0.6 & AV 6.4.3 )

0. What is DGAV?
DGAV combines the DansGuardian content filter with a 3rd party patch enabling content to also be scanned for infection (viri, trojans & worms). If questionable content or an infection is found the page is replaced with a 'blocked' page alerting the end user.

1. What this mod provides
NEW DansGuardian 2.8.0.6 executable with Anti-Virus 6.4.3 patch.
NEW Updated install and uninstall scripts.
NEW Improved startup and automatic configuration script.
NEW Script to handle AV engine changing.
libesmtp libraries to allow an email to be sent to an email address of your choice upon discovery of an infected file.

If you do not require AV scanning and want a smaller, more lean DansGuardian then click here: [2.0] DansGuardian 2.8.0.6

2. Prerequisites
You need the ClamAV software installed on your system before this version of DansGuardian will work. This is available from the following thread: [2.0] ClamAV 0.80+ - Anti-virus software.

3. Remove or Backup existing DansGuardian Installation
The installation script will backup your existing archive to the following location: /var/smoothwall/mods/dansguardianav/olddg.tgz
Copies of your configuration files will also be made in /var/smoothwall/mods/dansguardianav/configs so you can easily get to your old settings to copy them back to the new configuration files.

I'll explain later how you can restore this installation should the latest build not be to your satisfaction  

4. Installation
Now you need to get the dansguardian-2.8.0.6-antivirus-6.4.3.tgz archive (395k) from here or here and copy it to your /tmp folder. From the command line type:Code:
tar -zxvf dansguardian-2.8.0.6-antivirus-6.4.3.tgz -C /

Now type Code:
./install-dgav.sh
the script should now install the new DG.

The script will automatically determine your SmoothWall's green ip address and will update the relevant parts of the configuration file automatically. It will also check to see if you have the ClamAV daemon running and will setup the relevant scanning engine for you. You can change the engine at any time after the installation. I'll explain more later.

5. Configuration
Before you would have had to set the proxy and filter IP addresses. This should all be done by the installation script so setting up your DGAV now requires less work  

The 'Naughtyness limit' is set in the /etc/dansguardianf1.conf file. The default level of protection is quite high. If you want DG to be less sensitive then please increase the 'Naughtyness' level. It is now possible to have more than 1 level of configuration and filter at different levels for different clients. Have a look at the information in the various config files for more info. This thread also has some information about setting up multiple groups.

If you want an email to be sent to you each time a virus is discovered then enter your SMTP server and email details into the relevant sections in the dansguardian.conf file. They are located near the bottom of the file.

If you opted not to start DG when you ran the install script you can start it from the command line like so:Code:
/var/smoothwall/mods/dansguardianav/startdg

If not already configured in transparant mode and already running your web proxy will be restarted. If it didn't work for whatever reason then then try typing:Code:
dansguardian -N
This should give you more information as to why it is failing. Also check the /var/log/messages file as this could also tell you why.

Changing the AV scanning engine
I mentioned earlier that you can change how DGAV scans the files you download. One way is to let DG load the ClamAV anti virus information itself and check each file itself (the clamav engine). The other way is to load ClamAV independantly of DG and have DG pass all files to the ClamAV daemon (the clamdscan engine). By default, other DGAV releases for SmoothWall used the first option because it was easier  In this release the installer changes the engine based on if you have the ClamAV deamon loaded or not. If you haven't DG will be configured to not use the ClamAV deamon.

If you want to get DGAV to use the opposite engine to the one currently in use just run the following command:Code:
/var/smoothwall/mods/dansguardianav/dgavchange
It will then start the ClamAV daemon if needed and ask if you want to start DGAV so the changes can take effect. Have a play with the engines. I've found the clamdscan engine to be faster than the clamav engine. Plese report on your findings regarding speeds and memory usage. If you think you had better performance with the previous engine just run the command again to switch back.


Auto starting DG & forcing proxy use
If you planning on using the DGGUI then you won't need to add any of this info as the DGGUI install script will add it for you.You can safely move on to the next section of the instructions
If all is ok you can tell DansGuardian to start at boot time by placing the following in your /etc/rc.d/rc.sysinit file:
Code:
echo "Starting DansGuardian"
/var/smoothwall/mods/dansguardianav/startdg noverify
beforeCode:
echo "Silencing kernel, syslog output on tty12"
echo >/proc/sys/kernel/printk "1 4 1 7"

If you want to secure your network so all traffic MUST go through Dansguardian, you will need to make one small adjustment.
Edit /etc/rc.d/rc.firewall.up with your favourite text editor and add the following:Code:
# prevent network users from bypassing DansGuardian
iptables -A INPUT -p TCP -i $GREEN_DEV -s 0/0 --dport 800 -j DROP
immediately afterCode:
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT ACCEPT

You can now copy, by hand, any settings back from your old config files. A copy of these have been placed into /var/smoothwall/mods/dansguardianav/configs. These files were also backed up when DGAV was installed.

6. Testing & Features
Go to http://www.eicar.org/anti_virus_test_file.htm click one of the links and you should see an 'Access Denied' page. It should list the reason for blocking the page as 'Virus Eicar-Test-Signature found'. It may show as unformatted HTML in some browsers. It may appear that the zip files have been downloaded successfully. Try opening the zip archive to see that it has been corrupted and cannot be opened.

DGAV Download Manager
This new feature aims to solve one of the problems that the AV patch introduced. When you download a file you usually have to wait a while before your browser says anything is happening. This is often annoying because you are unsure if the download is actually taking place. What's happening is DGAV is getting the file and waiting to scan it before it send it to you. Playing about with the tricklength and trickledelay settings used to help somewhat but still left large downloads in 'limbo' until they had completed. The download manager allows you to specify extensions that you want it to take care of. Then, when you download a file of that type you get a groovy progress display in your browser window. It'll look something like this (click to see).

To tell DGAV which files you want it to use the download manager for you need to add the extension to /etc/dansguardian/dlmgrextensionlist like so:Code:
# Download manager extension list

# File extensions to be handled

.iso
.tgz
Remember to restart DGAV to implement any changes.

7. Uninstalling DansGuardian 2.8.x.x
To remove this build of DGAV and put your old one back simply run this command Code:
/var/smoothwall/mods/dansguardianav/restore
You will need to restart DG once it has been restored to get your old installation up and running.

To completely remove DGAV then run the following command Code:
/var/smoothwall/mods/dansguardianav/uninstall

Taadaa! All Gone. This will also remove ALL backups and configuration files.

8. Known Issues / Problems
DG is a memory hog so performance on low memory systems may be poor. I've seen DG use upto 57mb when used on its own or 50mb when used in conjuntion with the ClamAV Daemon (which uses approx 8mb itself). I'd recommend 128mb physical RAM in your system and extra swap space too. Let me know if you have it running with acceptable speed on lower memory systems.

9. Thanks
Daniel Barron and all at dansguardian.org for the groovy DansGuardian.
Brian Stafford for the libesmtp libraries.
http://www.harvest.com.br/asp/afn/dg.nsf for the AV 6.3.6 patch.
Daniel Hozac for the updated Squid.
Tiago for the mod setup page format.
Steve McNeill for the DG & AV GUI

10. Complementary Mods & Information
[2.0] Squid 2.5.STABLE8 - Updates Squid to a later version. Will improve DG performance as it has a few speed increases.
[2.0] Dansguardian GUI - Makes DansGuardian administration soooo much easier and fixes the things I've probably broke.
Create a swap file - If your running low on memory a swap file may help you out.
Setting up DG with 3 groups - Although you may not need three groups this shows you how to set up multiple groups on DG.

11. Notes
I've successfully installed this on a clean installation of SmoothWall with all fixes and my main SmoothWall that has many mods installed. All went ok  The dansguardian.conf file has had some extra options added to it regarding virus scanning. Please take a look at them for more info.

Happy virus blocking!

Kev

Edited:
13/08/04 - Added /tmp/dgvirus directory to archive.
14/08/04 - Added link to non AV version of DG.
16/08/04 - edited logrotate file in archive so log file are now compressed
27/08/04 - Recompiled to include AV Patch 6.3.2 - Fixes some issues with large downloads being trashed.
10/09/04 - Fixed logrotate script. (I think)
15/11/04 ? New archive. Now contains DG 2.8.0.3 & AV 6.3.6
18/11/04 - Install script now creates log file and tmp dir if they don't already exist.
23/02/05 - Added download mirror.
05/04/05 - Recompiled to include AV patch 6.3.8
27/08/05 - New archive. Now contains DG 2.8.0.6 & AV 6.4.2a
06/09/05 - New archive. Now contains DG 2.8.0.6 & AV 6.4.3

Last edited by kevh100 on Tue Sep 06, 2005 3:59 am; edited 24 times in total



参考网站： dansguardian.org
http://sourceforge.net/project/memberlist.php?group_id=131757

srsman

Documentation version 2.2
Mod version 9.0
Last edited: 02/07/2005

History:
1.0 - First release (0.75) (10/08/04)
1.01 - Changed clamd startup script to work better with DansGuardian GUI
2.0 - ClamAV 0.80
2.01 - Fixed the clamd startup script.
3.0 - ClamAV 0.81
4.0 - ClamAV 0.82
5.0 - ClamAV 0.83
5.01 - Added missing startup scripts
6.0 - ClamAV 0.84
6.01 - Fixed clamd.conf.
7.0 - ClamAV 0.85
8.0 - ClamAV 0.85.1
9.0 - ClamAV 0.86.1
10.0 - ClamAV 0.86.2

1. What this mod provides
This mod provides the ClamAV daemon, virus scanning utilities and freshclam utility to automatically update anti-virus definitions. It also provides the logrotate script to rotate the logs (weekly).

Please note that ClamAV cannot repair files. It does not attempt to remove any viri from the infected files and can only delete the entire file. The default configuration is to simply report the infection.

2. Installation
If you have ClamAV 0.75 or ClamAV 0.80 - ClamAV 0.86.1 currently installed this will be removed before ClamAV 0.86.2 is installed. It will not be backed up. If you wish to back it up please do so before you install this version of ClamAV.

Download the clamav-0.86.2.tgz archive (1.24Mb) from here or here and copy it to your SmoothWalls /tmp directory. Then, from the command line, cd into your /tmp directory and type:
Code:

tar -zxvf clamav-0.86.2.tgz -C /


This will unpack the archive and install script to the /tmp directory.

NOTE: If your smoothwall is NOT connected to the internet when you install ClamAV you will not be able to get the latest AV definitions. Without them ClamAV won't start. In this case please download some definitions from here or here to the /tmp directory on your SmoothWall's HD. If your SmoothWall IS connected to the internet during ClamAV installation you do not need these files.

To install ClamAV 0.86.2 run the install script like so:

Code:
./install-clamav.sh


If, when you install, you are not connected to the internet and the clamav definitions are in your /tmp directory the install script will install these and not check online for updated ones. If you are online when you install ClamAV you don't need this file as the Install script will get the latest virus definition files from the internet.

If you have ClamV 0.75 or ClamAV 0.80 - ClamAV 0.86.1 installed this will now be removed and ClamAV 0.86.2 will be installed. The install script is very basic and has worked fine on my main SmoothWall machine and my freshly installed test SmoothWall. If it doesn't work for you please post any errors given on here and I'll try to help.

3. Configuration
ClamAV requires little configuration and should work straight from the archive. Take a look at /etc/clamd.conf to see the options available if you do feel adventurous! The freshclam update utility also should require no attention. If you are not using the transparant proxy on SmoothWall and need to enter your proxy details then please edit the relevant lines in /etc/freshclam.conf.

The ClamAV virus definition files should have been updated during the installation process. If you wish to make sure it does work type from the command line: Code:
freshclam


Some text should scroll past and you will be informed if your definition files have been updated. If something isn't correct the resulting message will help you see what's wrong. You could also take a look at the log file for freshclam in /var/log/clamav/freshclam.log.

You don't have to have the clamd daemon running all of the time. It's only really of benefit if you want to continually monitor certain directories or you need the clamd for other mods but it's a good idea to see if it will start. From the command line type:
Code:

/usr/local/sbin/clamd


If all is ok you should be returned back to the command line after a short while. If not then the resulting error message will give you a clue as to why it's not working. You can also take a look at the clamd logfile; /var/log/clamav/clamd.log

You do not need to do this stage if you are planning to use the DGGUI
If you want the ClamAV daemon to start each time your SmoothWall does then open /etc/rc.d/rc.sysinit and add:
Code:
echo "Starting ClamAV 0.86.1 deamon..."
/usr/local/sbin/clamd


before
Code:
echo "Silencing kernel, syslog output on tty12"
echo >/proc/sys/kernel/printk "1 4 1 7"



There's no need to autostart the clamd daemon if all you want to use ClamAV for is DanGuardian http scanning.

4. Usage
There are two scanning tools available; clamscan and clamdscan. Clamdscan acts as a client of the clamd daemon and because of this requires that the daemon be running. Clamscan however, can run independantly of the daemon. Both are very similar in their usage but clamscan does give more options. Type
Code:
clamdscan --help
or
clamscan --help

to see the switches available.

To scan a directory on your computer type:Code:
clamscan -r -l /tmp/scan.txt /tmp
You should see a list of files scroll up your screen. The summary will show you the speed of the scan and if any files were infected. The resulting scan will create a text file in your /tmp directory called scan.txt. If you want to look at the scan results in more detail have a look at the text file created. To remove the infected files then add the --remove to the above command.

You can set up a weekly scan by adding the following to your /etc/crontab file:
Code:
# Run ClamAV once a week
@weekly root /usr/local/bin/clamscan --quiet -r -l /var/log/lastscan.txt /


You can set up daily av definition updates by adding the following to your crontab file:Code:
#Run freshclam every day at 9am
0 9 * * * root /usr/local/bin/freshclam --quiet >/dev/null
Alternatively, just type freshclam from the command line

5. Uninstalling
To uninstall any of the versions I've worked on (0.75, 0.80-0.86.1) then please run the following script:Code:
var/smoothwall/mods/clamav/clamav-uninstall.sh
Whichever version of ClamAV you had installed before should now be removed.

6. Known Issues / Problems
If you are using Steve McNeill's DansGuardian & ClamAV GUI then you will need to reinstall it to regain full DGGUI functionality.

7. Thanks
ClamAV development team for ClamAV

8. Further Reading
Please read the ClamAV docs for a better understanding of the ClamAV tools.

9. Notes
Clam AV does not repair infected files. clamscan can remove files though using the --remove switch.
I've succesfully installed this on a fresh install of SmoothWall (with all 4 fixes) and also my main SmoothWall, which is running many mods. I have experienced no problems as of yet. I am also using this with the DansGuardian 2.8.0.3 & AV 6.3.8 mod and there does not appear to be any compatability problems.

I've probably missed something so please highlight anything that is wrong. Do read the docs as they probably explain everything better than I have!

Kev

31/08/04 - Changed the clamd startup script so that it can be controlled via Steve McNeill's DansGuardian & ClamAV GUI
15/09/04 - Added download mirror
28/10/04 - ClamAV 0.80 archive posted
31/10/04 - Updated paths
03/11/04 - Included new clamd startup script - made CVD files available for download.
13/11/04 - Thanks to Brian (AwPhuch) for poining out the CRON error and telling me about the ClamAV / Freshclam update issue.
03/02/05 - Released ClamAV 0.81
07/02/05 - Released ClamAV 0.82
10/02/05 - Added known issue/fix regarding DGGUI
18/02/05 - Released ClamAV 0.83 with uninstall script  
23/02/05 - Added download mirror.
27/02/05 - Added startup scripts back into archive. Thanks to Brian for noticing!
02/05/05 - Released ClamAV 0.84
03/05/05 - Misconfigured clamd.conf stopped clamd from starting. Fixed.
18/05/05 - ClamAV 0.85
07/06/05 - ClamAV 0.85.1
02/07/05 - ClamAV 0.86.1
28/07/05 - ClamAV 0.86.2