Здравствуйте.
Установил связочку Squid + ClamAV.
*.conf'ы:1)squid.conf
#squid.conf
#----------ACL-----------------
acl all src 0/0
acl bad_url url_regex "/usr/local/squid/etc/URLS/bad_url"
http_access deny bad_url
deny_info http://www.forpost-tiraspol.by.ru/RUSS/pic.GIF bad_url
error_directory /usr/local/squid/etc/errors
acl xxx url_regex "/usr/local/squid/etc/URLS/xxx"
http_access deny xxx
deny_info error_xxx.html xxx
acl bad_urlpath urlpath_regex "/usr/local/squid/etc/URLS/bad_urlpath"
deny_info http://www.forpost-tiraspol.by.ru/RUSS/pic.gif bad_urlpath
acl forpost src 192.168.1.0/24
http_access allow forpost
http_access deny all
#---------------------------------
http_port 3128
visible_hostname forpost
cache_mgr forpost@forpost.com
#-------------Cache---------------
cache_mem 450 MB
cache_dir ufs /var/cache/squid 10240 16 256
maximum_object_size 2048 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 10 KB
#-----------------------------------
icap_enable on
icap_preview_enable on
icap_preview_size 128
icap_send_client_ip on
icap_service service_avi_req reqmod_precache 0 icap://192.168.1.34:1344/srv_clamav
icap_service service_avi respmod_precache 1 icap://192.168.1.34:1344/srv_clamav
icap_class class_antivirus service_avi service_avi_req
icap_access class_antivirus allow all
2)c-icap.conf
PidFile /var/run/c-icap.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
# set KeepAliveTimeout to -1 for no timeout
KeepAliveTimeout 600
StartServers 3
MaxServers 10
MinSpareThreads 10
MaxSpareThreads 20
ThreadsPerChild 10
MaxRequestsPerChild 0
Port 1344
User nobody
Group nobody
#ServerAdmin you@your.address # Not implemented yet
#ServerName localhost:1344 # Not implemented yet
TmpDir /var/tmp
MaxMemObject 131072
ServerLog /usr/local/c_icap/var/log/server.log
AccessLog /usr/local/c_icap/var/log/access.log
#DebugLevel 3
ModulesDir /usr/local/c_icap/lib/c_icap
Module logger sys_logger.so
Module perl_handler perl_handler.so
sys_logger.Prefix "C-ICAP:"
sys_logger.Facility local1
##Specify wich logger to use......
#Logger sys_logger
Logger file_logger
## AclControlers example. The default_acl is the buildin acl controller
## To load an extrernal access controller named my_acl.so use:
#Module access_controller my_acl.so
## This parameter needed to specify the order of used acl controllers
## If not specified access control will be disabled
#AclControllers default_acl
## An example of acl lists for default_acl controller.
## acl and icap_access are aliases for default_acl.acl and default_acl.icap_access
#acl localnet_options src 192.168.1.0/255.255.255.0 type options
#acl localnet_respmod src 192.168.1.0/255.255.255.0 type respmod
#acl localnet src 192.168.1.0/255.255.255.0
##Use the folllowing to demand use of username ......
##acl localnet src 192.168.1.0/255.255.255.0 user *
#acl externalnet src 0.0.0.0/0.0.0.0
#acl barbarian src 192.168.1.5
# Comment out the folowing two lines to log only the external net
#icap_access nolog localnet
#icap_access log externalnet
##An example for authentication methods ....
## To load an extarnal authentication method module named my_authmethod.so use:
#Module auth_method my_authmethod.so
##The following parameter needed to specify the order of authenticators for
##specific authentication method. file_basic is a buildin authenticator
##for buildin basic authentication method (Not implemented yet......) ......
#AuthMethod basic file_basic
ServicesDir /usr/local/c_icap/lib/c_icap
Service echo_module srv_echo.so
Service url_check_module srv_url_check.so
Service antivirus_module srv_clamav.so
# Antivirus module settings
# For allowed file types or groups of file types look at c-icap.magic
srv_clamav.ScanFileTypes TEXT DATA EXECUTABLE ARCHIVE GIF JPEG MSOFFICE
#The percentage of data to sent if the downloaded file exceeds the StartSendPercentDataAfter size
srv_clamav.SendPercentData 5
srv_clamav.StartSendPercentDataAfter 2M
acl localsquid_respmod src 127.0.0.1 type respmod
acl localsquid src 127.0.0.1
acl externalnet src 192.168.0.0/24
icap_access allow localsquid_respmod
icap_access allow localsquid
icap_access deny externalnet
##An example to specify access to server
#icap_access deny barbarian
#icap_access allow localnet_options
#icap_access allow localnet_respmod
#icap_access allow localnet
## http_auth mean that the icap server must try to authenticate the request
## using the http headers ....
#icap_access http_auth localnet
#icap_access deny externalnet
#Also you can specify which hosts to log or not.
##Comment out the following line to enable 204 responces outside previews for srv_clamav
## if your icap client support it. For squid let it off
#srv_clamav.Allow204Responces on
# The Maximum object to be scanned.
srv_clamav.MaxObjectSize 5M
#The directory which clamav library will use as temporary.
#srv_clamav.ClamAvTmpDir /var/tmp
#Sets the maximum number of files in archive.)i Set it to 0 to disable it
srv_clamav.ClamAvMaxFilesInArchive 0
#Sets the maximal archived file size. Set it to 0 to disable it.
srv_clamav.ClamAvMaxFileSizeInArchive 100M
#The maximal recursion level.Set it to 0 to disable it.
srv_clamav.ClamAvMaxRecLevel 5
# And here the viralator-like mode.
# where to save documents
srv_clamav.VirSaveDir /srv/www/htdocs/downloads/
# from where the documents can be retrieved (you can find the get_file.pl script in contrib dir)
srv_clamav.VirHTTPServer "http://fortune/cgi-bin/get_file.pl?usename=%f&remove=1&file="
# The refresh rate....
srv_clamav.VirUpdateTime 15
# For which filetypes the "virelator like mode" will be used.
srv_clamav.VirScanFileTypes ARCHIVE EXECUTABLE2007/04/08 15:20:55| parse_line: log_icp_queries on
3)c-icap.magic
# CURRENT GROUPS are :TEXT DATA EXECUTABLE ARCHIVE GRAPHICS STREAM DOCUMENT
#
#
0:MZ:MSEXE:DOS/W32 executable/library/driver:EXECUTABLE
0:LZ:DOSEXE:MS-DOS executable:EXECUTABLE
0:\177ELF:ELF:ELF unix executable:EXECUTABLE
0:\312\376\272\276:JavaClass:Compiled Java class:EXECUTABLE
#Archives
0:Rar!:RAR:Rar archive:ARCHIVE
0:PK\003\004:ZIP:Zip archive:ARCHIVE
0:PK00PK\003\004:ZIP:Zip archive:ARCHIVE
0:\037\213:GZip:Gzip compressed file:ARCHIVE
0:BZh:BZip:BZip compressed file:ARCHIVE
0:SZDD:Compress.exe:MS Copmress.exe'd compressed data:ARCHIVE
0:\037\235:Compress:UNIX compress:ARCHIVE
0:MSCF:MSCAB:Microsoft cabinet file:ARCHIVE
257:ustar:TAR:Tar archive file:ARCHIVE
0:\355\253\356\333:RPM:Linux RPM file:ARCHIVE
#Other type of Archives
0:ITSF:MSCHM:MS Windows Html Help:ARCHIVE
# Graphics
0:GIF8:GIF:GIF image data:GRAPHICS
0:BM:BMP:BMP image data:GRAPHICS
0:\377\330:JPEG:JPEG image data:GRAPHICS
0:\211PNG:PNG:PNG image data:GRAPHICS
0:\000\000\001\000:ICO:MS Windows icon resource:GRAPHICS
0:FWS:SWF:Shockwave Flash data:GRAPHICS
0:CWS:SWF:Shockwave Flash data:GRAPHICS
#STREAM
0:\000\000\001\263:MPEG:MPEG video stream:STREAM
0:\000\000\001\272:MPEG::STREAM
0:RIFF:RIFF:RIFF video/audio stream:STREAM
0:OggS:OGG:Ogg Stream:STREAM
0:ID3:MP3:MP3 audio stream:STREAM
0:\377\373\220:MP3:MP3 audio stream:STREAM
0:\060\046\262\165\216\146\317:ASF:WMA/WMV/ASF:STREAM
0:.RMF:RMF:Real Media File:STREAM
#Documents
0:\320\317\021\340\241\261\032\341:MSOFFICE:MS Office Document:DOCUMENT
0:\208\207\017\224\161\177\026\225\000:MSOFFICE::DOCUMENT
4:Standard Jet DB:MSOFFICE:MS Access Database:DOCUMENT
0:%PDF-:PDF:PDF document:DOCUMENT
0:%!:PS:PostScript document:DOCUMENT
Вопрос: Файл с вирусом virus.com не качает, virus.com.txt не качает =)...
Файлы virus.zip u virus2.zip качaется =(
P.S.
Точные названия файлов не помню, но расширения точно помню ))
Странички с вирусами была взята из статьи с opennet'a =)