自拍偷在线精品自拍偷,亚洲欧美中文日韩v在线观看不卡

squid2.6stable12+clamav+havp搭建防毒代理

作者:深夜的蚊子
安全 網(wǎng)站安全
本文詳細(xì)介紹了squid2.6stable12+clamav+havp搭建防毒代理。

本文詳細(xì)介紹了squid2.6stable12+clamav+havp搭建防毒代理。

squid 2.6stable12 的安裝

useradd squid

./configure --prefix=/opt/squid 
--enable-async-io=40 
--enable-storeio="aufs,coss,diskd,ufs" 
--enable-useragent-log 
--enable-referer-log 
--enable-kill-parent-hack 
--enable-forward-log 
--enable-snmp 
--enable-cache-digests 
--enable-default-err-language=Simplify_Chinese 
--enable-poll --enable-removal-policies="heap,lru" 
--enable-large-cache-files 
--disable-internal-dns 
--enable-x-accelerator-vary 
--enable-follow-x-forwarded-for 
--with-large-files --disable-ident-lookups 
--enable-underscore 
--disable-arp-acl 
--with-maxfd=65500

make && make install

cd /opt/squid
mkdir cache1 cache1
chown -R squid.squid cache1 cache2 var

squid.conf的內(nèi)容

http_port 3128
cache_mem 100 MB
cache_swap_low 75
cache_swap_high 98
emulate_httpd_log on
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %
access_log /opt/web-squid/var/logs/access.log combined
redirect_rewrites_host_header off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow all
cache_effective_user squid
cache_effective_group squid
cache_replacement_policy lru
cache_dir aufs /opt/web-squid/cache1 50 32 64
cache_dir aufs /opt/web-squid/cache2 50 32 64
cache_log /opt/web-squid/var/logs/cache.log
cache_store_log none
cache_swap_log /opt/web-squid/var/logs/swap.log
log_ip_on_direct on
pid_filename /opt/web-squid/var/logs/squid.pid
visible_hostname testwebsquid
logfile_rotate 5

安裝 Clam AntiVirus

首先從http://www.clamav.net/下載clamav0.90包

useradd clamav
./configure
make
make install

注:安裝過(guò)程中有可能會(huì)出現(xiàn)zlib版本不夠的情況,請(qǐng)去http://www.zlib.net/下載最新的zlib進(jìn)行安裝

安裝過(guò)程:

./configure
make
make install

安裝 HAVP

http://www.server-side.de/download.htm下載havp 0.86的包

useradd havp
./configure
make
make install
chown -R havp.havp /var/log/havp /var/tmp/havp /var/run/havp
vi /usr/local/etc/havp/havp.config

### 注釋以下這行

#REMOVETHISLINE deleteme

### ClamAV Library Scanner (libclamav) → 由 HAVP 直接取用 ClamAV 的病毒資料庫(kù)

ENABLECLAMLIB true
CLAMDBDIR /var/lib/clamav

### ClamAV Socket Scanner (clamd) → 交由 clamd 掃毒 (須先啟動(dòng) clamd), 以上兩者擇一使用即可,我使用的上面那種模式)

 

ENABLECLAMD true
CLAMDSOCKET /tmp/clamd

其他效能相關(guān)的設(shè)定:

### 理論上越多的執(zhí)行緒效能效能越好, 但仍需視伺服器資源而定

SERVERNUMBER 40
MAXSERVERS 200

### 只記錄 error log. 較少的 Log 記錄可減輕伺服器負(fù)擔(dān)

LOGLEVEL 0

### 不對(duì)圖片檔掃毒, 可減輕 CPU 負(fù)擔(dān)

SCANIMAGES false

### 這個(gè)是havp的監(jiān)聽(tīng)端口,默認(rèn)是8080,因?yàn)?080是tomcat的默認(rèn)端口,所以我改成3129了,

PORT=3129

掛載獨(dú)立磁盤區(qū) /var/tmp/havp (一定要加上 -o mand 參數(shù))

mount -o mand /dev/hda3 /var/tmp/havp

如果沒(méi)有多餘的 device 可以掛載, 可參考以下兩種方法:

a. 用記憶體建立虛擬磁碟

mkfs -t ext2 /dev/ram0 8192 (建立 8MB RAM Disk)
mount -o mand /dev/ram0 /var/tmp/havp

b. 使用硬碟空間建立虛擬磁碟

dd if=/dev/zero of=/root/havp_tmp.img bs=128K count=1 seek=1024 (建立 128MB Virtual Disk)
mkfs.ext2 /root/havp_tmp.img
mount -o loop,mand /root/havp_tmp.img /var/tmp/havp

ps. HAVP 可掃描的檔案大小將受限于這里所掛載的磁盤空間

更新 shared libraries 資料庫(kù) (for ClamAV)

vi /etc/ld.so.conf --> 加入: /usr/local/lib
ldconfig

啟動(dòng) HAVP

/usr/local/sbin/havp &
squid和havp的捆綁

squid和havp的捆綁

編輯squid.conf文件

加入如下兩行

cache_peer 127.0.0.1 parent 3129 0 no-query no-digest no-netdb-exchange default
cache_peer_access 127.0.0.1 allow all

到目前位置squid+clamav+havp就已經(jīng)配置完成了

使用squid做代理然后去http://www.eicar.org/anti_virus_test_file.htm這個(gè)網(wǎng)站進(jìn)行測(cè)試吧

HAVP 會(huì)直接使用 ClamAV 的 Library, 所以 ClamAV 的服務(wù)是不需要啟動(dòng)的.

您只要使用 ClamAV 的 freshclam 來(lái)更新 ClamAV 的病毒碼就行了,

方法如下:

1. 以 crontab 排程: 0 0 * * * /usr/local/bin/freshclam --verbose(每天午夜更新病毒碼)

Clamav升級(jí)配置文件

vi /usr/local/clamav/etc/freshclam.conf
##
## Example config file for freshclam
## Please read the clamav.conf(5) manual before editing this file.
## This file may be optionally merged with clamav.conf.
##
# You can change the default database directory here.
#DatabaseDirectory /var/lib/clamav
# Path to the log file (make sure it has proper permissions)
UpdateLogFile /var/log/freshclam.log
# Enable verbose logging.
LogVerbose
# Use system logger (can work together with UpdateLogFile).
LogSyslog
# By default when freshclam is started by root it drops privileges and
# switches to the "clamav" user. You can change this behaviour here.
#DatabaseOwner clamav
# The main database mirror is database.clamav.net (this is a round-robin
# DNS that points to many mirrors on the world) and in most cases you
# SHOULD NOT change it.
DatabaseMirror database.clamav.net
# How many attempts to make before giving up.
MaxAttempts 3
# How often check for a new database. We suggest checking for it every
# two hours.
Checks 12
# Proxy settings
#HTTPProxyServer myproxy.com
#HTTPProxyPort 1234
#HTTPProxyUsername myusername
#HTTPProxyPassword mypass
# Send the RELOAD command to clamd.
#NotifyClamd [/optional/config/file/path]
# Run command after database update.
#OnUpdateExecute command
# Run command if database update failed.
#OnErrorExecute command

【編輯推薦】

  1. 防病毒專區(qū)- 安全頻道
  2. 清除Linux系統(tǒng)上的蠕蟲程序Ramen
責(zé)任編輯:許鳳麗 來(lái)源: 蚊子世界
Linux安全病毒防治
相關(guān)推薦

2019-06-18 08:27:37

Squid代理服務(wù)器IP代理池

2009-11-30 13:26:25

Suse代理SQUID

2011-03-15 15:47:25

Squidiptables

2014-11-07 17:29:04

2014-07-24 10:17:25

CentOSSquid

2012-04-27 15:01:28

虛擬化安全無(wú)代理防毒

2012-06-25 21:41:17

2012-04-02 14:25:12

squid緩存

2017-03-31 14:23:20

2010-10-25 09:23:51

2012-09-18 09:55:28

2010-03-12 13:32:02

python2.6

2012-02-07 09:56:06

無(wú)代理防毒產(chǎn)品

2010-12-21 18:12:58

2012-04-05 14:05:39

2020-08-02 15:00:40

SquidSSH系統(tǒng)運(yùn)維

2011-02-21 09:24:05

2014-04-10 17:13:07

2009-12-03 18:07:48

Squid代理服務(wù)器

2011-03-16 11:20:26

點(diǎn)贊
收藏

51CTO技術(shù)棧公眾號(hào)