Calculate Forum

Configuring Squid, SquidGuard, SquidClamAV binded with LDAP Auth

Installing/Configuring Squid Proxy service in the system

copy.png

Support for proxy service came in a package calculate-server 2.0.13. The server is the most common proxy server Squid.
Before installing, make sure you have the system installed service ldap, if it has not been installed, run the installation command:

cl-setup ldap

Then we can set up Proxy as below:

cl-setup proxy

In this case, the service will be installed with default settings: host name proxy service - the hostname of the machine, a port for connection - 8080
cl-setup -a proxy

When installing the service will be established basic groups:

  • Http - port 80 available
  • Ftp - is available on port 21
  • Https - port 443 available
  • Gopher - available port 70
  • Wais - available port 210
  • Unregistered - the range of available ports 1025-65535
  • Http-mgmt - available port 280
  • Gss-http - port 488 available
  • Filemaker - available port 591
  • Multiling - available port 777
  • Swat - available port 901

Account Management

  • Add Account

Adding a user account proxy service provided by the command cl-useradd

# Add the user ivan with full name in the comments

cl-useradd -p -c "Jennifer Mendez" E001 proxy

Change Password

Change account password shall command cl-passwd, example:

cl-passwd E001 proxy

Remove / Disable Account

#Deleting account shall command cl-userdel, an example

cl-userdel E001 proxy

Locking the account team is cl-usermod -L, an example

cl-usermod -L E001 proxy

Unlock the account is listed by cl-usermod -U, an example

cl-usermod-U E001 proxy

Groups

Group - a set of accounts for the application of the rules of access. The group is setting determines the range of network ports. The user is allowed access to a resource only if access to the port on which the access, is described by one of the groups user.

Managing groups

Create Group

Creating a group proxy service provided by the command cl-groupadd, an example of a group of “adsl”:

cl-groupadd-p 80,83,2000-3000 adsl proxy

Members added to this group will have access to a network port 80 and 83, as well as to the range of network ports 2000-3000, which can run certain services. Conditionally, we called him “adsl”.

Deleting group

Remove group from the service can command cl-groupdel, example:

cl-groupdel adsl proxy

Renaming groups

Rename an existing group services can command cl-groupmod, an example of changing the group name “adsl” for “adsl2”:

cl-groupmod-n adsl2 adsl proxy

Changing the composition of the group

Change the description of groups can be set with command cl-groupmod and cl-usermod. Examples:

Jennifer added as user to group ‘http’ (open the user access to sites)

cl-usermod-G http E001 proxy

Where E001 is the employee ID for Jennifer

Remove user from group Jennifer ‘http’ (close access to sites)

cl-groupmod-d E001 http proxy

Add users E001 and guest in the group http

cl-groupmod-a E001, guest http proxy

In order to give the user access to ftp, it must have access to port 21 and port of proxy server (default 8080).

 # Writing a guest user access to the ftp 
cl-usermod-G ftp, unregistered guest proxy 

Setting up SquidGuard

emerge squidguard

(It will make /etc/squidGuard/squidGuard.conf)
Next we have to download the list of Black list that needs to be integrated with Squidguard

Installing the blacklists

Copy your blacklists into the desired blacklist directory (default: /etc/squidGuard/db/) and unpack them. In the table below we assume that the default location is used. Make sure that you have the proper permissions to write to that directory.

cp /path/to/your/blacklist.tar.gz /etc/squidGuard/db/
cd /etc/squidguard/db
gzip -d blacklist.tar.gz
tar xfv blacklist.tar

Now the blacklists should be ready to use.

Once SquidGuard is successfully installed, you want to configure the software according to your needs. A sample configuration has been installed in the default directory /etc/squidGuard/sample (or whatever directory you pointed your installation to).

This file is stored in /etc/squidGuard/squidGuard.conf

logdir /var/log/squidGuard
dbhome /etc/squidGuard/db/BL

dest porn {
        domainlist porn/domains
        urllist     porn/urls
        log blocks.log
        }

dest adv {
        domainlist adv/domains
        urllist    adv/urls     
        log blocks.log
}

dest aggressive {
        domainlist aggressive/domains
        urllist    aggressive/urls
}

dest alcohol {
        domainlist alcohol/domains
        urllist    alcohol/urls
}
.
.
.
.
.
........



dest whitelist {
        domainlist whitelist/domains
        urllist    whitelist/urls
}


acl {
        default {

         pass whitelist  !porn !adv !aggressive !alcohol all

                 redirect http://10.8.192.60/index.html
        }
}

Sometimes there is a demand to allow specific URLs and domains although they are part of the blocklists for a good reason. In this case you want to whitelist these domains and URLs.

Initializing the blacklists

Before we start up your squidGuard you should initialize the blacklists i.e. convert them from the textfiles to db files. Using the db format will speed up the checking and blocking.

The initialization is performed by the following command:

Initializing the b lacklists

squidGuard -C all
chown -R squid:squid  /etc/squidGuard/db

Check the logs to make sure all dests are coverted to .db properly

If we look into the directories holding the files domains and urls you see that additional files have been created: domains.db and urls.db. These new files must not be empty!
Only those files are converted you specified to block or whitelist in your squidGuard.conf file.

Verification of Squidguard Configurations

Dry Run

echo “http://qwaxx.com/adserver/ -- GET “ |  squidGuard -c /etc/squidGuard/squidGuard.conf -d

Out put should show the redirection to a URL mentioned in acl { }

Finalizing the installation

Add these lines to /etc/squid/squid.conf

url_rewrite_program /usr/bin/squidGuard
url_rewrite_children 20

Setting up Antivirus and Squid http proxy+Antivirus filter

For Local system AV
Setup

emerge app-antivirus/clamav 
sudo rc-update add clamd boot && rc

squidclamv setup(squidclamav is antivirus for http traffic)

cl-unmask =net-proxy/squidclamav-4.0
emerge squidclamav

Then add the following lines to squid.conf

To enable squidclam, add the following lines to /etc/squid/squid.conf:

url_rewrite_program /usr/sbin/squidclamav
url_rewrite_children 15
url_rewrite_access deny localhost # prevent loops
url_rewrite_access deny SSL_ports # SSL URLs cannot be scanned

And comment these two lines since now first the traffic will be filtered by squidclamav

url_rewrite_program /usr/bin/squidGuard
url_rewrite_children 20

Attached is all files for your reference which one can use to shape and design as per your Organization needs, Cheers!!

/etc/squid/Squid.conf file of CDS

#------------------------------------------------------------------------------
 # Modified Calculate-server 2.1.6
 # File of a profile "profile/proxy"
#------------------------------------------------------------------------------
#url_rewrite_program /usr/bin/squidGuard
#url_rewrite_children 20
#url_rewrite_program /usr/sbin/squidclamav
#url_rewrite_children 20
#url_rewrite_access deny localhost # prevent loops
#url_rewrite_access deny SSL_ports # SSL URLs cannot be scanned

auth_param basic program /usr/libexec/squid/squid_ldap_auth -b "ou=Users,ou=Proxy,ou=Services,dc=calculate" -f "(&(uid=%s)(initials=Yes))" -D "ou=Proxy,ou=Services,dc=calculate" -W /etc/squid/squid.ldap -h localhost
auth_param basic credentialsttl 5 minute
external_acl_type ldap_users ttl=300 %LOGIN %PORT /usr/lib/calculate/calculate-server/bin/proxy -s "ou=Proxy,ou=Services,dc=calculate" -b "dc=calculate" -P /etc/squid/squid.ldap
acl manager proto cache_object
acl ldapauth proxy_auth REQUIRED 
acl localhost src 127.0.0.1/32
acl localnet src 10.8.0.0/16
acl SSL_ports port 443
acl access_port external ldap_users
acl purge method PURGE
acl CONNECT method CONNECT
url_rewrite_program /usr/sbin/squidclamav
url_rewrite_children 20
url_rewrite_access deny localhost
url_rewrite_access deny SSL_ports
http_access allow manager localhost
http_access deny manager
http_access allow localhost
http_access allow ldapauth
http_access allow purge localhost
http_access deny purge
#http_access allow localhost
http_access deny !access_port
http_access deny CONNECT !SSL_ports
http_access allow localnet
#http_access allow localhost
http_access deny all
icp_access allow localnet
icp_access deny all
htcp_access allow localnet
htcp_access deny all
http_port 8080 
#url_rewrite_program /usr/sbin/squidclamav
#url_rewrite_children 20
#url_rewrite_access deny localhost 
#url_rewrite_access deny SSL_ports 
#url_rewrite_program /usr/bin/squidGuard -c /etc/squidGuard/squidGuard.conf
#url_rewrite_children 10

hierarchy_stoplist cgi-bin ?
logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %ul %ui %Sh/%<A %mt %et
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern (cgi-bin|\?)    0       0%      0
refresh_pattern .               0       20%     4320
icp_port 3130
forwarded_for off
coredump_dir /var/cache/squid

/etc/squidclamav.conf

 # squidclamav.conf.dist
#
#squidGuard /usr/local/bin/squidGuard
 # Lines have the form:
#
 #       regex|regexi pattern
#
 #       abort|aborti pattern
#
 #       content|contenti pattern
#
 #       abortcontent|abortcontenti pattern
#
 #       redirect cgi_redirect_url
# 
 #       logfile /path/to/log_file
# 
 #       proxy none
# 
 #       squid_ip 127.0.0.1
#
 #       squid_port 3128
#
 #       debug 0|1
# 
 #       force 0|1
#
 #       timeout secondes
#
 #       clamd_ip 127.0.0.1
#
 #       clamd_port 3310
#
 #       clamd_local /tmp/clamd
#
 #       stat 0|1
#
 #       maxredir 10
#
 #       squidguard /usr/local/squidGuard/bin/squidGuard
#
 #       whitelist this.trustdomain.com
 #       whitelist .*\.domain\.*
#
 #       useragent String_to_modify_curl_user_agent
#
 #       trust_cache 0|1
#
 # Note that the ordering of regex|abort|content|abortcontent|whitelist lines
 # in this file is critical. Some pattern can not be reached if a previous
 # pattern match.
#
#
 # Examples of valid lines:
#
squid_ip 127.0.0.1
squid_port 8080
logfile /var/log/squidclamav/access.log
redirect http://10.8.192.60/index.html
squidguard /usr/bin/squidGuard
debug 1
force 1
stat 1*/etc/clamd.conf*
#maxredir 10
clamd_local /var/run/clamav/clamd.sock
#clamd_ip 127.0.0.1
#clamd_port 3310
timeout 60
#useragent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
trust_cache 0
#
#abort ^.*\.pdf$
#abort ^.*\.js$
#abort ^.*\.html$
#abort ^.*\.css$
#abort ^.*\.xml$
#abort ^.*\.xsl$
#abort ^.*\.js$
#abort ^.*\.html$
#abort ^.*\.css$
#abort ^.*\.xml$
#abort ^.*\.xsl$
#abort ^.*\.js$
#abort ^.*\.jsp$
#abort ^.*\.jsp\?.*$
#aborti ^.*servlet.*$
#abort ^.*\.ico$
#aborti ^.*\.gif$
#aborti ^.*\.png$
#aborti ^.*\.jpg$
#aborti ^.*\.swf$
#abortcontenti ^.*application\/x-mms-framed.*$
#abortcontenti ^.*application\/x-javascript.*$
#content ^.*application\/.*$
#whitelist www.eicar.org

 # Scan all files
content ^.*\/.*$

/etc/samba/smb.conf

#------------------------------------------------------------------------------
 # Modified Calculate-server 2.1.6
 # File of a profile "profile/samba"
#------------------------------------------------------------------------------

[global]
        workgroup = Calculate
        netbios name = calculate-cds
        server string = Calculate Directory Server
        directory mask = 0755
        directory security mask = 0755
        force directory security mode = 0755
        security mask = 0644
        force security mode = 0644
        create mask = 0644
        enable privileges = yes
        passdb backend = ldapsam:ldap://127.0.0.1/
        ldap admin dn = ou=Samba,ou=Services,dc=calculate
        ldap suffix = ou=Samba,ou=Services,dc=calculate
        ldap group suffix = ou=Groups
        ldap user suffix = ou=Users
        ldap machine suffix = ou=Computers
        ldap ssl = off
        add machine script = /usr/bin/cl-useradd -w "%u" samba
        add user script = /usr/bin/cl-useradd "%u" samba
        ldap delete dn = Yes
        dos charset = 866
        unix charset = UTF-8
        display charset = UTF-8
        local master = yes
        domain master = yes
        preferred master = yes
        os level = 199
        log level = 6
        admin users = admin
        domain logons = yes
        logon script = start.cmd
        logon path = \\%L\profiles\%U
        logon home = \\%L\%U
        logon drive = H:
        hosts allow = 10.8.0.0/8 127.
        hosts deny = 0.0.0.0/0
        map to guest = bad user
        security = user
        encrypt passwords = yes
        unix password sync = yes
        null passwords = no
        hide unreadable = yes
        hide dot files = yes
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        wins support = yes
        dns proxy = no
        time server = yes

[homes]
        path = /var/calculate/server-data/samba/home/%u
        comment = Home Directories
        valid users = %U
        read only = No
        browseable = No

[profiles]
        path = /var/calculate/server-data/samba/profiles/win
        create mask = 0600
        directory mask = 0700
        browseable = No
        guest ok = Yes
        csc policy = disable
        writable = yes
        force user = %U
        valid users = %U

[unix]
        path = /var/calculate/server-data/samba/profiles/unix/%u
        browseable = No
        writable = yes
        directory mask = 0777
        directory security mask = 0777
        force directory security mode = 0
        create mask = 0777
        security mask = 0777
        force security mode = 0
        force user = %U
        valid users = %U
        hide unreadable = no

[netlogon]
        path = /var/calculate/server-data/samba/netlogon/%u
        browseable = No
        read only = yes

[share]
        path = /var/calculate/server-data/samba/share
        comment = Share Files
        browseable = yes
        writable = yes
        hide unreadable = yes

[remote]
        path = /var/calculate/remote
        comment = Client Files
        browseable = No
        writable = yes
        hide unreadable = yes

/etc/clamsmtpd.conf

 # -------------------------------------------------------------------------------------------
 #                    SAMPLE CLAMSMTPD CONFIG FILE
 # --------------------------------------------------
# 
 # - Comments are a line that starts with a #
 # - All the options are found below with sample settings


 # The address to send scanned mail to. 
 # This option is required unless TransparentProxy is enabled
OutAddress: 10026



 # The maximum number of connection allowed at once.
 # Be sure that clamd can also handle this many connections
#MaxConnections: 64

 # Amount of time (in seconds) to wait on network IO
#TimeOut: 180

 # Keep Alives (ie: NOOP's to server)
#KeepAlives: 0

 # Send XCLIENT commands to receiving server
#XClient: off

 # Address to listen on (defaults to all local addresses on port 10025)
#Listen: 0.0.0.0:10025

 # The address clamd is listening on
ClamAddress: /var/run/clamav/clamd.sock

 # A header to add to all scanned email
#Header: X-Virus-Scanned: ClamAV using ClamSMTP

 # Directory for temporary files
#TempDirectory: /tmp

 # What to do when we see a virus (use 'bounce' or 'pass' or 'drop'
#Action: drop 

 # Whether or not to keep virus files 
#Quarantine: off

 # Enable transparent proxy support 
#TransparentProxy: off

 # User to switch to
User: clamav

 # Virus actions: There's an option to run a script every time a virus is found. 
 # !IMPORTANT! This can open a hole in your server's security big enough to drive
 # farm vehicles through. Be sure you know what you're doing. !IMPORTANT!
#VirusAction: /path/to/some/script.sh

/etc/clamd.conf

##
## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##


 # Comment or remove the line below.
 # Example

 # Uncomment this option to enable logging.
 # LogFile must be writable for the user running daemon.
 # A full path is required.
 # Default: disabled
LogFile /var/log/clamav/clamd.log

 # By default the log file is locked for writing - the lock protects against
 # running clamd multiple times (if want to run another clamd, please
 # copy the configuration file, change the LogFile variable, and run
 # the daemon with --config-file option).
 # This option disables log file locking.
 # Default: no
#LogFileUnlock yes

 # Maximum size of the log file.
 # Value of 0 disables the limit.
 # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
 # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
 # in bytes just don't use modifiers.
 # Default: 1M
#LogFileMaxSize 2M

 # Log time with each message.
 # Default: no
LogTime yes

 # Also log clean files. Useful in debugging but drastically increases the
 # log size.
 # Default: no
#LogClean yes

 # Use system logger (can work together with LogFile).
 # Default: no
#LogSyslog yes

 # Specify the type of syslog messages - please refer to 'man syslog'
 # for facility names.
 # Default: LOG_LOCAL6
#LogFacility LOG_MAIL

 # Enable verbose logging.
 # Default: no
#LogVerbose yes

 # This option allows you to save a process identifier of the listening
 # daemon (main thread).
 # Default: disabled
PidFile /var/run/clamav/clamd.pid

 # Optional path to the global temporary directory.
 # Default: system specific (usually /tmp or /var/tmp).
#TemporaryDirectory /var/tmp

 # Path to the database directory.
 # Default: hardcoded (depends on installation options)
#DatabaseDirectory /var/lib/clamav

 # The daemon can work in local mode, network mode or both. 
 # Due to security reasons we recommend the local mode.

 # Path to a local socket file the daemon will listen on.
 # Default: disabled (must be specified by a user)
LocalSocket /var/run/clamav/clamd.sock

 # Remove stale socket after unclean shutdown.
 # Default: yes
#FixStaleSocket yes

 # TCP port address.
 # Default: no
#TCPSocket 3310

 # TCP address.
 # By default we bind to INADDR_ANY, probably not wise.
 # Enable the following to provide some degree of protection
 # from the outside world.
 # Default: no
#TCPAddr 127.0.0.1

 # Maximum length the queue of pending connections may grow to.
 # Default: 15
#MaxConnectionQueueLength 30

 # Clamd uses FTP-like protocol to receive data from remote clients.
 # If you are using clamav-milter to balance load between remote clamd daemons
 # on firewall servers you may need to tune the options below.

 # Close the connection when the data size limit is exceeded.
 # The value should match your MTA's limit for a maximum attachment size.
 # Default: 25M
#StreamMaxLength 10M

 # Limit port range.
 # Default: 1024
#StreamMinPort 30000
 # Default: 2048
#StreamMaxPort 32000

 # Maximum number of threads running at the same time.
 # Default: 10
#MaxThreads 20

 # Waiting for data from a client socket will timeout after this time (seconds).
 # Value of 0 disables the timeout.
 # Default: 120
#ReadTimeout 300

 # This option specifies the time (in seconds) after which clamd should
 # timeout if a client doesn't provide any initial command after connecting.
 # Default: 5
#CommandReadTimeout 5

 # This option specifies how long to wait (in miliseconds) if the send buffer is full.
 # Keep this value low to prevent clamd hanging
#
 # Default: 500
#SendBufTimeout 200

 # Maximum number of queued items (including those being processed by MaxThreads threads)
 # It is recommended to have this value at least twice MaxThreads if possible.
 # WARNING: you shouldn't increase this too much to avoid running out  of file descriptors,
 # the following condition should hold:
 # MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024)
#
 # Default: 100
#MaxQueue 200

 # Waiting for a new job will timeout after this time (seconds).
 # Default: 30
#IdleTimeout 60

 # Don't scan files and directories matching regex
 # This directive can be used multiple times
 # Default: scan all
#ExcludePath ^/proc/
#ExcludePath ^/sys/

 # Maximum depth directories are scanned at.
 # Default: 15
#MaxDirectoryRecursion 20

 # Follow directory symlinks.
 # Default: no
#FollowDirectorySymlinks yes

 # Follow regular file symlinks.
 # Default: no
#FollowFileSymlinks yes

 # Perform a database check.
 # Default: 600 (10 min)
#SelfCheck 600

 # Execute a command when virus is found. In the command string %v will
 # be replaced with the virus name.
 # Default: no
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"

 # Run as another user (clamd must be started by root for this option to work)
 # Default: don't drop privileges
User clamav

 # Initialize supplementary group access (clamd must be started by root).
 # Default: no
AllowSupplementaryGroups yes

 # Stop daemon when libclamav reports out of memory condition.
#ExitOnOOM yes

 # Don't fork into background.
 # Default: no
#Foreground yes

 # Enable debug messages in libclamav.
 # Default: no
#Debug yes

 # Do not remove temporary files (for debug purposes).
 # Default: no
#LeaveTemporaryFiles yes

 # Detect Possibly Unwanted Applications.
 # Default: no
#DetectPUA yes

 # Exclude a specific PUA category. This directive can be used multiple times.
 # See http://www.clamav.net/support/pua for the complete list of PUA
 # categories.
 # Default: Load all categories (if DetectPUA is activated)
#ExcludePUA NetTool
#ExcludePUA PWTool

 # Only include a specific PUA category. This directive can be used multiple
 # times.
 # Default: Load all categories (if DetectPUA is activated)
#IncludePUA Spy
#IncludePUA Scanner
#IncludePUA RAT

 # In some cases (eg. complex malware, exploits in graphic files, and others),
 # ClamAV uses special algorithms to provide accurate detection. This option
 # controls the algorithmic detection.
 # Default: yes
#AlgorithmicDetection yes


##
## Executable files
##

 # PE stands for Portable Executable - it's an executable file format used
 # in all 32 and 64-bit versions of Windows operating systems. This option allows
 # ClamAV to perform a deeper analysis of executable files and it's also
 # required for decompression of popular executable packers such as UPX, FSG,
 # and Petite.
 # Default: yes
#ScanPE yes

 # Executable and Linking Format is a standard format for UN*X executables.
 # This option allows you to control the scanning of ELF files.
 # Default: yes
#ScanELF yes

 # With this option clamav will try to detect broken executables (both PE and
 # ELF) and mark them as Broken.Executable.
 # Default: no
#DetectBrokenExecutables yes


##
## Documents
##

 # This option enables scanning of OLE2 files, such as Microsoft Office
 # documents and .msi files.
 # Default: yes
#ScanOLE2 yes

 # This option enables scanning within PDF files.
 # Default: yes
#ScanPDF yes


##
## Mail files
##

 # Enable internal e-mail scanner.
 # Default: yes
#ScanMail yes

 # If an email contains URLs ClamAV can download and scan them.
 # WARNING: This option may open your system to a DoS attack.
 #          Never use it on loaded servers.
 # Default: no
#MailFollowURLs no

 # Scan RFC1341 messages split over many emails.
 # You will need to periodically clean up $TemporaryDirectory/clamav-partial directory.
 # WARNING: This option may open your system to a DoS attack.
 #          Never use it on loaded servers.
 # Default: no
#ScanPartialMessages yes


 # With this option enabled ClamAV will try to detect phishing attempts by using
 # signatures.
 # Default: yes
#PhishingSignatures yes

 # Scan URLs found in mails for phishing attempts using heuristics.
 # Default: yes
#PhishingScanURLs yes

 # Always block SSL mismatches in URLs, even if the URL isn't in the database.
 # This can lead to false positives.
#
 # Default: no
#PhishingAlwaysBlockSSLMismatch no

 # Always block cloaked URLs, even if URL isn't in database.
 # This can lead to false positives.
#
 # Default: no
#PhishingAlwaysBlockCloak no

 # Allow heuristic match to take precedence.
 # When enabled, if a heuristic scan (such as phishingScan) detects
 # a possible virus/phish it will stop scan immediately. Recommended, saves CPU
 # scan-time.
 # When disabled, virus/phish detected by heuristic scans will be reported only at
 # the end of a scan. If an archive contains both a heuristically detected
 # virus/phish, and a real malware, the real malware will be reported
#
 # Keep this disabled if you intend to handle "*.Heuristics.*" viruses 
 # differently from "real" malware.
 # If a non-heuristically-detected virus (signature-based) is found first, 
 # the scan is interrupted immediately, regardless of this config option.
#
 # Default: no
#HeuristicScanPrecedence yes

##
## Data Loss Prevention (DLP)
##

 # Enable the DLP module
 # Default: No
#StructuredDataDetection yes

 # This option sets the lowest number of Credit Card numbers found in a file
 # to generate a detect.
 # Default: 3
#StructuredMinCreditCardCount 5

 # This option sets the lowest number of Social Security Numbers found
 # in a file to generate a detect.
 # Default: 3
#StructuredMinSSNCount 5

 # With this option enabled the DLP module will search for valid
 # SSNs formatted as xxx-yy-zzzz
 # Default: yes
#StructuredSSNFormatNormal yes

 # With this option enabled the DLP module will search for valid
 # SSNs formatted as xxxyyzzzz
 # Default: no
#StructuredSSNFormatStripped yes


##
## HTML
##

 # Perform HTML normalisation and decryption of MS Script Encoder code.
 # Default: yes
#ScanHTML yes


##
## Archives
##

 # ClamAV can scan within archives and compressed files.
 # Default: yes
#ScanArchive yes

 # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
 # Default: no
#ArchiveBlockEncrypted no


##
## Limits
##

 # The options below protect your system against Denial of Service attacks
 # using archive bombs.

 # This option sets the maximum amount of data to be scanned for each input file.
 # Archives and other containers are recursively extracted and scanned up to this
 # value.
 # Value of 0 disables the limit
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 100M
#MaxScanSize 150M

 # Files larger than this limit won't be scanned. Affects the input file itself
 # as well as files contained inside it (when the input file is an archive, a
 # document or some other kind of container).
 # Value of 0 disables the limit.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 25M
#MaxFileSize 30M

 # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
 # file, all files within it will also be scanned. This options specifies how
 # deeply the process should be continued.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Value of 0 disables the limit.
 # Default: 16
#MaxRecursion 10

 # Number of files to be scanned within an archive, a document, or any other
 # container file.
 # Value of 0 disables the limit.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 10000
#MaxFiles 15000


##
## Clamuko settings
## WARNING: This is experimental software. It is very likely it will hang
##          up your system!!!
##

 # Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
 # Default: no
#ClamukoScanOnAccess yes

 # Set access mask for Clamuko.
 # Default: no
#ClamukoScanOnOpen yes
#ClamukoScanOnClose yes
#ClamukoScanOnExec yes

 # Set the include paths (all files inside them will be scanned). You can have
 # multiple ClamukoIncludePath directives but each directory must be added
 # in a seperate line.
 # Default: disabled
#ClamukoIncludePath /home
#ClamukoIncludePath /students

 # Set the exclude paths. All subdirectories are also excluded.
 # Default: disabled
#ClamukoExcludePath /home/bofh

 # Don't scan files larger than ClamukoMaxFileSize
 # Value of 0 disables the limit.
 # Default: 5M
#ClamukoMaxFileSize 10M

All these six files recide on Server (CDS)
# /etc/squidGuard/squidGuard.conf
# /etc/squid/Squid.conf
# /etc/squidclamav.conf
# /etc/clamsmtpd.conf
# /etc/clamd.conf
# /etc/samba/smb.conf

© 2007-2020 Calculate Ltd.
Mastodon Mastodon