# # To enable virus_scan service in c-icap, copy this file in c-icap # configuration directory and add the following line at the end of # c-icap.conf file: # Include virus_scan.conf # # Module: virus_scan # Description: # This is an antivirus services for the c-icap ICAP server # This module add the following log formating codes for use with # the LogFormat configuration parameter: # %{virus_scan:virus}Sa Prints the virus name or "-". # %{virus_scan:action}Sa Prints "passed" if the object scanned and no # virus found, "blocked" if a virus found and # object blocked, and "partiallyblocked" if a # virus found but some of the data transmitted # to the user. # Example: # LogFormat myVScanFmt "%tl, %>a %is %Ib %Ob %huo [Action: %{virus_scan:action}Sa] [Virus: %{virus_scan:virus}Sa]" # acl VSCAN service virus_scan # AccessLog /var/log/c-icap-access-vscan.log myVScanFmt VSCAN LogFormat myVScanFmt "%tl, %>a %is %Ib %Ob %huo [Action: %{virus_scan:action}Sa] [Virus: %{virus_scan:virus}Sa]" acl VSCAN service virus_scan AccessLog /var/log/c-icap/vscan.log myVScanFmt VSCAN # # The following additional formatting codes can be used with the service # templates (the VIRUS_FOUND, VIR_MODE_HEAD, VIR_MODE_PROGRESS, # VIR_MODE_TAIL and VIR_MODE_VIRUS_FOUND templates exist under the c-icap # templates directory): # %VVN The virus name. # %VVV The Antivirus name/version. # %VU The HTTP url. # %VFR The downloaded file requested name. For use with virelator mode. # %VFS Expected http body data size (Content-Length header). For use # with virelator mode. # %VF The name of the local file where the data stored. For use with # with virelator mode. # %VHS An HTTP URL to get stored object. For use with virelator mode. # See also the VirHTTPUrl configuration parameter. # %VPR Profile name (Exist only if virus_scan profiles are enabled). # # Example: # Service antivirus_module virus_scan.so # ServiceAlias avscan virus_scan?allow204=on&sizelimit=off&mode=simple # # Load the virus_scan service: Service antivirus_module virus_scan.so #Add an alias to srv_clamav for compatibility with old service name ServiceAlias srv_clamav virus_scan # Add the alias avscan for virus_scan service. It is used by many # ICAP based antivirus clients: ServiceAlias avscan virus_scan?allow204=on&sizelimit=off&mode=simple # Antivirus module settings # TAG: virus_scan.ScanFileTypes # Format: virus_scan.ScanFileTypes type1 [type2] ... # Description: # the list of file types or groups of file types which will be # scanned for viruses. For supported types look in c-icap.magic # configuration file. # Default: # None set. virus_scan.ScanFileTypes TEXT DATA EXECUTABLE ARCHIVE GIF JPEG MSOFFICE #The percentage of data to sent if the downloaded file exceeds the StartSendPercentDataAfter size # TAG: virus_scan.SendPercentData # Format: virus_scan.SendPercentData percent # Description: # the percentage of data that can be sent by the c-icap server # before receiving the complete body of a request. # This feature in conjuction with the folowing can be usefull # becouse if the download of the object takes a lot of time # the connection of web client to proxy can be expired. # It must be noticed that the data which delivered to the # web client maybe contains a virus or a part of a virus # and can be dangerous. In the other hand partial data # (for example 5% data of a zip or an exe file) in most # cases can not be used. # Set it to 0 to disable this feature. # Default: # virus_scan.SendPercentData 0 virus_scan.SendPercentData 5 # TAG: virus_scan.StartSendPercentDataAfter # Format: virus_scan.StartSendPercentDataAfter bytes # Description: # Only if the object is bigger than size then the percentage # of data which defined by SendPercentData sent by the c-icap # server before receiving the complete body of request. # Default: # virus_scan.StartSendPercentDataAfter 0 virus_scan.StartSendPercentDataAfter 2M # TAG: virus_scan.Allow204Responces # Format: virus_scan.Allow204Responces on|off # Description: # Disable 204 responces outside previews for virus_scan if # your icap client does not support it. # Default: # virus_scan.Allow204Responces on # TAG: virus_scan.PassOnError # Format: virus_scan.PassOnError on|off # Description: # Pass the content instead of blocking it, in the case when the virus # scanner or the virus_scan module finds an error. # The error will be logged nevertheless. # Default: # virus_scan.PassOnError off virus_scan.PassOnError on # The Maximum object to be scanned. # TAG: virus_scan.MaxObjectSize # Format: virus_scan.MaxObjectSize Bytes # Description: # The maximum size of files which will be scanned by # antivirus service.You can use K and M indicators to define size # in kilobytes or megabytes. # Default: # virus_scan.MaxObjectSize 5M virus_scan.MaxObjectSize 10M # TAG: virus_scan.DefaultEngine # Format: virus_scan.DefaultEngine EngineName1 EngineName2 ... # Description: # The antivirus engines to use if no engine has selected using ICAP # service arguments. # The antivirus engines loaded as external c-icap modules. # Currently the following antivirus engines are available for the # c-icap-modules: # "clamd" or "clamav" # Default: # None set. The first loaded engine will be used. # Example: # virus_scan.DefaultEngine clamav virus_scan.DefaultEngine clamd # The following directives are related with an experimental # mode which I call "viralator like" mode. The virus_scan # service checks the type of file and if it included in # VirScanFileTypes list (see below) download the file localy # and sends to the web client messages about the progress # of download. After the download completed it sends a message # with the web location where the downloaded file stored. # TAG: virus_scan.VirSaveDir # Format: virus_scan.VirSaveDir path # Description: # The directory where the downloaded files stored. # Must be a directory where a web server has access. # Default: # No set # Example: # virus_scan.VirSaveDir /srv/www/htdocs/downloads/ # from where the documents can be retrieved (you can find the get_file.pl script in contrib dir) # TAG: virus_scan.VirHTTPUrl # Format: virus_scan.VirHTTPUrl URL # Description: # The url which used by the web client to retrieve # downloaded file. The file where the download stored # can has diferent name than the original, if a file # with the same name exists in the directory. In the # url the "%f" can be used to specify the real name # of downloaded file. # You can use the small cgi program "get_file.pl" # which exists in contrib directory of c-icap-modules # distribution. # Default: # No set # Example: # virus_scan.VirHTTPUrl "http://fortune/cgi-bin/get_file.pl?usename=%f&remove=1&file=" # TAG: virus_scan.VirUpdateTime # Format: virus_scan.VirUpdateTime seconds # Description: # The secs is the interval between the "progress of download" # messages in seconds. # Default: # virus_scan.VirUpdateTime 15 # TAG: virus_scan.VirScanFileTypes # Format: virus_scan.VirScanFileTypes type1 type2 ... # Description: # The list of file types and groups of file types, # for which this mode must be used. # Default: # None set # Example: # virus_scan.VirScanFileTypes ARCHIVE EXECUTABLE # Enable on or more antivirus engines: Include clamd_mod.conf #Include clamav_mod.conf # End module: virus_scan