Difference between revisions of "Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up a HTTP Anti Virus Proxy"

From bering-uClibc
Jump to: navigation, search
(Preface)
(Preface)
Line 15: Line 15:
  
 
Most of the resources are needed for <code class="filename">clamav</code>, which requires at least 100MB RAM to start, and 100MB for the virus database plus daily updates. <code class="filename">havp</code> requires a minimum of 5MB fixed storage or RAM for a virtual disk.
 
Most of the resources are needed for <code class="filename">clamav</code>, which requires at least 100MB RAM to start, and 100MB for the virus database plus daily updates. <code class="filename">havp</code> requires a minimum of 5MB fixed storage or RAM for a virtual disk.
 
 
If you add a content-caching proxy like <code class="filename">squid</code>, even more is needed.
 
If you add a content-caching proxy like <code class="filename">squid</code>, even more is needed.
  
'''Status:''' The packages <code class="filename">clamav.lrp</code> and <code class="filename">havp.lrp</code> are already committed to git and will be available with Bering-uClibc 4.1.
+
But with a virtualized LEAF box RAM, and even more disk space, is cheap, so I used a Bering-uClibc 4.x i686-isoimage as [http://www.virtualbox.org virtualbox] guest with 768MB RAM and no harddisk as testbed. You may want to change it, to use a (virtual) harddisk as permament storage, that way you can virtualize a LEAF-based http anti-virus proxy.  
  
tbc
+
'''Note:''' The setup given here is mainly targeted for home usage and testing, for a more advanced usage a decent hardware and a configuration with <code class="filename">squid</code> is recommended. Also the way ssl-protected pages are tunneled is not as efficient, as you may like to have it in a professional environment.
 +
 
 +
'''Status:''' The packages <code class="filename">clamav.lrp</code> and <code class="filename">havp.lrp</code> are already committed to git and will be available with Bering-uClibc 4.1.
  
 
=== Setting up LEAF Bering-uClibc in a Virtualbox environment ===
 
=== Setting up LEAF Bering-uClibc in a Virtualbox environment ===

Revision as of 18:05, 29 October 2011

Advanced Topics - Setting Up Backup to Remote Server
Prev Bering-uClibc 4.x - User Guide Next

Preface

The purpose of this chapter is to setup a LEAF box with a http proxy that scans your web traffic for Trojans, viruses, malware and other malicious threats. As scanner ClamAV is used, as proxy HAVP.

havp can be used with squid or standalone, but only the standalone version is described here. havp provides no content caching, therefor you'll need squid.lrp, it supports multiple virus scanners, but only clamav is provided as lrp package. It has no support for ipv6 and does not scan ssl-protected page (https), but the setup will not block these pages.

Running a http anti virus proxy goes the typical usage of a LEAF Bering-uClibc box, which usually is used as a router and firewall. This is shown by the fact that the harwdare requirements are a lot more advanced than for a LEAF router. It requires at least 265MB RAM and a writable storage of more than 200MB, or at least 512MB RAM, if you run the proxy completly in RAM, and even than a fixed storage is recommended to reduce time-to-work, after a reboot.

Most of the resources are needed for clamav, which requires at least 100MB RAM to start, and 100MB for the virus database plus daily updates. havp requires a minimum of 5MB fixed storage or RAM for a virtual disk. If you add a content-caching proxy like squid, even more is needed.

But with a virtualized LEAF box RAM, and even more disk space, is cheap, so I used a Bering-uClibc 4.x i686-isoimage as virtualbox guest with 768MB RAM and no harddisk as testbed. You may want to change it, to use a (virtual) harddisk as permament storage, that way you can virtualize a LEAF-based http anti-virus proxy.

Note: The setup given here is mainly targeted for home usage and testing, for a more advanced usage a decent hardware and a configuration with squid is recommended. Also the way ssl-protected pages are tunneled is not as efficient, as you may like to have it in a professional environment.

Status: The packages clamav.lrp and havp.lrp are already committed to git and will be available with Bering-uClibc 4.1.

Setting up LEAF Bering-uClibc in a Virtualbox environment

tbd

Setting up the virus scanner clamav

tbd

Setting the anti virus proxy hvap

tbd

Testing the setup

tbd

Additional reading and acknowledgment

Useful clamav links:

ClamAV main page

Useful havp links:

havp main page

How to use havp with squid as caching proxy (though it's based on an outdated squid version).

squid-cache main page

The original packages for havp.lrp and clamav.lrp have been contributed by Alejandro Dguez for LEAF Bering-uClibc 3.x. Based on his work it was easy, to adjust the buildtool setup for LEAF Bering-uClibc 4.x.


Prev Up Next