Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up a HTTP Anti Virus Proxy

From bering-uClibc
Revision as of 17:13, 29 October 2011 by Kapeka (Talk | contribs) (Preface)

Jump to: navigation, search
Advanced Topics - Setting Up Backup to Remote Server
Prev Bering-uClibc 4.x - User Guide Next

Preface

The purpose of this chapter is to setup a LEAF box with a http proxy that scans your web traffic for Trojans, viruses, malware and other malicious threats. As scanner ClamAV is used, as proxy HAVP.

havp can be used with squid or standalone, but only the standalone version is described here. havp provides no content caching, therefor you'll need squid.lrp, it supports multiple virus scanners, but only clamav is provided as lrp package. It has no support for ipv6 and does not scan ssl-protected page (https), but the setup will not block these pages.

Running a http anti virus proxy goes the typical usage of a LEAF Bering-uClibc box, which usually is used as a router and firewall. This is shown by the fact that the harwdare requirements are a lot more advanced than for a LEAF router. It requires at least 265MB RAM and a writable storage of more than 200MB, or at least 512MB RAM, if you run the proxy completly in RAM, and even than a fixed storage is recommended to reduce time-to-work, after a reboot.

Most of the resources are needed for clamav, which requires at least 100MB RAM to start, and 100MB for the virus database plus daily updates. havp requires a minimum of 5MB fixed storage or RAM for a virtual disk.

If you add a content-caching proxy like squid, even more is needed.

Status: The packages clamav.lrp and havp.lrp are already committed to git and will be available with Bering-uClibc 4.1.

tbc

Setting up LEAF Bering-uClibc in a Virtualbox environment

tbd

Setting up the virus scanner clamav

tbd

Setting the anti virus proxy hvap

tbd

Testing the setup

tbd

Additional reading and acknowledgment

Useful clamav links:

ClamAV main page

Useful havp links:

havp main page

How to use havp with squid as caching proxy (though it's based on an outdated squid version).

squid-cache main page

The original packages for havp.lrp and clamav.lrp have been contributed by Alejandro Dguez for LEAF Bering-uClibc 3.x. Based on his work it was easy, to adjust the buildtool setup for LEAF Bering-uClibc 4.x.

Prev Up Next
Retrieved from "http://bering-uclibc.zetam.org/index.php?title=Bering-uClibc_4.x_-_User_Guide_-_Advanced_Topics_-_Setting_Up_a_HTTP_Anti_Virus_Proxy&oldid=821"