Search
j0ke.net Open Build Service
>
Projects
>
ha
:
firewall
>
c-icap
> c_icap-0.2.3-INSTALL.html
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File c_icap-0.2.3-INSTALL.html of Package c-icap
<html> <head> <title>The c-icap project </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <META name="keywords" content="icap, squid, filtering, Content Filtering,web proxy, web, http"> <link rel="stylesheet" href="docs.css" type="text/css"> </head> <tr > <table cellspacing="0" cellpadding="0" width="100%"> <td width="80%" > <H1 align="center">The c-icap project</H1> <hr width="80%"> </td> </table> <br> <table width=100%> <tr> <TD width="30%" valign="top"> <table> <tr> <TD ><br></TD></tr> <tr> <td > <table class="menu" cellspacing="0"> <tr> <td class="contents"> <ul> <li> <a href="about.html" target="_self">About c-icap</a></li> <li> <a href="install.html" target="_self">Installation</a></li> <li> <a href="configure.html" target="_self">Configuration guide</a></li> <li> <a href="techinfo.html" target="_self">Technical information</a></li> <li> <a href="http://sourceforge.net/projects/c-icap" target="_self">Project page/Downloads</a></li> <li> <a href="links.html" target="_self">Links</a></li> </ul> </td> </tr> </table> </TD> </tr> <tr> <TD> </TD> </tr> <!-- <tr valign="bottom"><TD> <p class="small">Hosted by:</p> <a href="http://sourceforge.net"> <img src="http://sourceforge.net/sflogo.php?group_id=84122&type=2" width="100" height="30" border="0" alt="SourceForge.net Logo" /> </a> </TD></tr> --> </table> </TD> <TD valign="top" class="maindoc"> <H2>INSTALL</H2> <P>Go to the sources directory and run: </P> <pre> ./configure --prefix=/usr/local/c-icap </pre> <P>If you don't have ClamAV installed, run: </P> <pre> ./configure --prefix=/usr/local/c-icap --without-clamav </pre> <P>In this case, only the echo service will be created. </P> <p> For more configure options run: </p> <pre> ./configure --help </pre> <P>After the configuration process, you can compile and install the software as follows: </P> <pre> make make install </pre> <P>Then, edit to the file <i>/usr/local/c-icap/etc/c-icap.conf</i>. It contains a set of default values that configure the c-icap server. Finally, you can run the c-icap server: </P> <pre> /usr/local/c-icap/bin/c-icap </pre> <P> If you want to display debugging information on the terminal, the previous command should be executed with following arguments: </P> <pre> /usr/local/c-icap/bin/c-icap -N -D -d 10 </pre> <P> The first argument <I>-N</I> prevents the c-icap server from forking in the background, the second argument <I>-D</I> enables the printing of messages to standard output, and the third argument <I>-d 10</I> enables the printing of full debugging information. </P> FreeBSD users can also download the c-icap from <A href="http://www.freshports.org/www/c-icap/">FreshPorts</A> site. <H3>Testing your instalation</H3> To test your c-icap server you can use the icap-client utility which included in c-icap package. From the same host simply run icap-client without any arguments. This will do an options request to the icap server in localhost. You must see something like that: <pre> tsantila@barbarian:~> /usr/local/c-icap/bin/icap-client ICAP server:localhost, ip:127.0.0.1, port:1344 OPTIONS: Allow 204: Yes Preview: 1024 Keep alive: Yes ICAP HEADERS: ICAP/1.0 200 OK Methods: RESPMOD, REQMOD Service: C-ICAP/030606 server - Echo demo service ISTag: "5BDEEEA9-12E4-2" Max-Connections: 20 Options-TTL: 3600 Date: Sun, 04 Jun 2006 16:18:55 GMT Preview: 1024 Allow: 204 Transfer-Preview: * Encapsulated: null-body=0 </pre> To check the "/bin/ls" file with clamav antivirus using the icap server run: <pre> tsantila@barbarian:~> /usr/local/c-icap/bin/icap-client -f /bin/ls \ -s "srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple" ICAP server:localhost, ip:127.0.0.1, port:1344 No modification needed (Allow 204 responce) </pre> The Allow204 responce means that no virus found in this file.<br> In this example we called the srv_clamav service with arguments: <br><I>allow204=on</I> to allow 204 responces outside previews. If you omit this argument then the srv_clamav service will send back unmodified the file we sent. <br><I>force=on</I> to scan the file even if its file type does not included in srv_clamav.ScanFileTypes directive in c-icap.conf file. <br><I>sizelimit=off</I> to ignore srv_clamav.MaxObjectSize directive in c-icap.conf file <br><I>mode=simple</I> to only repsonce with allow204 whan no virus found and an error message if virous found. <p> Send a virus file to examine srv_clamav's behaviour when a virus found: <pre> tsantila@barbarian:~> /usr/local/c-icap/bin/icap-client -f /usr/local/src/clamav-0.83/test/clam.exe \ -s "srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple" ICAP server:localhost, ip:127.0.0.1, port:1344 VIRUS FOUND You try to upload/download a file that contain the virus ClamAV-Test-File This message generated by C-ICAP srvClamAV/antivirus module </pre> <H3>Installing SQUID</H3> <!-- <P>Download the pre-patched Squid with ICAP support from <A HREF="http://sourceforge.net/projects/c-icap">c-icap's page</A> at SourceForge.net. The ICAP patch of Squid can be downloaded from the <A HREF="http://devel.squid-cache.org/icap/">main site</A> of Squid ICAP. </P> --> <P> Download the Squid 3.0 proxy server from <A href="http://www.squid-cache.org/Versions/v3/3.0/">squid site</A>. </P> <P>To enable ICAP support in Squid, you must configure it using <I>--enable-icap-client</I>. Below, is the command I used in my workstation running Linux SUSE 9.1: </P> <pre> ./configure --with-pthreads --enable-basic-auth-helpers=getpwnam,LDAP,PAM\ --enable-snmp --enable-ssl\ --enable-linux-netfilter --enable-icap-client\ --enable-external-acl-helpers=ip_user,ldap_group,unix_group\ --enable-digest-auth-helpers=password </pre> <P> In the configuration file of Squid enter the following lines: </P> <pre> icap_enable on icap_preview_enable on icap_preview_size 128 icap_send_client_ip on icap_send_auth_user on icap_auth_scheme Local://%u icap_service service_avi_req reqmod_precache 0 icap://localhost:1344/srv_clamav icap_service service_avi respmod_precache 1 icap://localhost:1344/srv_clamav icap_class class_antivirus service_avi service_avi_req icap_access class_antivirus allow all </pre> <P>If c-icap does not reside in the same machine as Squid, change the line icap://localhost:1344/srv_clamav to icap://<I>cicap_hostname</I>:1344/srv_clamav, where <I>cicap_hostname</I> is the hostname or the IP address of the c-icap server. For more information, read the Squid's manual. </P> <p> You can use <i>icap_access</i> directive to define sites which must passed or no to the icap server. <!-- <H3>c-icap for Win32</H3> <p> The Win32 implementations is in early development state so you should only use it for experimentation purposes. </p> <p> For Cygwin environment the installation procedure of c-icap is similar with that for UNIX systems. </p> <p> If you ident to use the Win32 native implementation of c-icap you need the Microsoft C/C++ compiler and the nmake utility. Just run: <pre> nmake -f makefile.w32 nodebug=1 </pre> Then copy the files <i>c_icap.dll, c-icap.exe and srv_echo.dll</i> to a directory and build the <i>c-icap.conf</i> file Then run <pre> c-icap.exe -f c-icap.conf -D -d 10 </pre> Only the echo service works in the Win32 native implementation. </p> --> </TD> <TD width="15%"> </TD> </tr> <tr> <TD width="100%" colspan="3" align="center" class="extrasmall"> <br> <hr width="80%"> <p align="center" class="extrasmall"> © Tsantilas Christos, email: chtsanti at users dot sourceforge dot net </p> </TD> </tr> </table> </body>