Захотелось мне что бы прокся вирусы ловила ... вычитал статью Лиса http://www.lissyara.su/?id=1662 и повторил его действия .. в итоге получаю бред какой то ! То находит вируса то не ... с тех 3 ссылок раз с 30 раз одну заблочит а все остальные 29 раз пропускает и уже мой НОД32 ловит
Показываю что получил :
Код: Выделить всё
bridg# cat /usr/local/etc/squid/squid.conf
### Squid ###
########################################################################
cache_peer 127.0.0.1 parent 3127 0 default no-query
acl FTP proto FTP
########################################################################
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
################################################################################
acl my_net src 192.168.0.0/24
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 5190 2083
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
#################################################
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#################################################
acl main src 192.168.0.5 192.168.0.10
acl vse src 192.168.0.0/255.255.255.0
acl porno url_regex -i "/usr/local/squid/lock/porno.txt"
acl un_porno url_regex -i "/usr/local/squid/lock/un_porno.txt"
acl chat url_regex -i "/usr/local/squid/lock/chat.txt"
acl un_chat url_regex -i "/usr/local/squid/lock/un_chat.txt"
acl games url_regex -i "/usr/local/squid/lock/games.txt"
acl un_games url_regex -i "/usr/local/squid/lock/un_games.txt"
#############################################################################
acl my_lock url_regex -i "/usr/local/squid/lock/my_lock.txt"
#############################################################################
acl video url_regex -i "/usr/local/squid/lock/video.txt"
acl warez url_regex -i "/usr/local/squid/lock/warez.txt"
acl icq url_regex -i "/usr/local/squid/lock/icq"
acl mp3 urlpath_regex -i \.mp3$
acl wav urlpath_regex -i \.wav$
acl avi urlpath_regex -i \.avi$
acl mpeg urlpath_regex -i \.mpeg$
acl wmv urlpath_regex -i \.wmv$
acl iso urlpath_regex -i \.iso$
acl mov urlpath_regex -i \.mov$
acl gt urlpath_regex -i \.gt$
acl mpe urlpath_regex -i \.mpe$
acl raw urlpath_regex -i \.raw$
acl ram urlpath_regex -i \.ram$
acl rm urlpath_regex -i \.rm$
acl cab urlpath_regex -i \.cab$
http_access allow main
http_access allow vse un_porno
http_access allow vse un_chat
http_access allow vse un_games
http_access allow vse
http_access deny chat
http_access deny porno
http_access deny warez
http_access deny video
http_access deny games
http_access deny mp3 vse
http_access deny mpeg vse
http_access deny wav vse
http_access deny wmv vse
http_access deny avi vse
http_access deny iso vse
http_access deny mov vse
http_access deny gt vse
http_access deny mpe vse
http_access deny raw vse
http_access deny ram vse
http_access deny rm vse
http_access deny cab vse
http_access allow all
################################################################################
#################################################
#Allow ICP queries from local networks only
icp_access allow localnet
icp_access deny all
#################################################
#################################################
#Allow HTCP queries from local networks only
htcp_access allow localnet
htcp_access deny all
#################################################
http_port 3128 transparent
#################
cache_mem 100 MB
#################
####################################
maximum_object_size_in_memory 8 KB
####################################
access_log /usr/local/squid/logs/access.log squid
cache_log /usr/local/squid/logs/cache.log
cache_store_log /usr/local/squid/logs/store.log
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
##ICP
icp_port 3130
####################################
always_direct allow FTP
always_direct allow SSL_Ports
####################################
hosts_file /etc/hosts
coredump_dir /usr/local/squid/cache
Код: Выделить всё
bridg# cat /etc/rc.conf
#rc.conf
havp_enable="YES"
#########Squid#########
squid_enable="YES"
#######################
Код: Выделить всё
03/05/2009 17:11:15 === Starting HAVP Version: 0.90
03/05/2009 17:11:15 === Mandatory locking disabled! KEEPBACK settings not used!
03/05/2009 17:11:15 Running as user: havp, group: BUILTIN+users
03/05/2009 17:11:15 --- Initializing ClamAV Library Scanner
03/05/2009 17:11:15 ClamAV: Using database directory: /var/db/clamav
03/05/2009 17:11:18 ClamAV: Loaded 546195 signatures (engine 0.95.1)
03/05/2009 17:11:18 ClamAV Library Scanner passed EICAR virus test (Eicar-Test-Signature)
03/05/2009 17:11:18 --- All scanners initialized
03/05/2009 17:11:18 Process ID: 53981
03/05/2009 17:18:58 === Starting HAVP Version: 0.90
03/05/2009 17:18:58 === Mandatory locking disabled! KEEPBACK settings not used!
03/05/2009 17:18:58 Running as user: havp, group: BUILTIN+users
03/05/2009 17:18:58 --- Initializing ClamAV Library Scanner
03/05/2009 17:18:58 ClamAV: Using database directory: /var/db/clamav
03/05/2009 17:19:01 ClamAV: Loaded 546195 signatures (engine 0.95.1)
03/05/2009 17:19:01 ClamAV Library Scanner passed EICAR virus test (Eicar-Test-Signature)
03/05/2009 17:19:01 --- All scanners initialized
03/05/2009 17:19:01 Process ID: 54025
Код: Выделить всё
bridg# cat /var/log/havp/access.log
03/05/2009 17:02:59 192.168.0.40 GET 200 http://www.eicar.org/download/eicarcom2.zip 403+308 VIRUS ClamAV: Eicar-Test-Signature
bridg#
Код: Выделить всё
bridg# cat /var/log/clamav/freshclam.log
--------------------------------------
freshclam daemon 0.95.1 (OS: freebsd7.0, ARCH: i386, CPU: i386)
ClamAV update process started at Sun May 3 15:52:56 2009
main.cvd is up to date (version: 50, sigs: 500667, f-level: 38, builder: sven)
WARNING: getfile: daily-9214.cdiff not found on remote server (IP: 193.147.168.122)
WARNING: getpatch: Can't download daily-9214.cdiff from database.clamav.net
Trying host database.clamav.net (194.109.6.97)...
WARNING: getfile: daily-9214.cdiff not found on remote server (IP: 194.109.6.97)
WARNING: getpatch: Can't download daily-9214.cdiff from database.clamav.net
Trying host database.clamav.net (195.184.96.15)...
WARNING: getfile: daily-9214.cdiff not found on remote server (IP: 195.184.96.15)
WARNING: getpatch: Can't download daily-9214.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Trying host database.clamav.net (212.1.60.18)...
Downloading daily.cvd [100%]
daily.cvd updated (version: 9320, sigs: 48763, f-level: 42, builder: aeriana)
Database updated (549430 signatures) from database.clamav.net (IP: 212.1.60.18)
WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd
--------------------------------------
--------------------------------------
freshclam daemon 0.95.1 (OS: freebsd7.0, ARCH: i386, CPU: i386)
ClamAV update process started at Sun May 3 16:59:49 2009
main.cvd is up to date (version: 50, sigs: 500667, f-level: 38, builder: sven)
daily.cvd is up to date (version: 9320, sigs: 48763, f-level: 42, builder: aeriana)
--------------------------------------
bridg#
Заранее спасибо !