Folgendes wird empfohlen um squidclamav, wesentlich zu beschleunigen, dies wird vorallem in größeren Umgebungen interessant, da hier der Cacheeffekt deutlich höher ist.
In die Datei /var/ipfire/proxy/advanced/acls/include.acl folgende Zeilen eintragen
Code: Select all
http_port 127.0.0.1:8080 transparent
acl to_localhost dst 127.0.0.0/8
acl purge method PURGE
http_access deny to_localhost
http_access allow localhost
http_access allow purge localhost
http_access deny purge
url_rewrite_access deny localhost
In die Datei /etc/squidclamav.conf folgendes anstelle der proxy none und stat Fkt. einbauen, ihr müsst dann noch den Port entsprechend austauschen
Code: Select all
squid_ip 127.0.0.1
squid_port 8080
trust_cache enable
logfile /var/log/squidclamav.log
redirect http://127.0.0.1:81/clwarn.cgi
debug 0
force 1
stat 0
Der entsprechende Eintrag in der README
IMPROVING SPEED
---------------
Begining with version 4.x squidclamav detect if the file to download is
already stored in Squid cache. If you activate 'trust_cache' configuration
option, squidclamav will not scan anymore a file coming from Squid cache
as it may have already been scanned during the first download. This may save
some system load and improve speed a lot!
In normal use squidclamav use squid to download the file and scan it for
viruses. This prevent downloading twice the file, one time for scan and the
other time to deliver the file to the client. If trust_cache is disabled, no
matter if the file is stored in the cache, squidclamav will rescan this file
at each client request. But if trust_cache is enabled squidclamav "think" this
file has already been scanned and so it is delivered as is to the client. To
prevent this after each scan and when a virus is detected squidclamav send a
PURGE request to squid to remove this file from cache. This mean that you MUST
edit your acl to allow localhost to send PURGE method.
Trusted cache feature will be disabled if the squidclient command fail or the
PURGE method is forbidden.