Wednesday, December 2, 2015

Setting up an C-ICAP Server using the "The c-icap project"

Couple things first:

Documentation: http://c-icap.sourceforge.net/documentation.html
Install: http://c-icap.sourceforge.net/install.html
Download info:
  • Main Software - http://sourceforge.net/projects/c-icap/files/latest/download
  • Modules - http://sourceforge.net/projects/c-icap/files/c-icap-modules/
I built this from multiple articles that are linked some where on here.  Not one had all the answers.  Here is my brain dump from it.

Download c-icap and c-icap modules

c-icap
tar xvf c_icap-x.x.x.tar.gz
cd c_icap-x.x.x
./configure --prefix=/usr/local/c-icap
make
make install 
vim /usr/local/c-icap/etc/c-icap.conf 

Under ServerAdmin: Enter your email

Under ServerName: Enter your hostname of the server

The ModulesDir is wrong and needs to be changed to:
  • Wrong: ModulesDir /usr/local/c-icap/lib/c_icap
  • Correct: ModulesDir /usr/local/lib/c_icap

The ServicesDir is wrong and needs to be changed to: 
  • Wrong: ServicesDir /usr/local/c-icap/lib/c_icap
  • Correct: ServicesDir /usr/local/lib/c_icap
 The TemplateDir  is wrong also and needs to be changed to:
  • Wrong: TemplateDir /usr/local/c-icap/share/c_icap/templates/ 
  • Correct: TemplateDir /usr/local/share/c_icap/templates/
 Next Step, test your server:

/usr/local/c-icap/bin/c-icap -N -D -d 10

Instructions: Link

If everything is correct, it should start up.  Kill it and we will continue. Next we need to configure the module to scan using clamav.  This is assuming you already have clamav installed and working.

If you want to create a c-icap service do the following:
vi /etc/rc.d/init.d/c-icap

# bin/bash
# c-icap: Start/Stop c-icap
# chkconfig: - 70 30
# description: c-icap is an implementation of an ICAP server.
# processname: c-icap
# pidfile: /var/run/c-icap/c-icap.pid

. /etc/rc.d/init.d/functions
. /etc/sysconfig/network

CONFIG_FILE=/usr/local/c-icap/etc/c-icap.conf
PID_DIR=/var/run/c-icap

RETVAL=0
start() {
   echo -n $"Starting c-icap: "
   daemon /usr/local/c-icap/bin/c-icap -f $CONFIG_FILE
   RETVAL=$?
   echo
   [ $RETVAL -eq 0 ] && touch /var/lock/subsys/c-icap
   return $RETVAL
}
stop() {
   echo -n $"Stopping c-icap: "
   killproc c-icap
   rm -f /var/run/c-icap/c-icap.ctl
   RETVAL=$?
   echo
   [ $RETVAL -eq 0 ] && rm -f $PID_DIR/c-icap.pid /var/lock/subsys/c-icap
   return $RETVAL
}
case "$1" in
   start)
      start
   ;;
   stop)
      stop
   ;;
   status)
      status c-icap
   ;;
   restart)
      stop
      start
   ;;
   *)
      echo $"Usage: $0 {start|stop|status|restart}"
   exit 1
esac
exit $?

This was taken from one of the links below but I had to modify it to make it work with changes in a recent update to the project.

Test that it starts:
 /etc/rc.d/init.d/c-icap start 

Create the final pieces to the service:
chkconfig --add c-icap
chkconfig c-icap on 


We need to extract the c-icap modules

tar xvf c_icap_modules-x.x.x.tar.gz
cd c_icap-x.x.x
./configure --with-c-icap=/usr/local/c-icap --prefix=/usr/local/c-icap
make
make install 
vim /usr/local/c-icap/etc/c-icap.conf 

Now we need to add the virus scan module.  You already have the c-icap config open so at the end of the file add:
  • Include /usr/local/etc/virus_scan.conf
Instructions:  Link

The virus_scan.conf needs to me modified.

vim /usr/local/etc/virus_scan.conf

Add to the bottom:

Include /usr/local/etc/clamd_mod.conf


I also changed the one line to:
virus_scan.DefaultEngine clamav

The clamd needs to modified for the correct Socket Location:
vim /usr/local/etc/clamd_mod.conf

Change the Socket Location to:
clamd_mod.ClamdSocket /var/run/clamav/clamd.sock

service c-icap restart

You can test it by running the following commands:

No Virus Test File: 
/usr/local/c-icap/bin/c-icap-client -f /bin/ls  \
            -s "srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple"

Virus Test File:
/usr/local/c-icap/bin/c-icap-client -f /usr/local/share/clamav-0.x.x/test/clam.exe \
   -s "srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple"

Log Files are located:
  • ServerLog /usr/local/c-icap/var/log/server.log 
  • AccessLog /usr/local/c-icap/var/log/access.log
A lot of the errors will show up in the server.log file.

Troubleshooting:

ERROR: Unable to find specified template: /usr/local/p/share/c_icap/templates//virus_scan/en/VIRUS_FOUND

Means the path is wrong.

 clamd_connect: Can not connect to clamd server on /var/run/clamav/clamd.ctl!

This means that the Socket Location in clamav is different then what you have listed.

Check these two files for the location: /usr/local/etc/clamd.conf /etc/clamd.conf

Source:  Link Link
Virus Test: Link ******REMEMBER THESE ARE ACTUAL VIRUSES!!!!******

ShareThis