Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
http://www.zeroshell.net/eng/proxy-antivirus/
Forum
Feed English Italiano Facebook
Web
ZeroShell
What is it? Screenshots License Announcements Mailing List Forum Documentation FAQ Hardware Download On-line Updates Kerberos Tutorial Terms of use Contact me
Server Firewall Software NOTE: the release 1.0.beta9 of Zeroshell has some bugs in the proxy module for which you Prevent Hackers need to install the patch A500. Damage Your Assets The purpose of this document is to describe the creation of a Web Proxy with antivirus check of dotDefender web pages and site blacklisting/whitelisting. The document is divided into the following sections: Instant Protection.
www.applicure.com
Why use a web proxy with antivirus check? Transparent Proxy Mode Configuration and activation of the proxy service Access log and privacy Antivirus check of images Automatic update of ClamAV signatures
Email Server AntiVirus Virus & content check company mail GFI MailSecurity for Exchange/SMTP
www.gfi.com
In greater details: Performances Net Balancer UMTS Router Soekris Net5501 Proxy with Antivirus WiFi Access Point OpenVPN Client OpenVPN Server QoS OpenDNS Kerberos 5 NIS and LDAP X.509 Certificates RADIUS Captive Portal VPN Firewall
Change IP Address Country Switch your online IP country Multiple countries world-wide
HideMyAss.com
Antivirusne reitve Celovita zaita pred vsemi gronjami z interneta. Z nami ste v
www.fmc.si
Ethernet Basics Guide Simple Tutorial on Ethernet, TCP/IP 5 Page Paper Free PDF Download
http://www.bb-europe.com
Antivirusne reitve Celovita zaita pred vsemi gronjami z interneta. Z nami ste v
www.fmc.si
Anonymous IP Address Change IP and become anonymous Choose from a range of IP's
HideMyAss.com
1 od 5
14.2.2010 18:22
http://www.zeroshell.net/eng/proxy-antivirus/
(bridge between Ethernet, WIFI or VPN interface) or layer 3 gateway (router). It is nevertheless important to specify on which network interfaces or IP subnets these requests are to be redirected. This is done by adding so-called HTTP Capturing Rules as shown in the figure below:
In the example in the figure, http requests from ETH00 and ETH03 network interfaces are captured. Excluded from these requests are those directed at web servers belonging to the IP 172.16.0.0/16 subnet and those from the client with the 192.168.0.1 IP address. There may be several reasons why it is necessary to exclude the intervention of the transparent proxy on some clients and some web servers. For example, one web server may restrict access only to clients with a certain IP on its ACLs. In this case, if the proxy captured requests to the above server, it would be reached via its IP and this would prevent access. On the other hand, it would not be possible to authorize the IP address of the proxy on the web server's ACLs, since this would mean allowing indiscriminate access to all clients using the proxy. It is clear, then, that the only solution is to avoid the capture of requests by the transparent proxy. Lastly, note that the iptables rules to redirect towards the proxy service (8080 tcp) are placed downstream of those intervening on the Captive Portal. Thanks to this, Captive Portal and Transparent Proxy can be enabled simultaneously on the same network interface.
2 od 5
14.2.2010 18:22
http://www.zeroshell.net/eng/proxy-antivirus/
Note that, start-up of the proxy service is very slow compared to other services, and on hardware that is not very fast it can take up to 30-40 seconds. This is due to the need of the ClamAV antivirus libraries to load and decrypt a large number of virus signatures in their memory. To prevent this from blocking the web configuration interface and start-up scripts for long intervals, the service is started asynchronously. Hence, when the proxy is enabled or reconfigured, the Status item is not displayed as ACTIVE (green) immediately, but first passes from the STARTING state (orange) which shows that the service is loading the signatures. To understand when the proxy actually starts performing, click on [Manage] to reload the configuration page, or simply click on [Proxy log] to view the havp daemon's start-up messages. During the start-up period of the havp daemon, the iptables rules to capture http requests are temporarily removed, allowing web traffic to flow regularly, but without being scanned for viruses. A few configuration items are analysed in more detail in the following paragraphs.
3 od 5
14.2.2010 18:22
http://www.zeroshell.net/eng/proxy-antivirus/
The speed with which new viruses are put on the internet and identified, means that antivirus signatures are increased and are modified frequently. The ClamAV database is no exception, which, thanks to the freshclam daemon, can be updated online at regular intervals. Zeroshell configures freshclam by default to check the signature database 12 times a day. This interval can be set using the [Number of Checks per Day] parameter, from a minimum of 1 to a maximum of 48 checks per day. It is also important to set the [Country of the Mirror] correctly, through which freshclam chooses the nearest site from which to download the virus signatures. Note, however, that regular updating is a fast operation which does not generate much traffic, since a differential update system is used.
Blacklists and whitelists consist of a sequence of URLs arranged on distinct lines. Each line may correspond to several web pages when the * character is used. To block the site http://www.example.com place www.example.com/* on the blacklist, whereas the line www.example.com, without *, would only block the home page of that site. The whitelist has priority over the blacklist. In other words, if a web page corresponds to a blacklist item and, at the same time, is found on the whitelist, access is allowed to the page. Moreover, note that the purpose of the whitelist is not only to allow access to pages that would otherwise be prohibited by the blacklist, but also to bypass antivirus check. Please take careful note of this. If the LAN administrator wants to adopt the policy of providing access to a limited number of sites, s/he can specify the */* line in the blacklist, which will prevent access to all pages except those included on the whitelist.
4 od 5
14.2.2010 18:22
http://www.zeroshell.net/eng/proxy-antivirus/
antivirus software is working correctly. To do this, first check on the freshclam logs that the signatures are updated regularly. Then, go to the URL http://www.eicar.org/anti_virus_test_file.htm to check whether the EICAR-AV-Test test virus (said to be harmless by the authors) is captured and blocked. Lastly, note that the proxy cannot serve https requests (http encrypted with SSL/TLS) given that, not having the private key of the web server, it cannot decrypt the content and the URLs of this request encapsulated in encrypted tunnels.
5 od 5
14.2.2010 18:22