Koozali.org: home of the SME Server

DansGuardian - Content scanner

Offline dede77b

  • *
  • 29
  • +0/-0
DansGuardian - Content scanner
« on: September 15, 2008, 10:40:25 AM »
I'm trying DG and Content scanner from clamav integrated in DG. I want to know if this can do a great and secure job as a web filter and AV in my office envirement.

Dansguardian is perfect for filtering, but I don't know and don't undestand well how AV works and how it is integrated in DG.

Can anyone tell me something about that? I searched everywhere but finded nothing.

What are the main difference between this plug-ins?

# Content Scanners (Also known as AV scanners)
# These are plugins that scan the content of all files your browser fetches
# for example to AV scan.  The options are limitless.  Eventually all of
# DansGuardian will be plugin based.  You can have more than one content
# scanner. The plugins are run in the order you specify.
# This is one of the few places you can have multiple options of the same name.
#
# Some of the scanner(s) require 3rd party software and libraries eg clamav.
# See the individual plugin conf file for more options (if any).
#
#contentscanner = '/etc/dansguardian/contentscanners/clamav.conf'
#contentscanner = '/etc/dansguardian/contentscanners/clamdscan.conf'
#!! Unimplemented !! contentscanner = '/etc/dansguardian/contentscanners/kavav.conf'
#!! Not compiled !! contentscanner = '/etc/dansguardian/contentscanners/kavdscan.conf'
#contentscanner = '/etc/dansguardian/contentscanners/icapscan.conf'
#!! Not compiled !! contentscanner = '/etc/dansguardian/contentscanners/commandlinescan.conf'


And how can I check that the content scanner is actually running and looking for virus?

Thanx everyone

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: DansGuardian - Content scanner
« Reply #1 on: September 15, 2008, 10:51:15 AM »
dede77b

Quote
I searched everywhere but finded nothing.

What about this ?
http://wiki.contribs.org/Dansguardian
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline dede77b

  • *
  • 29
  • +0/-0
Re: DansGuardian - Content scanner
« Reply #2 on: September 15, 2008, 02:20:05 PM »
Yes, I used dungog link for installing and configuring my dansguardian/clamav. But there are no explanation for the plug-in to use for the clamav integration.

There are different possibilities to scan content and I would like to know how they work in a better way.

Thanx

Offline Normando

  • *
  • 841
  • +2/-1
    • Unixlan
Re: DansGuardian - Content scanner
« Reply #3 on: September 15, 2008, 04:02:49 PM »

Offline dede77b

  • *
  • 29
  • +0/-0
Re: DansGuardian - Content scanner
« Reply #4 on: September 15, 2008, 04:19:37 PM »
OK, I tell you that my AV content scanner is running and I took a look at this http://wiki.contribs.org/Dansguardian#ClamAV_support link.

But I don't find any infomration about the different plug-in i can use to scan my content.

Read what I mean:

One possibility is to use this conf. file, clamav.conf:

plugname = 'clamav'

# scanbuffmethod
#
# As of 2.9.4.0, DG uses libclamav's cl_scandesc method instead of
# cl_scanbuff when scanning memory buffers. Unfortunately, this means
# that memory contents must be written to a file before scanning even
# if the file is below maxcontentramcachescansize.
# This option specifies how temp files will be created:
#
#   file - create files in scanbuffdir
#
#   shm - use POSIX shared memory
#
scanbuffmethod = 'file'

# scanbuffdir - where to create temp files in scanbuffmethod 'file'.
# You can specify a ramfs/tmpfs partition to minimise performance
# impact.
# Defaults to the configured filecachedir.
#scanbuffdir = '/path/to/tmpfs'

# tempdir - temporary directory for internal use by clamav.
# When scanning archive files, clamav can create temporary files of
# its own; this allows you to specify where they will be created.
# Used regardless of scanbuffmethod.
# Defaults to the configured filecachedir.
#tempdir = '/path/to/tmpfs'

#maxfiles - The maximum number of files to scan from a single
# archive.  Like clamd.conf's MaxFiles.
maxfiles = 15000

#maxreclevel - The maximum recursion level when unpacking archives
# within archives.  Like clamd.conf's MaxRecursion.
maxreclevel = 10

#maxscansize - Upper limit on the amount of data that whill be
# scanned when unpacking an archive, in kilobytes. Like clamd.conf's
# MaxScanSize.
maxscansize = 100000

exceptionvirusmimetypelist = '/etc/dansguardian/lists/contentscanners/exceptionvirusmimetypelist'
exceptionvirusextensionlist = '/etc/dansguardian/lists/contentscanners/exceptionvirusextensionlist'
exceptionvirussitelist = '/etc/dansguardian/lists/contentscanners/exceptionvirussitelist'
exceptionvirusurllist = '/etc/dansguardian/lists/contentscanners/exceptionvirusurllist'



Second possibility is to use that one, clamdscan.conf:

plugname = 'clamdscan'

clamdudsfile = '/var/clamav/clamd.socket'

exceptionvirusmimetypelist = '/etc/dansguardian/lists/contentscanners/exceptionvirusmimetypelist'
exceptionvirusextensionlist = '/etc/dansguardian/lists/contentscanners/exceptionvirusextensionlist'
exceptionvirussitelist = '/etc/dansguardian/lists/contentscanners/exceptionvirussitelist'
exceptionvirusurllist = '/etc/dansguardian/lists/contentscanners/exceptionvirusurllist'


I think the first one write from ram to disk the file before scan them, or I can configure to write on a ramdisk.

But the second, what it do?

I didn't find any suggestion about the best way to configure content scan.

Thanx again