We use 'HTTPi' as the basis of a very simple Perl-powered mechanism to
proxy the ClamAV CVD files on our small LAN. We have it listening on a
dedicated TCP port via xinetd (a very handy 'server' for simple
services one wants to make network accessible).

HTTPi (http://www.floodgap.com/httpi/) is *much* lighter weight than
Squid, Apache or Nginx, and is basically a simple CGI engine. Xinetd
and, of course, Perl are available in most Linux distros.


Some details follow.
 
In our freshclam.conf file are lines equivalent to:

  HTTPProxyServer 10.1.2.3
  HTTPProxyPort 10123


And in our xinetd.conf file (on, e.g., 10.1.2.3) is the analogue to:

  service chowder
  {
        type            = UNLISTED
        port            = 10123
        bind            = 10.1.2.3
        only_from       = 10.1.2.0/24
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = clamav
        group           = clamav
        server          = /opt/clamav/bin/clamavproxy.pl
        server_args     = serve-clam
        instances       = 5
        log_on_success  =
  }

(We compile the new versions of ClamAV and keep them in '/opt', with
a symbolic link 'clamav', so we can reduce risk when upgrading.)


Finally, in our clamavproxy.pl (based on an old version of HTTPi) is
the code:

  if ($method eq 'GET' && $address =~ m(^/(bytecode|daily|main).cvd$)i)
  {
    $file = "$1.cvd";
    $data = `/bin/cat /opt/clamav/share/clamav/$file`;
    &htsponse(200, "OK");
    &htcontent($data, "application/octet-stream");
  }
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Reply via email to