Virus Scanning with ClamAV

Hi All,

I was interested to test ICAP integration with CLAMAV (for testing purpose) with ASM.

On a Ubuntu server configured with only SSH server and IP address fixed (better for a server), I used the following commands to install C-ICAP with clamAV and make it available for ASM:

 Install packages with dependencies
apt-get update
apt-get -y install c-icap
apt-get -y install libc-icap-mod-virus-scan

 Configure c-icap with expected parameters
sed -i.back /etc/c-icap/c-icap.conf -e 's/${prefix}/\/usr/'
sed -i.back /etc/c-icap/c-icap.conf -e "s/^ServerName.*/ServerName $(hostname)/g"
echo "Include virus_scan.conf" >> /etc/c-icap/c-icap.conf
sed  -i.back /etc/c-icap/virus_scan.conf -e "/^Include clamav_mod.conf/s/^//"

 Start the service ... don't know why not enabled
sed -i.back /etc/default/c-icap -e 's/START=no/START=yes/'

 Restart services
service c-icap restart
service clamav-freshclam restart

On the ASM, configure the following parameters

• Security ›› Options : Application Security : Advanced Configuration : System Variables

  • icap_uri : /avscan (default value is /reqmod)
  • virus_header_name : let default value X-Virus-Name,X-Infection-Found

• Security ›› Options : Application Security : Integrated Services : Anti-Virus Protection

  • Server Host Name/IP Address : IP of ubuntu server
  • Server Port Number : 1433 (default port)
  • Guarantee Enforcement : Enabled

For each security Policy :

• Security ›› Application Security : Integrated Services : Anti-Virus Protection
  • Inspect file uploads within HTTP requests : Enabled
• Security ›› Application Security : Policy Building : Learning and Blocking Settings (version 13 menu... Security ›› Application Security : Blocking in previous versions)
  • Virus Detected : Learn, Alarm, Block