Transparent proxy : squid + havp + clamav

A few months ago I posted a tutorial explaining how to make a transparent proxy using squid and pf. In the mean time (because of the need of minimising virus infections) I’ve made a few changes and added havp + clamav in the current configuration. The whole process was quite simple :

cd /usr/ports/www/havp
make install clean

After the installation all I needed to do was to add the followin lines in /etc/rc.conf

echo ‘clamav_clamd_enable=”YES”‘ >> /etc/rc.conf #start clamav
echo ‘clamav_freshclam_enable=”YES” >> /etc/rc.conf #start freshclam
echo ‘havp_enable=”YES”‘ >> /etc/rc.conf #start havp

start the services :

/usr/local/etc/rc.d/havp start
/usr/local/etc/rc.d/clamav-clamd start
/usr/local/etc/rc.d/clamav-freshclam start

and edit /usr/local/etc/havp/havp.config as following :

USER havp
GROUP havp

DAEMON true

PIDFILE /var/run/havp/havp.pid

SERVERNUMBER 8
MAXSERVERS 20

ACCESSLOG /var/log/havp/access.log
ERRORLOG /var/log/havp/havp.log

LOG_OKS true
LOGLEVEL 1

SCANTEMPFILE /var/tmp/havp/havp-XXXXXX

TEMPDIR /var/tmp
TRANSPARENT false
PARENTPROXY localhost
PARENTPORT 3128

X_FORWARDED_FOR true

PORT 8080
BIND_ADDRESS 127.0.0.1

TEMPLATEPATH /usr/local/etc/havp/template/en

SCANIMAGES true
KEEPBACKTIME 5
ENABLECLAMLIB true
CLAMDSERVER 127.0.0.1
CLAMDPORT 3310

ENABLEFPROT false
ENABLEAVG false
ENABLEAVESERVER false
ENABLESOPHIE false
ENABLETROPHIE false
ENABLENOD32 false
ENABLEAVAST false
ENABLEARCAVIR false
ENABLEDRWEB false

In /usr/local/etc/squid/squid.conf you will need to add the following line :

cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default

and restart squid :

/usr/local/etc/rc.d/squid restart

These are the settings that work for me. You can always google a little bit, read the documentation and adjust it to your needs.