I have been very happy with my current Firewall setup of iPfire (ipfire.org). The system has done a great job of performance and security. I use many features from Squid, Snort, openVpn, and others. I even tried the TOR proxy routing.
This weekend with lots of family over for Thanks Giving it was great to watch the proxy reports and see savings on bandwidth and show performance.
Setup ClamAV on iPfire
I decided to add ClamAV (clamav.net) to the iPfire mix. ClamAV is an opensource antivirus engine, it can run on the firewall and inspect files that go through.
To add a package to the iPfire firewall is really easy, login and then select the addons you would like. I followed this guide on the iPfire Wiki (ClamAV Addon)
- Login to the admin
- Menu | ipfire -> Pakfire
- Select ClamAV and SquidClamAV (you need to add both)
- Select the + sign and then do the install –> (arrow)
Once this was completed I tested out the setup to make sure it worked. I went to this url to test. I decided the default message when you receive a virus or warning was a bit generic. I set out to modify the warning page.
Steps to Modify ClamAV warning message
When you do detect a virus the clamAV system posts a message on the firewall “http://127.0.0.1:81/clwarn.cgi” This page displays a warning message.
The above is my customized message. I changed the image and also wording. To make these changes you must first edit a few files. The main configuration file for squidclamav is located at “/etc/squidclamav.conf”
Change the Text
The page you need to edit is called “clwarn.cgi” it is located in the following location:
/srv/web/ipfire/html/clwarn.cgi
Warning before you edit any files make a backup
Once you open the file you will see the makeup of the HTML. The text I changed was the “contact area” and “access to the request area”
Change Image
I decided that I wanted a different image. The image for the page is located at:
/srv/web/ipfire/html/images
I made a new image and changed the HTML inside clwarn.cgi. To change the file you just need to edit the line
<td colspan=’3′ width=’100%’ height=’130′ align=”center”
background=”http://$netsettings{‘GREEN_ADDRESS’}:81/images/background.gif”>
Replace background.gif with any file you would prefer.
Summary
ClamAV / SquidClamAV add a little overhead but I believe the safety and usefulness is worth it. Since the iPfire system is a great tool a little customization to allow the message to be more informative (for my kids) is both useful and fun.
ClamAV is like § Symbol…it exist but no one needs it.
i would like it to integrate Sophos Engine (its free) in IpFire.