2018-01-30 10:40:13 +00:00
|
|
|
==================================================
|
|
|
|
Setup Anti Virus Protection using OPNsense Plugins
|
|
|
|
==================================================
|
2018-11-08 19:59:18 +00:00
|
|
|
OPNsense can offer HTTP and HTTPS protection by utilizing its highly flexible
|
2018-01-30 10:40:13 +00:00
|
|
|
proxy and the industry standard ICAP. An external engine from one of the known
|
|
|
|
vendors is used to offer maximum protection against malware, such as ransomware,
|
2018-11-07 16:45:54 +00:00
|
|
|
trojans and viruses. This protection can be further enhanced by the built-in Intrusion
|
2018-01-30 10:40:13 +00:00
|
|
|
Prevention System and Category Based Web filtering.
|
|
|
|
|
|
|
|
This How To will use the Plugins C-ICAP and ClamAV.
|
|
|
|
|
|
|
|
.. Note::
|
|
|
|
The Anti Virus Engine can protect you against malicious websites and infected
|
|
|
|
file downloads, it does not protect the local clients. Therefore it is always
|
|
|
|
a good idea to install a client based solution as well to protect against other
|
|
|
|
forms of infection such as through emails or usb stick if they are not analyzed
|
|
|
|
as well.
|
|
|
|
|
|
|
|
.. Note::
|
|
|
|
Note that there is still another attack vector called social engineering.
|
|
|
|
Most attacks would fail without the help of an internal human whose trust
|
|
|
|
is exploited. An active scanner is only a part of the security concept.
|
|
|
|
|
|
|
|
Step 1 - Setup the Proxy
|
|
|
|
------------------------
|
|
|
|
Start with setting up the proxy with its basic configuration, see :doc:`cachingproxy`.
|
|
|
|
|
|
|
|
Step 2 - Setup Transparent Mode
|
|
|
|
-------------------------------
|
|
|
|
To setup the transparent mode, see: :doc:`proxytransparent`.
|
|
|
|
|
|
|
|
Step 3 - Install and Configure the ClamAV and the C-ICAP plugins
|
|
|
|
----------------------------------------------------------------
|
|
|
|
|
|
|
|
.. Note::
|
|
|
|
The defaults from c-icap and ClamAV (vendor defaults) are used.
|
|
|
|
Please keep in mind that changing may affect security or performance.
|
|
|
|
If you don't know how a setting is affecting your network,
|
|
|
|
you should keep it at the default.
|
|
|
|
|
|
|
|
- :doc:`clamav`
|
|
|
|
- :doc:`c-icap`
|
|
|
|
|
|
|
|
|
|
|
|
Step 4 - Configure ICAP
|
|
|
|
-----------------------
|
2019-03-06 17:27:21 +00:00
|
|
|
To configure ICAP go to :menuselection:`Services --> Proxy --> Administration` and select **ICAP Settings**
|
2018-01-30 10:40:13 +00:00
|
|
|
for the **Forward Proxy** tab.
|
|
|
|
|
2018-11-09 12:52:31 +00:00
|
|
|
Select enable ICAP and filling the Request and Response URLs.
|
2018-01-30 10:40:13 +00:00
|
|
|
For the C-ICAP plugin, the default URLs will be:
|
|
|
|
|
|
|
|
======================== =========================
|
|
|
|
**Request Modify URL** icap://[::1]:1344/avscan
|
|
|
|
**Response Modify URL** icap://[::1]:1344/avscan
|
|
|
|
======================== =========================
|
|
|
|
|
|
|
|
Now click on **Apply**
|
|
|
|
|
|
|
|
Step 5 - Test using EICAR
|
|
|
|
-------------------------
|
2019-10-29 16:30:07 +00:00
|
|
|
To test if the engine is operational and functional go to http://www.eicar.org/?page_id=3950
|
2018-01-30 10:40:13 +00:00
|
|
|
on this page you will find several files you can test.
|
|
|
|
|
2018-11-08 19:59:18 +00:00
|
|
|
First test the HTTP protocol version. If that works, test the HTTPS version if you
|
|
|
|
have also configured the transparent SSL proxy mode.
|
2018-01-30 10:40:13 +00:00
|
|
|
|
|
|
|
.. Warning::
|
|
|
|
**IMPORTANT NOTE** :
|
|
|
|
YOU DOWNLOAD THESE FILES AT YOUR OWN RISK!
|
|
|
|
|
|
|
|
|
|
|
|
**DONE**
|