Pre-requirements:
- You’ve installed PFSense v2.3.2
- You’ve setup PFSense
- You’ve installed/setup your squid proxy on PFSense
Lets get started!
Now that you have PFSense installed, setup, and SQUID running on it, something else that you might want to consider doing is enabling the SQUID Antivirus function to scan all traffic passing through the proxy. Assuming that you have the transparent mode enabled, that would be all internet traffic on the network.
To get started, log into your PFSense webGUI, and go to the “Squid Proxy Server” page from the “Services” tab on the menu bar. Once the page has loaded, click on the Antivirus tab at the top..
Options that we will edit on this page:
- Enable: check
- enable the very first check box on this page to enable the service.
- Google Safe Browsing: check
- Exclude Audio/Video Streams: check (optional)
- I have found that audio and video streams rarely have viruses. This option is up to you but I chose to exclude them from the scans.
- ClamAV Database Update: Every Hour
- Regional ClamAV Database Update Mirror: United States (or respective location)
- “Save” the page
Now, once again, I like to reference the “Services” page from the “Status” menu tab to ensure that it has started running..
There you have it! You have successfully activated the ClamAV antivirus for your Squid Proxy Server.
Please Note: In previous installations, the antivirus function hasn’t started running right away. This was caused by the database not being fully updated yet. If you check the “enable” box and save, and yet notice that the services page reflects that it isn’t running yet, wait a little while and try to restart it. The database downloads can take a while the first time which would cause a delay in the antivirus actually starting.
What happens when your antivirus detects a virus?
The following is a screen shot from a test I preformed on my ClamAV. I intentionally decided to download a virus test file to make sure it was working. When ClamAV detects a virus, you’ll get the following screen on your web browser..