Squid ClamAV as ICAP Service

The following steps show how to install and chain SquidClamAV ICAP anti virus with Web Safety ICAP web filter. All instructions are run on virtual appliance for VMware vSphere/ESXi from our site.


SquidClamav is an antivirus for Squid proxy based on the Awards winnings ClamAv anti-virus toolkit. Using it will help you securing your home or enterprise network web traffic. SquidClamav is the most efficient Squid Redirector and ICAP service antivirus tool for HTTP traffic available for free, it is written in C and can handle thousand of connections. The way to add more securing on your network for free is at http://squidclamav.darold.net. Thanks a lot to Gilles Darold - SquidClamav developer and maintainer!

Step 1: Install Packages

In order to install all necessary packages run script 01_install.sh from this archive. Contents of this script are shown below. Scripts are also available from https://github.com/diladele/websafety-virtual-appliance/tree/release-5.0.0/scripts.clamav repository.


# check we are root
if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root" 1>&2
   exit 1

# stop immediately on any error
set -e

# install clamav
apt-get -y install clamav
apt-get -y install clamav-daemon

# install c-icap
apt-get -y install c-icap
apt-get -y install libicapapi-dev

# drop build folder for squidclamav
rm -R build/squidclamav 2>&1 > /dev/null || true

# make build folder
mkdir -p build/squidclamav

# decend into working directory
pushd build/squidclamav

# get it
wget http://downloads.sourceforge.net/project/squidclamav/squidclamav/6.16/squidclamav-6.16.tar.gz \
    && gunzip squidclamav-6.16.tar.gz \
    && tar -xvf squidclamav-6.16.tar

# configure and build the package
cd squidclamav-6.16 && ./configure --with-c-icap=/usr && make

# install it
make install

# revert

echo SUCCESS: squidclamav module is built and installed successfully!
echo SUCCESS: now run 02_configure.sh script to perform initial configuration.

Step 2: Configure SquidClamav

Now configure all services by running script 02_configure.sh from this archive. Contents of this script are shown below.


# check we are root
if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root" 1>&2
   exit 1

# patch /etc/default/c-icap (make c-icap autostart)
if [ ! -f /etc/default/c-icap.default ]; then
    cp -f /etc/default/c-icap /etc/default/c-icap.default
patch /etc/default/c-icap < c-icap.patch

# patch settings in c-icap.conf (enable squidclamav)
if [ ! -f /etc/c-icap/c-icap.conf.default ]; then
    cp -f /etc/c-icap/c-icap.conf /etc/c-icap/c-icap.conf.default
patch /etc/c-icap/c-icap.conf < c-icap.conf.patch

# patch settings in squidclamav.conf (disable redirect and DNS lookup)
if [ ! -f /etc/c-icap/squidclamav.conf.default ]; then
    cp -f /etc/c-icap/squidclamav.conf /etc/c-icap/squidclamav.conf.default
patch /etc/c-icap/squidclamav.conf < squidclamav.conf.patch

# good now restart all related services
systemctl stop clamav-daemon
systemctl stop c-icap

systemctl start clamav-daemon
systemctl start c-icap

# check status (must be running)
systemctl status clamav-daemon
systemctl status c-icap

echo SUCCESS: squidclamav module is configured successfully!
echo SUCCESS: now change ICAP integration settings in Web Safety Web UI
echo SUCCESS: Squid / ICAP / Integration. Set AV port to 1345 and
echo SUCCESS: REQMOD/RESPMOD paths to squidclamav

There are three patches mentioned in the above scripts. All of them are to be found in this archive. The patches make minor changes to configuration files of c-icap, squidclamav and clamav-daemon.

Step 3: Integrate SquidClamav and Web Safety

Finally to integrate SquidClamav and Web Safety into one ICAP chain, navigate to Admin UI / Squid Proxy / ICAP / Integration and check the Chain web filter with manually installed Anti-Virus service checkbox as indicated on the screenshot below.


Do not forget to click Save and Restart from Admin UI.