[clamav-users] Can I deploy the virus database to our intranet?

[Paul Kosinski]

We use 'HTTPi' as the basis of a very simple Perl-powered mechanism to
proxy the ClamAV CVD files on our small LAN. We have it listening on a
dedicated TCP port via xinetd (a very handy 'server' for simple
services one wants to make network accessible).

HTTPi (http://www.floodgap.com/httpi/) is *much* lighter weight than
Squid, Apache or Nginx, and is basically a simple CGI engine. Xinetd
and, of course, Perl are available in most Linux distros.


Some details follow.
 
In our freshclam.conf file are lines equivalent to:

  HTTPProxyServer 10.1.2.3
  HTTPProxyPort 10123


And in our xinetd.conf file (on, e.g., 10.1.2.3) is the analogue to:

  service chowder
  {
	type		= UNLISTED
	port		= 10123
	bind		= 10.1.2.3
	only_from	= 10.1.2.0/24
	socket_type	= stream
	protocol	= tcp
	wait		= no
	user		= clamav
	group		= clamav
	server		= /opt/clamav/bin/clamavproxy.pl
	server_args	= serve-clam
	instances	= 5
 	log_on_success	=
  }

(We compile the new versions of ClamAV and keep them in '/opt', with
a symbolic link 'clamav', so we can reduce risk when upgrading.)


Finally, in our clamavproxy.pl (based on an old version of HTTPi) is
the code:

  if ($method eq 'GET' && $address =~ m(^/(bytecode|daily|main).cvd$)i)
  {
    $file = "$1.cvd";
    $data = `/bin/cat /opt/clamav/share/clamav/$file`;
    &htsponse(200, "OK");
    &htcontent($data, "application/octet-stream");
  }