Squid, Dansguardian and ClamAV installation FreeBSD

Last Modified: 29-Apr-2009; 19:30 WST; adrian

This document covers some high level notes relating to a Squid + Dansguardian + ClamAV configuration under FreeBSD.

In this configuration, clients will speak directly to dansguardian. Dansguardian will then use ClamAV for virus scanning and Squid for caching and general internet access.

Server preparation

NTP

FreeBSD does not ship with NTP enabled by default; it is reasonably easy to enable this from a basic server install.

Add a basic server configuration to /etc/ntp.conf; for example:

	server 0.pool.ntp.org

Next, run ntpdate to ensure the time is current. For example:

	# ntpdate 0.pool.ntp.org

Then enable it on startup. Place the following in /etc/rc.conf:

	ntpd_enable="YES"

Finally start it now:

	# /etc/rc.d/ntpd start

Local caching BIND

FreeBSD ships by default with a recursive resolver which listens only on IPv4 localhost. It can easily be configured to start on boot by enabling it in /etc/rc.conf:

	named_enable="YES"

Start it using the init script:

	# /etc/rc.d/named start

Finally add the resolver in /etc/resolv.conf:

	server 127.0.0.1

ClamAV

Installation

I'm just using the FreeBSD-built binary port rather than installing it from source.

	# pkg_add -vr clamav

Basic Configuration

Configure the server to start by adding the following to /etc/rc.conf:

	clamav_clamd_enable="YES"
	clamav_freshclam_enable="YES"

Then start the server:

	# /usr/local/etc/rc.d/clamav-clamd

Updating via Freshclam

Run freshclam to pull down the initial updates and then start the background updater:

	# freshclam
	# /usr/local/etc/rc.d/clamav-freshclam

Squid-2.7

Installation

Configuration

Install Dansguardian from source

Initial Dansguardian configuration

Configuring urlblacklist.com blacklists

References