antivirus

[nick76]

hello all,
I'm totally new to OPNSense... I'm trying to move from Sophos UTM home. I wish to add (or extend) the OPNSense with the Antivirus during webfilter. I saw the page where illustrates how to configure the symantec ICAP server.
but a question: where do I find an ICAP server free? how does it costs the ICAP? where should I find the ICAP of Symantec (for example)?
thank you very much
best regards
Nicola

[fabian]

Hi Nicola,

ICAP is a network protocol which can be implemented by anyone (there is a RFC for that).
There are free ICAP servers around like c-icap or mine (ICAPrb::Server). You can use clamav with c-icap (maybe this link helps you: http://squidclamav.darold.net/) if you want an open source scanner.
If you want or are required to use a commercial product, many vendors provide them as their gateway products. You may have to look at the documentation if they support scanning via ICAP.

Kind regards

Fabian

[nick76]

Hi Fabian,
thank you very much for your reply. so afaik I've to install (googling for c-icap project) the clam-av on my OPNSense server? is it correct?
Should I follow the instructions I find searching for c-icap (the sourceforge one) or there's something else I need to follow?
thank you very much. I really appreciate.
best regards
Nicola

[fabian]

Hi Nicola,

Because it is not in the repository (https://github.com/opnsense/tools/blob/master/config/16.7/ports.conf), you will need to compile it by yourself or ask Franco to add it to the OPNsense repository. I used the description on the website of c-icap when i compiled it to create the ICAP configuration page of OPNsense. This was in February this year so it should still work. Keep in mind that such a software is NOT updated by the firmware page and  you will need to configure it by hand.

It may be a better idea to install it on a second machine.
For example, you would have to install this packages on archlinux:
https://aur.archlinux.org/packages/c-icap/
https://aur.archlinux.org/packages/c-icap-modules/
https://www.archlinux.org/packages/extra/x86_64/clamav/


Kind regards

Fabian

[franco]

Hi there,

We do not consider ICAP servers essential to the mission of OPNsense, so there will be no binary packages for them.

You can always build them yourself from the ports tree.


Cheers,
Franco

[kyferez]

That's unfortunate :( Would be nice to have something all-in-one for very small 3-5 user deployments...

[monstermania]

That's unfortunate :( Would be nice to have something all-in-one for very small 3-5 user deployments...

If you looking for that feature you can choose i.e.
- pfsense
- ipfire
- endian comunity

[franco]

It would be nice, yes, that's why we have plugins so third parties can add their features: https://github.com/opnsense/plugins#about-the-opnsense-plugins

From a core mission perspective this is and will likely always be out of scope.


Cheers,
Franco

[kyferez]

It would be nice, yes, that's why we have plugins so third parties can add their features: https://github.com/opnsense/plugins#about-the-opnsense-plugins

From a core mission perspective this is and will likely always be out of scope.


Cheers,
Franco

While I can understand that perspective, it takes a LOT of work to make a third party solution viable. I should know, I just got it working and it took 3 days just to fully document the process after I had it working which took over a week.

Here's the guide: http://www.tcptechs.com/opnsense-transparent-caching-filtering-proxy-with-virus-scanning/

Thanks!

[fabian]

Your guide is dead: "Sorry, your request cannot be accepted."

[kyferez]

Your guide is dead: "Sorry, your request cannot be accepted."

Sorry, was due to rules I had on my site. You should be able to access now.