nedjelja, 9. siječnja 2011.

HAVP - HTTP Anti-Virus Proxy

Using the HAVP anti-virus proxy to protect from web attacks

HTTP Anti-Virus Proxy (HAVP) is such a proxy, and it supports the integration of multiple parallel scanners including those that are completely free or available to home users free of charge. It only takes a few steps to have HAVP and additional scanners installed and ready for action on a current system such as Ubuntu 10.04.

In Ubuntu, ClamAV can simply be installed by opening a Terminal Ctrl+Alt+T ;

$ sudo apt-get install clamav

and then manually running sudo freshclam once to update the signatures. Doing this means that the current signatures become available immediately; the service will download signature updates automatically once a day from then on.

For the next step, install HAVP by running

$ sudo apt-get install havp

Ubuntu will launch HAVP in the background, but with only a default configuration file. This file can be opened by running

$ sudo gedit /etc/havp/havp.config

To make HAVP accessible through the net and allow it to accept more than just local connections, the BIND_ADRESS 127.0.0.1 entry must be commented out with a hash sign (#) at the start of the line. Setting ENABLECLAMLIB to true tells HAVP that it can use the ClamAV scanner via the library function – other third-party scanners supported by HAVP listen on either TCP ports or on Unix domain sockets.

Enter

$ sudo /etc/init.d/havp restart

to integrate the custom configuration into HAVP. To run a first test in your web browser, enter the address of the server as the proxy and 8080 as the port. Launching the test files at Eicar.org should now provoke a HAVP alert in the browser window, warning you that ClamAV has detected a virus. So far so good, but unfortunately the detection rates of ClamAV is relatively low compared to other scanners. Thankfully, version 0.91 of HAVP also supports the Linux version of the virus scanner by vendor AVG Technologies, which is freely available to home users and provides more respectable detection results.

http://www.h-online.com/security/features/Using-the-HAVP-anti-virus-proxy-to-protect-from-web-attacks-1071574.html
Objavio/la u

Nema komentara:

Objavi komentar

Pretplati se na: Objavi komentare (Atom)