I've made some minor changes to this patch based on feedback and research. The following is the list of changes:
- Reconfigured clamav with the right driver. Reading dansguardian documentation, I discovered that I was using the deprecated driver for clamav contenscanner. I don't know why package dansguardian depend on clamav and not clamav-daemon but I updated this configuration as recommended. Virus scan was tested using the recommended method.
- Configured squid as transparent proxy. This one is still pending to see if it works. At my job in a VM I can't test it, at home I've been unable. Maybe this weekend. Or anyone in the community that can test if its working? Theory says that you run this one on a server and clients should get proxied transparently. I didn't like the idea of ARP Spoofing as it's a kind of hacker attack, we don't want to end up bringing a hacker appliance for the bad guys. You can make all kind of nasty things with this working on a network. So lets try transparent proxy to see if that suits our needs.
- Removed wdap support. Yes, I read it never became a standard, and it works in some browsers and not in others, and configuration needs more hacking, so I just removed it in the hope that transparent proxy will do the trick.
- Added extra iptables rules to prevent circumventing
Important: [added 30/09/2010]
This appliance is affected by the bug in turnkey core that prevent's the system to get a Nameserver. That said, please check that you got a nameserver from your dchp server. If not, refresh network settings, and restart squid. If you start without internet, squid won't work as it should. This is important to take in consideration for your tests. Of course, this wont be an issue when the final turnkey core is out.
What it does
HOSTNAME=proxy echo "$HOSTNAME" > /etc/hostname sed -i "s|127.0.1.1 \(.*\)|127.0.1.1 $HOSTNAME|" /etc/hosts hostname proxy
install squid3 squid3-cgi squid3-client sarg webmin-squid webmin-sarg webmin-firewall clamav-daemon dansguardian
sed -i "s|#contentscanner = '/etc/dansguardian/contentscanners/clamdscan.conf'|contentscanner = '/etc/dansguardian/contentscanners/clamdscan.conf'|" /etc/dansguardian/dansguardian.conf
sed -i "s/http_port 3128/http_port 127.0.0.1:3128 transparent/" /etc/squid3/squid.conf
usermod -a -G dansguardian clamav
service clamav-freshclam stop service dansguardian stop service squid3 stop service apache2 stop