INSTALLATION ============ compile binary: tar xfj squclac-x.y.z.tar.bz cd squclac-x.y.z make cp squclac /usr/local/squid/bin/ # or any other place where squid can execute it create config file, place in /etc or and make sure it is readable by squid user. copy squclac binary in some place accessible by squid and verify that squid user have +rx persmission. edit squid.conf, so first place is redirect_programm redirect_program /usr/local/squid/bin/squclac redirect_children 10 now find line: acl localhost src 127.0.0.1/255.255.255.255 and somewhere after this line add: redirector_access deny localhost make sure localhost can use proxy server, because redirector will use your proxy server as 127.0.0.1:8080. If your proxy server is running on diferent port use configuration directive proxy. to allow access from localhost, put something like that on squid.conf: http_access allow localhost restart or reconfigure squid, and check the squclac log file. USAGE ===== If you change configuration file, you do not need to reconfigure squid, because it will impact performace. It is not necesary to kill all redirecors. Just send SIGHUP to all of them. On SIGHUP redirectors reloads configuration file and checks for new clamav db version. normaly there are muliple instances of squclac redirector, and it is easy to send SIGHUP to all of them with pkill: pkill -HUP squclac If you start squclac from shell, hopefuly you do it for testing purposes. To get out of it, press ctrl-d, so pressing ctrl-c will not exit. minsize, maxsize and timeout explanation: ----------------------------------------- maxsize - if file is biger than this, it is not scaned, but pased or blocked. if it is possible to determine size before download, file will not be downloaded. There are many situatiations when size can't be determined before download, so when this situation is meet, squclac will try to download it and when maxsize is reached, download is stoped and file is passed. if file size is under maxsize, then size and timeout parameters are used. minsize - file size to download, only after this size timeout timer will start to count. usualy virus is small file. if it is served from slow connection using only timout can pass viruss, thats why minsize is used. timeout - after size bytes are downloaded, timer start to count, and if its value is reached, download is stoped and file is passed or blocked. So the maximal scaned sizes depends on your connection speed and load. [ size | timout --> | ................. | maxsize ] now you can define what to do with files bigger than timeout. They can be passed or blocked for some of users or ips: example: # set default timeout action to redirect timeout action redirect; # add some src/dst timeout exeption whitelist; timeout exeption good_clients; troubleshooting --------------- strange behaviors: * cpu load getting high, pattern mathed urls does not load at all, squid reloads redirectors all the time possibly some of squid logfiles readhed size 2Gb, do ./squid -k rotate * all redirector processes get busy possibly you have slow internet connection, then get faster one. users are using slow wep pages, add pages to whitelists, change pattern.