Dansguardian is a content filter that is easy to set up and configure with your preferences including the ability to scan http access with clamav. The main concept behind content filtering is that the application will read the text, evaluate images and types of file extensions before the client has access. This has the advantage of stopping unacceptable content before the user has access and preventing harmful file access.
sudo apt-get install dansguardian clamav-daemon
Once Dansguardian is installed you will have a directory /etc/dansguardian that shows this content.
authplugins dansguardian.conf downloadmanagers lists
contentscanners dansguardianf1.conf languages
The ,main configuration file is dansguardain.conf. This file needs to be modified so that this line is either commented out or removed.
#UNCONFIGURED – Please remove this line after configuration
You do not need to make any other adjustments to this configuration file to get it to work. As you can see below, once you implement Dansguardian you will be using two ports, 3128 so that Dansguardian can talk to Squid and port 8080 so the client can talk to Dansguardian. The illustration shows how this works. The important implication is that you now need to alter the client so it listens on port 8080 not 3128.
# the port that DansGuardian listens to.
filterport = 8080
# the ip of the proxy (default is the loopback – i.e. this server)
proxyip = 127.0.0.1
# the port DansGuardian connects to proxy on
proxyport = 3128
You should see that the server is listening on two ports with netstat.
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN
Once you have commented out the necessary line in the dansguardian.conf you must restart squid and Dansguardian. Next, adjust your client to listen on the correct port.
Here is the client adjusted to listen on port 8080.
You also have the ability to scan files for virus activity with clamav. Check to see if clamav is available with this command.
ps -ef | grep clamav
clamav 14054 1 0 07:00 ? 00:00:00 /usr/bin/freshclam -d –quiet
clamav 14978 1 0 14:27 ? 00:00:00 /usr/sbin/clamd
The configuration files in /etc/dansguardian, dansguardain.conf and dansguardianf1.conf are both well commented and provide a lot of options. In the dansguardian.conf you will find these options that are commonly adjusted.
You can either block all downloads or follow the lists and select specific file types you will not all ow to be downloaded.
blockdownloads = off
exceptionextensionlist = ‘/etc/dansguardian/lists/exceptionextensionlist’
exceptionmimetypelist = ‘/etc/dansguardian/lists/exceptionmimetypelist’
bannedextensionlist = ‘/etc/dansguardian/lists/bannedextensionlist’
bannedmimetypelist = ‘/etc/dansguardian/lists/bannedmimetypelist’
The content is rated using a numbering system, which you can adjust, and once content is evaluated and goes over the “naughtynesslimit” the content is denied. So you can adjust the number which is that top limit with this setting, increase the number for greater access.
naughtynesslimit = 50
The lists directory contains a list of files that can be adjusted to your requirements. These files include text files that are easy to adjust in terms of ratings for terms, file types, etc. The files are one of three types; banned, exceptions or lists of terms and weights for those terms. These should be easy enough to modify as they are heavily comments.