Giter Site home page Giter Site logo

Comments (6)

mahnouman avatar mahnouman commented on July 24, 2024

Hello @leezhihui can you please share your config.toml file, please remove API keys from it first, thank you.

from icapeg.

leezhihui avatar leezhihui commented on July 24, 2024

title = "ICAPEG configuration file"

[app]
log_level = "debug" # the log levels for tha app, available values: info-->logging the overall progress of the app, debug --> log everything including errors, error --> log infos and just errors
port = 1344
max_filesize = 10000000 #bytes
resp_scanner_vendor = "virustotal" # Supported vendors for respmod of ICAP: "virustotal", "metadefender" , "vmray" , "clamav" , "none"- none specifies, respmod will be bypassing everything
req_scanner_vendor = "none" # Supported vendors for reqmod of ICAP: "virustotal" , "vmray",
resp_scanner_vendor_shadow = "none"
req_scanner_vendor_shadow = "none"
bypass_extensions = ["*"]
process_extensions = ["txt" , "pdf" , "dmg" , "exe" , "com", "rar" , "unknown"] # * = everything except the ones in bypass, unknown = system couldn't find out the type of the file
preview_bytes = "0" #bytes
propagate_error = true

[icap_something]
base_url = "icap://127.0.0.1:1345"
reqmod_endpoint = "/reqmod-icapeg"
respmod_endpoint = "/respmod-icapeg"
options_endpoint = ""
timeout = 50# seconds, the whole allowed life span of an ICAP request

[icap_somethingelse]
base_url = "icap://127.0.0.1:1346"
reqmod_endpoint = "/reqmod-icapeg"
respmod_endpoint = "/respmod-icapeg"
options_endpoint = ""
timeout = 50# seconds, the whole allowed life span of an ICAP request

[virustotal]
base_url = "https://www.virustotal.com/vtapi/v2"
file_scan_endpoint = "/file/scan"
url_scan_endpoint = "/url/scan"
file_report_endpoint = "/file/report?apikey=%s&resource=%s"
url_report_endpoint = "/url/report?apikey=%s&resource=%s"
api_key = ""
timeout = 50 #seconds
fail_threshold = 2
status_check_interval = 2 #seconds, the time interval after which the submission status check will be called
status_check_timeout = 300 #seconds, the total time duration after which the the status check should be stopped, if not finished
bad_file_status = ["malicious"]
ok_file_status = ["ok"]

[metadefender]
base_url = "https://api.metadefender.com/v4"
scan_endpoint = "/file"
report_endpoint = "/file"
api_key = ""
timeout = 10 #seconds
fail_threshold = 2
status_check_interval = 2 #seconds, the time interval after which the submission status check will be called
status_check_timeout = 300 #seconds, the total time duration after which the the status check should be stopped, if not finished
bad_file_status = ["malicious"]
ok_file_status = ["clean"]

[vmray]
base_url = "https://cloud.vmray.com/rest"
submit_endpoint = "/sample/submit"
get_sample_endpoint= "/sample"
submission_status_endpoint = "/submission"
timeout = 10 #seconds , the timeout duration for all the api calls for vmray
status_check_interval = 2 #seconds, the time interval after which the submission status check will be called
status_check_timeout = 300 #seconds, the total time duration after which the the status check should be stopped, if not finished
bad_file_status = ["malicious", "suspicious", "blacklisted"]
ok_file_status = ["not_suspicious" , "whitelisted", "unknown"]
api_key = ""

[clamav]
socket_path = "/var/run/clamav/clamd.ctl"
wait_timeout = 10 #seconds, the time upto which the server will wait for clamav to scan the results
bad_file_status = ["malicious"]
ok_file_status = ["ok"]

from icapeg.

leezhihui avatar leezhihui commented on July 24, 2024 
	// preparing the file meta informations
	filename := utils.GetFileName(req.Request)
	fileExt := utils.GetFileExtension(req.Request)
	fmi := dtos.FileMetaInfo{
		FileName: filename,
		FileType: fileExt,
		FileSize: float64(buf.Len()),
	}

in func ToICAPEGResp(w icap.ResponseWriter, req *icap.Request) {}

why we get null filename and fileExt?

from icapeg.

leezhihui avatar leezhihui commented on July 24, 2024

i clone an old commit branch, the commit id is 347b859

below is the squid.conf, I guess the req.request is the url in squid.conf icap://127.0.0.1:1344/respmod-icapeg

acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
include /etc/squid/conf.d/*.conf
http_access allow localhost
http_access allow localnet
http_access deny all

icap_enable on
icap_service service_resp respmod_precache icap://127.0.0.1:1344/respmod-icapeg
adaptation_access service_resp allow all
http_port 3128 ssl-bump cert=/etc/squid/squid.pem generate-host-certificates=on dynamic_cert_mem_cache_size=8MB
sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 8MB
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all

sslproxy_cert_error deny all
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern /(Packages|Sources)(|.bz2|.gz|.xz)$ 0 0% 0 refresh-ims
refresh_pattern /Release(|.gpg)$ 0 0% 0 refresh-ims
refresh_pattern /InRelease$ 0 0% 0 refresh-ims
refresh_pattern /(Translation-.*)(|.bz2|.gz|.xz)$ 0 0% 0 refresh-ims
refresh_pattern . 0 20% 4320
dns_v4_first on
cache_mem 512 MB

cache deny all

from icapeg.

leezhihui avatar leezhihui commented on July 24, 2024

filetype and filename is null
file blocked by icapeg and clamav

from icapeg.

leezhihui avatar leezhihui commented on July 24, 2024

Hi, I know some about the null Filename,
the reason is we deploy the squid service and icap service on the same server.

from icapeg.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.