c-icap project PDF
Tuesday, 28 August 2007

About c-icap

c-icap is the implementation of an ICAP (Internet Content Application Protocol) server.
 For more information you can read RFC for ICAP at: http://www.ietf.org/rfc/rfc3507.txt

c-icap installation

In order to install c-icap from ports:

cd /usr/ports/www/c-icap
make install

c-icap configuration

After installation you can test c-icap by running:


Getting no error is good, after executing the previous line, you can check if c-icap process is still running. If not, there might be a problem with config file (/usr/local/etc/c-icap.conf).

To debug c-icap run it with the following parameters:

/usr/local/bin/c-icap -N -D -d 10

(-N will run c-icap in foreground, -D will write messages to standard output, -d 10 will enable full debuging informations)

Then, create a config file for c-icap:

touch /usr/local/etc/c-icap.conf

and add the following lines:

# ---------- c-icap.conf ----------
acl localsquid_respmod src type respmod
acl localsquid src
acl externalnet src
icap_access allow localsquid_respmod
icap_access allow localsquid
icap_access deny externalnet
ServerLog /var/log/icap-server.log
AccessLog /var/log/icap-access.log

# ---------- end c-icap.conf ----------

c-icap testing

To test c-icap we will use icap-client:


You should get something like this:

ICAP server:localhost, ip:, port:1344


        Allow 204: No

        Preview: 0

        Keep alive: Yes


        ICAP/1.0 404 Service not found

To check a file for viruses:

/usr/local/bin/icap-client -f /home/admin/viruses/infected_file -s "srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple"


The last step is to configure Squid.

Configure Squid

You must compile squid with c-icap support by adding "--enable-icap-support" to squid ./configure line.

After compiling and installing Squid, you will need to add the following lines to Squid.conf:

icap_enable          on
icap_preview_enable  on
icap_preview_size    128
icap_send_client_ip  on
icap_service         service_avi_req reqmod_precache 0 icap://localhost:1344/srv_clamav
icap_service         service_avi respmod_precache 1 icap://localhost:1344/srv_clamav
icap_class           class_antivirus service_avi service_avi_req
icap_access          class_antivirus allow all

More info can be found on c-icap project website: http://c-icap.sourceforge.net
Also a tutorial for installing Squid + Clamav + c-icap can be found here: http://www.freebsdonline.com/content/view/345/354/

Last Updated ( Tuesday, 28 August 2007 )

Other BSD Systems





Best BSD firewall?