
------------------------------------------------------------------------

The configuration parameters of c-icap appear in the file c-icap.conf.
This configuration file usually exists in the directory
install-prefix/etc/, where install-prefix is where the c-icap server
has been installed. The installation path is specified during the
initialization of the compilation procedure, after running the
configure script:

      ./configure --prefix=install-prefix

The content of the configuration file has the form:

      DIRECTIVE arg1 arg2 arg3...

The c-icap server supports modules (currently, loggers and service
handlers), and services. A configuration parameter of a module or a
service has the form MODULENAME.DIRECTIVE, where MODULENAME is the
name of the module or service, and DIRECTIVE is the name of the
configuration parameter. A service or module must be loaded by using the
configuration parameters Module and Service so that its
configuration parameters can be accepted.

As an example, view c-icap.conf in the directory of the source
distribution. This file was produced from c-icap.conf.in after running
the configure script.


    Configuration parameters

Currently, the following configuration parameters are supported.

PidFile pid_file: the file to store the pid of the main process of
the c-icap server.

Timeout secs: the time in seconds after which a connection without
activity can be cancelled.

KeepAlive boolean: boolean can be either on to enable the
feature or off to disable it. If the feature is enabled, then the
c-icap server tries not to close the connection with the ICAP client,
but it waits for more requests tunnelled through it. This feature can
improve the communication speed between the ICAP client and the c-icap
server.

KeepAliveTimeout secs: the maximum time in seconds waiting for a new
requests. If the value is set it to -1, there is no timeout.

StartServers num: the initial number of server processes. Each
server process generates a number of threads, which serve the requests.
This parameter will be renamed as StartChilds.

MaxServers num: the maximum number of server processes.

MinSpareThreads num: if the number of the available threads is less
than num, the c-icap server starts a new child.

MaxSpareThreads num: if the number of the available threads is more
than num then the c-icap server kills a child.

ThreadsPerChild num: the initial number of threads per child process.

MaxRequestsPerChild num: the maximum number of requests that a child
process can serve. After this number has been reached, process dies. The
goal of this parameter is to minimize the risk of memory leaks and
increase the stability of c-icap. It can be disabled by setting its
value to 0.

Port port: the port number that the c-icap server uses to listen to
requests. The default value is 1344.

User user: the user owning c-icap's processes. By default, the owner
is the user who runs the program.

Group group: the group of users owning c-icap's processes, which, by
default, is the group of the current user.

LoadMagicFile file: file is the is the magic file where defined
the types of files and the groups of file types. If fileomited, the
default "c-icap.magic" file used which must exists in configuration
directory.
Predifined data types are ASCII, ISO-8859, EXT-ASCII, UTF (not
implemented yet), HTML which are belongs to TEXT predefined group and
BINARY which belongs to DATA predefined group.
The line format of magic file is:

offset:Magic:Type:Group:Short Description

Look at the default "c-icap.magic" file for more info.

TmpDir dir: dir is the location of temporary files.

Max_mem_object bytes: the maximum memory size in bytes taken by an
object which is processed by c-icap . If the size of an object's body is
larger than the maximum size a temporary file is used. Currently, two
different types of body storage are supported by c-icap: (1) ci_membuf,
which stores all the data in the memory and is used by the echo example
service, and (2) ci_cached_file, which makes use of the Max_mem_object
parameter.

ServerLog filename: the file used by the build-in logger
file_logger to store debugging information, errors and other
information about the c-icap server.

AccessLog filename: the file used by file_logger to store access
information.

DebugLevel level: the level of debugging information to be logged.
The acceptable range of levels is between 0 and 10.

AclControllers access_controler1,access_controler2 ...: The access
controlers and the order in which will be used. Currently exists only
the buildin "default_acl" controler but someone can implement one. The
access controler must be loaded using the "Module" directive before used
here.

AuthMethod http_auth_method authenticator: The authentication method
and authenticator which will be used. The argument http_auth_method
defines the authentication method and can be basic for basic http
authentication method or digest for digest http authentication method.
Currently only the basic authentication method is implemented.
The argument authenticator is the authenticator which will be used.
The authenticators in practice implements the user/password
storage/retrieval. Currently none authenticator is implemented, but
someone can write one and load it as a module.

ModulesDir dir: the location of modules.

Module moduletype filename: it loads the module filename. The
argument moduletype is the type of the module. Currently, it can be
service_handler, logger, access_controller,auth_method or
authenticator. The argument filename is the file name of the module.
If the file name begins with character '/', then it is considered as a
full path name. Otherwise, it is considered as a path relative to
ModulesDir.

ServicesDir dir: the location of services.

Service servicename filename: it loads the service filename. The
argument servicename is not currently used. Also, only the services
srv_echo.so and srv_clamav.so have been implemented. However, a user can
implement its own modules.

Logger logger: the logger that we want to use. Currently,
file_logger, which is a build-in logger, and sys_logger, which has been
implemented as module are supported. file_logger is the default logger.




The sys_logger module
--------------------

The sys_logger module has two configuration parameters:

sys_logger.Prefix string: string is be presented in every syslog
message.

sys_logger.Facility facility: facility specifies the facility type
of syslog. It can be one of the following: daemon, user, local0,
local1, local2,... local7.


The default_acl internal access controler
-----------------------------------------

This is the internal access controller. To enable it you must use the
directive AclControllers. The configuration procedure is similar whith
this of squids acl lists. The configuration parameters are only two:

default_acl.acl  name spec: Defines an acl_spec. The name is the
name of this acl_spec. The spec is the description of this acl_spec
and can consist of one ore more of the folowings:

    * src ip[netmask]: Defines the ip of the client
    * srvip ip: Defines the ip of the server. By default the c-icap
      server listens to all available network interfaces for requests.
      You can use this directive to limit access on some of them.
    * type options|respmod|reqmod : Defines the type of requests.
    * service service_name: Defines the name of the service
    * user username : Defines the username.If username is "*" then
      this spec applies to all users. 

default_acl.icap_access policy acl_spec: Defines the policy to be
accepted on the acl_spec, which previously defined by a
default_acl.acl directive. The policy can be one of the:

    * allow: Allow the requests which mahtch this acl_spec to use
      the c-icap server
    * deny: Deny access to the requests which match this acl_spec
    * http_auth:Require http proxy authentication for requests which
      match this acl_spec
    * log: Log these requests
    * nolog:Do not log these requests. 





The service srv_clamav
----------------------

Currently, the srv_clamav service has the following configuration
parameters:

srv_clamav.ScanFileTypes type1 type2 ...: the list of file types or
groups of file types which will be scanned for viruses. For supported
types look at LoadMagicFile parameter. .

srv_clamav.MaxObjectSize  size: The maximum size of files which will
be scanned by clamav.You can use K and M indicators to define size
in kilobytes or megabytes.

srv_clamav.SendPercentData percentage: the percentage of data that
can be sent by the c-icap server before receiving the complete body of a
request.
This feature in conjuction with the folowing can be usefull becouse if
the download of the object takes a lot of time the connection of web
client to proxy can be expired. It must be noticed that the data which
delivered to the web client maybe contains a virus or a part of a virus
and can be dangerous. In the other hand partial data (for example 5%
data of a zip or an exe file) in most cases can not be used.
Set it to 0 to disable this feature.

srv_clamav.StartSendPercentDataAfter size: Only if the object is
bigger than size then the percentage of data which defined by
SendPercentData sent by the c-icap server before receiving the complete
body of request.

srv_clamav.ClamAvTmpDir dir: clamav's temporary directory.

srv_clamav.ClamAvMaxFilesInArchive num: Sets the maximum number of
files in archive. Used by clamav library. Set it to 0 to disable it.

srv_clamav.ClamAvMaxFileSizeInArchive size: Sets the maximal
archived file size. Used by clamav library. Set it to 0 to disable it.

srv_clamav.ClamAvMaxRecLevel level: The maximal recursion level.
Used by clamav library.Set it to 0 to disable it.

The following directives are related with an experimental mode which I
call "viralator like" mode. The srv_clamav service checks the type of
file and if it included in VirScanFileTypes list (see below) download
the file localy and sends to the web client messages about the progress
of download. After the download completed it sends a message with the
web location where the downloaded file stored.

srv_clamav.VirScanFileTypes type1 type2 .....: The list of file
types and groups of file types, for which this mode must be used.

srv_clamav.VirSaveDir dirname:The directory where the downloaded
files stored.Must be a directory where a web server has access.

srv_clamav.VirHTTPServer url:The url which used by the web client to
retrieve downloaded file. The file where the download stored can has
diferent name than the original, if a file with the same name exists in
the directory. In the url the "%f" can be used to specify the real
name of downloaded file.
You can use the small cgi program "get_file.pl" which exists in contrib
directory of c-icap distribution.An example of its usage is:

srv_clamav.VirHTTPServer "http://fortune/cgi-bin/get_file.pl?usename=%f&remove=1&file="

The "remove=1" argument in url means that the file will be removed after
downloaded.

srv_clamav.VirUpdateTime secs:The secs is the interval between the
"progress of download" messages in seconds.

	

------------------------------------------------------------------------

 Tsantilas Christos, email: chtsanti at users dot sourceforge dot net

