I currently run ClamAV / SpamAssassin under ISPConfig 2 in an Ubuntu 10.04 LTS KVM machine ; serves about 10 sites plus handles about 20 email addresses. All of this works fine, although I wonder about going to ISPConfig 3 at some point. Today I'm concerned about the Windows machines (about 5 of them, both physical and virtual) on the LAN. These run their own local A/V scanners, but I think it makes sense to set up a transparent web proxy to pass web pages thru Clam on the way in. What got me here was that at a different site where I was working yesterday, they run a scanning /content filtering proxy appliance that caught a JS web page injection before it could get to the Windows machine I was using. The script was injected on the top page of a 'normal' corporate client's site (I notified them). So my question is can I invoke, via a transparent (and thin i.e. no need for cacheing or content filtering) web proxy, the same Clam install as is already there under ISPConfig? Currently webrequests outbound from the LAN are NATted via IPTables on the host machine; simple enough to redirect through a proxy. But the ISPConfig setup has Clam rooted at /home/admispconfig/ispconfig/tools/clamav. Or perhaps it would make more sense to have a separate VM or use the host itself for the proxy? Any thoughts are much appreciated.
