My problem have been solved with blocking the Nimda worm
I want to thank Peter van der Does and Dr. Michael Weller for helping me
out. Thanks
The real problem wasn't Squid itself, but the Norton Antivirus client that
i put so mutch trust in.
Aperently the Ativirus client recoginze Nimda on something in the html page
that is sent to my client (guessing the readme.eml) and therefor blocking
it and displays a warning.
When i figuerd that out , i tryed it on an unprotected PC in a controled
and locked down enviorment and Squid works just fine, blocking the
readme.eml file just perfect.
Hope it helps someone more.
Tomas Andershem
----- old message follows --------------
Hi i turn to you in hope of some ideas. Sorry if this has been answer
already but i havent been able to find anything about it
Im trying to block out the Nimda worm in my squid proxy server and i
haveing some problems.
Im running a Linux RH6.2 system with the squid-2.4.STABLE2 package, newely
compiled..
And the Browsers i use is IE4.0 - IE5.5
i have entered an ACL ruleset that looks like this:
acl w1 url_regex eml
acl e1 url_regex -i eml
acl q1 urlpath_regex eml
acl a1 urlpath_regex -i eml
acl r1 urlpath_regex -i \.eml$
acl t1 url_regex -i \.eml$
http_access deny w1
http_access deny e1
http_access deny q1
http_access deny a1
http_access deny r1
http_access deny t1
..
..
more http_access allow rules for clients
..
The real probelm i have is that it passing trough the readme.eml
The access.log file gives me this message, that to looks like it are beeing
blocked, but it reatch my client just fine.
xxx.xxx.xxx.xxx - - [20/Sep/2001:11:43:33 +0200] "GET
http://brooker1.internet42.com/readme.eml HTTP/1.1" 403 1052 TCP_DENIED:NONE
The regexp filters works just fine if i have "eml" in the browsers url path
ex. http://www.anywhere.com/eml
Any ides would be apreicated
Tomas Andershem
Received on Thu Sep 20 2001 - 10:50:43 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:19 MST