AW: [squid-users] Defending against new attacks from TAHON Willem

From: TAHON Willem - AVE <willem.tahon@dont-contact.us>
Date: Wed, 26 Sep 2001 14:51:00 +0200

Hello,

This sounds interesting, my questions doesn't have anything to do with Squid (sorry) but I'll take the risk anyway : When you're using TrendMicro's virusscanner, are you also using the FTP scan-service ? doesn't it bothers you that ftp isn't transpararant? Or have you found some solution for surfers who would like to have transparant ftp-downloads on an internet-site ? Another question about your setup : Doesn't TrendMicro requires an upstream http-proxy for http-scanning ?

thanks a lot !

Kind regards,

Willem.

> -----Original Message-----
> From: Emrah Tuerker [SMTP:emtue@web.de]
> Sent: Mittwoch, 26. September 2001 15:45
> To: Brian M Dial; squid-users@squid-cache.org
> Subject: Re: [squid-users] Defending against new attacks
>
> hi,
> we had the same problem here und after a long brainstorm we decided to use a gateway antivirus
> scanner in order to scan the whole HTTP, FTP (and SMTP) traffic.
> It looks like:
>
> Client -> Squid -> Antivirusscanner -> Webserver
>
> so ALL the traffic is scanned and theres no problem with Virusses, malicious ActiveX or JAVA applets.
> So maybe thats an idea ? only thing is that a good gateway antivirusscanner will cost you lots of $$$.
> Ahh, well our Antivirusgateway ist Trend Viruswall (www.trendmicro.com).....give it a try :-)
>
> greets
> Emrah Tuerker
>
>
> At 25.09.01 14:33:00, you wrote:
> >With the nimda virus semi-behind now, I'm looking at a way of protecting
> >from something like this in the future. The only thought I've had so
> >far is a way of filtering out executables from being downloaded from the
> >web.
> >
> >I've looked at some threads similar to this in the logs but I have some
> >questions. Is there any better way then using a url pattern match to
> >handle this? I know I can use url_regex \.eml or \.exe or any
> >executable but is this the right way to be doing it? I've noticed that
> >since I used it to filter .exe, I've had a few problem with people
> >browsing sites that use .exe for their cgi extension and squid will deny
> >the client even though it's not trying to download it.
> >
> >Is using url_regex based acl's really the best way to be doing this?
> >
> >Thanks for any input,
> >
> >-Brian
> >
> >--
> >Brian M Dial
> >UNIX Systems Administrator
> >Rummel, Klepper & Kahl, LLP
> >Phone: 410.728.2900 x1329
> >Cell: 410.598.0742
> >http://www.rkkengineers.com
> >
> >
Received on Wed Sep 26 2001 - 06:51:05 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:29 MST