Re: [squid-users] Is there any mean to block VIRUSES and others?!?

----- Original Message -----
From: "Tom Broome" <tom@cook.k12.ga.us>
To: "Jerry Murdock" <jmurdock@itraktech.com>
Sent: Tuesday, October 16, 2001 10:52 AM
Subject: RE: [squid-users] Is there any mean to block VIRUSES and others?!?

> Jerry,
> How do you like the vwall?
So far so good. My only real gripe is that it wants to bind to all IP
addresses, I took care of that by running it inside a FreeBSD Jail, which I
probably would have done anyway.

> documentation that I thought was unusual is 9gb for temp(mail) usage. So I'm
> in the processing of converting my rh fwall/squd machine to a squid/vwall
> box. And putting up an obsd fwall.
>
Can't comment on the SMTP portions. My mail scanning was already in place,
and if it ain't broke...

But my guess is that this is probably overstated, look at what your current
spool directory usage is.

The FTP and HTTP proxies are doing fine.

> Is your squid on the same box as vwall? And you are running freebsd on the
> vwall machine?

Yes to both. The clients "see" squid, and the vwall is set as parent.

I use OBSD as well, but haven't used it's linux compatibility layer. Assuming
it is on par with FBSD (which I would expect) you shouldn't have problems.

Getting the Linux version to run under FBSD took a little work. Nothing
difficult, a few symlinks to take care of a few hard-coded paths in the
scripts and creating a dummy rc.d/init.d structure for the installer to find.

I think I only had to edit a single line in one script after it was installed,
and that was only to let the default shutdown scripts work. The script was
calling ps, and there was a difference in the arguments between
linux and FBSD.

The single biggest key to getting the install to run initially is using the
linux sh to run the install script. Otherwise the install knows it's not
running under Linux and quits.

The only other problem was getting it to run inside a FBSD "JAIL." A FreeBSD
jail is not a simple chroot. Even then, it was only the supplied linux
version of apache for the remote management piece that had problems. I ended
up using a native FBSD version apache. This required editing a few more
scripts, and the Viruswall http.conf file.

HTH,

Jerry
Received on Tue Oct 16 2001 - 09:49:40 MDT