RE: [squid-users] SQUID + ANTIVIRUS from Erick Arturo Perez on 2002-06-18 (squid-users)

From: Erick Arturo Perez <cripto@dont-contact.us>
Date: Tue, 18 Jun 2002 02:16:17 -0500

The main problem with the setup

Can this be possible?
- HTTP -> ANTIVIRUS -> SQUID (without SQUID loosing where the request
came from)

Is that your squid cache can maintain copies of virus infected files in
its cache. The ISVW will stop them from entering your network, but until
the object expires you can be fetching a virus-infected file.
It is more suggested that you use HTTP -->SQUID --> ISVW it will work
very well, the only thing is that your are using a proxy (the isvw) that
does not do caching, you will introduce some ms delays but that’s the
price to pay if you want to stop those nasty viruses out there.

The following setting is for a machine with iptables, squid, apache and
ISVW on the same machine.

To use http-squid-isvw using iptables do this:
# to redirect internal users to use the squid. So you do not have to
touch the clients.
# I have squid listening on tcp 3128
Iptables –t nat -A PREROUTING -i INCOMING_INTERFACE -p tcp --dport 80 -j
REDIRECT --to-port 3128

Then in your squid.conf do:
# my ISVW is listening on 8080 because I run an apache server in the
same hosts at port 80.
cache_peer IP_OF_SQUID parent 8080 0 default no-query

then in the squid.conf
# should NEVER be forwarded directly to origin servers.
# beware that if the antivirus software dies, you will not have internet
access because the squid cannot send the requests to the antivirus.
never direct allow all

Hope this helps,

Erick A. Perez H.
cripto@c-com.net.pa
eperez@consultant.com
-----Original Message-----
From: Rohit Peyyeti [mailto:rohit@translogicsys.com]
Sent: Viernes, 14 de Junio de 2002 10:09 a.m.
To: squid-users@squid-cache.org
Subject: [squid-users] SQUID + ANTIVIRUS

Hello All:

I have a tricky situation to handle. I introduced SQUID few weeks back
and
it works like a charm. I am planning to get ourselves trend's Viruswall
installed on our gateway machine which runs SQUID with transparent
proxying.

I don't know if I can hook this up (Antivirus software) to my existing
setup without having to configure individual workstation browsers to
redirect to port 80 (on which antivirus software is listening).

Anitvirus software actually sits on the gateway and proxies all the
requests in & out after filtering it.

Can this be possible?
- HTTP -> ANTIVIRUS -> SQUID (without SQUID loosing where the request
came from)

Or?
- HTTP -> SQUID -> ANTIVIRUS

Any suggestions here?

...Rohit

Received on Tue Jun 18 2002 - 01:17:53 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:43 MST