[squid-users] Antwort: [squid-users] antivirus with squid

Configuration Nr. 1 is the more secure option since all http traffic is
scanned by the viruswall (which also scans for stuff like javascript
"malware").
Of course this affects performance, or rather the way users experience
their download. In order to scan a file (say a .zip-archive), the viruswall
must wait until it is completely downloaded. During this time it sends only
a few bytes to the client (i.e. squid) to prevent it from timing out (this
ist the so-called "trickle"-option in Viruswall). Once the file is
downloaded to the viruswall and successfully scanned, it is delivered to
the client with LAN bandwidth (assuming your viruswall and squid are on the
same LAN).
For your users this looks like the download is veeeery slow in the beginnig
and then it suddenly becomes extremely fast.
The overall effect on performance of course depends on your number of
users, your proxy hardware etc, but it is usually not too bad if you have
suitable hardware for the viruswall.

In general I would not recommend solution Nr.2. If you want to exclude
certain file types from scanning , you can configure that on the viruswall.
The viruswall is your antivirus policy enforcement point. not squid. There
is one exception to this: If you want live video/audio-streaming via http
you will have to bypass the viruswall for these requests.

Hope this helps

Regards

Horst

                                                                                                                   
                    Emilio Casbas
                    <ecasbas@unav. An: squid-users <squid-users@squid-cache.org>
                    es> Kopie:
                                         Thema: [squid-users] antivirus with squid
                    28.04.2004
                    09:27
                                                                                                                   
                                                                                                                   

I searched in the mail list archives for the configuration
of AV viruswall trend micro with squid, but I have some doubt:

Case 1)
        clients --> hiearchi proxy --> virus-wall --> internet
        All the traffic to the internet go through to the virus wall.

Case 2)
       Equal to case 1, but the hierarchi proxy have configured
       cache_peer access for the virus wall in the case of \.exe$
       \.vbs$ \.zip$ ..... were found in url. In this form not all
       the traffic go through virus wall, only suspicious archives.

Wich it is the best configuration?
How does this affect the performance?

Thanks in advance
Emilio

Disclaimer

Diese E-Mail kann vertrauliche und/oder rechtlich geschützte Informationen
enthalten. Wenn Sie nicht der beabsichtigte Empfänger sind oder diese E-Mail
irrtümlich erhalten haben, informieren Sie bitte sofort den Absender tele-
fonisch oder per E-Mail und löschen Sie diese E-Mail aus Ihrem System. Das
unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht
gestattet. Wir haften nicht für die Unversehrtheit von E-Mails, nachdem sie
unseren Einflussbereich verlassen haben.

This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error) please
notify the sender immediately by call or e-mail and destroy this e-mail. Any
unauthorised copying, disclosure or distribution of the material in this
e-mail is strictly forbidden. We are not responsible for the integrity of
e-mails after they have left our sphere of control.
Received on Wed Apr 28 2004 - 01:47:38 MDT