RE: [squid-users] Re: Antivir scan big file problem with ICAP

From: Podolski <d.podolski@dont-contact.us>
Date: Wed, 28 Mar 2007 10:44:42 +0400

>
>I test this two antivirus
>Drweb and avast fot icap
>Drweb bad support for preview mode :( and many bugs
>Avast don't support preview
>====================================================
>"from avast support
>Thank you for your answer.
>Now I know what you mean. But WebGate don't support the feature you
>describe.
>WebGate can only scan the complete file not a part. It would make no
>sense for WebGate to scan only a part of the file.
>We hope for your understanding."
>====================================================

That's funny. You can scan a big file partially and find viruses. It makes
no sense for a gateway to scan hundreds of megs.

Though I'm slightly partial (I develop it), I recommend you look into HAVP
(http://www.server-side.de/). It has much more features, supports multiple
scanners etc.

>Im have one quiestion
>Whether I can make similar ACL?
>Example:
>Acl size url_regex_filelenght =<1mb :)

It's impossible to know real lenght of incoming data, until it's received.
HAVP takes this carefully in consideration.

>#acl stream url_regex -i .mp3 .vqf .avi .mpeg .mpe .mpg .qt .ram .rm
>.raw .wav .mov .wmv .htm .html .gif .jpg .jpeg #acl progs url_regex -i
>.exe .scr .com .dat .rar .zip .cmd .vbs .vba .jar .386 .bin .dll .drv
>.pif .txt .doc .xls .ppt .rtf .pps .sys .vxd .vst .php .cab .ms

Also it's impossible to identify content based on URL. HAVP scans
everything, it's the only possible secure way. But streaming is handled
separately and you can whitelist images if you are very short on CPU.

Cheers,
Henrik

============================================================================
==================================
:(
Im want a create channel for users but method parent proxyes is not
recomendet
If Havp is down, squid not redirect traffic to other parent or direct :(

Im use cisco+ wccp + squid + icap + [antivir]
Maximum timeout if proxy is down 9 seconds :)
All commercial antivirus not use Preview Method of ICAP protocol :(
Drweb use preview but this antivir is betaversion
HAVP use ICAP ???
Received on Wed Mar 28 2007 - 00:44:50 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Mar 31 2007 - 13:00:02 MDT