Re: [squid-users] Problem: Squid+Kaspersky_for_proxy+SquidGuard from Amos Jeffries on 2008-01-08 (squid-users)

From: Amos Jeffries <squid3@dont-contact.us>
Date: Wed, 09 Jan 2008 02:14:46 +1300

Alexander Schaefer wrote:
>
>
> Alex Rousskov schrieb:
>> On Mon, 2008-01-07 at 14:18 +0100, Alexander Schaefer wrote:
>>> Hello squid users,
>>>
>>> we did install Kaspersky Antivirus for Proxy on our existing
>>> corporate proxy server, which is Squid 2.6.STABLE5 running on Debian
>>> 4.0 server. We also use SquidGuard for URL-filtering:
>>>
>>> *redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf*
>>>
>>> Kaspersky antivirus is binded per ICAP interface to Squid. After
>>> installation of Kaspersky antivirus, SquidGuard is not effective
>>> anymore -> the bad websites are not blocked, however the appropriate
>>> entries are logged in the blocked.log file. Searching for squid
>>> config statement causing this problem i did localize:
>>>
>>> *icap_enable on*
>>>
>>> As far as i disable this configuration option squidGuards blocks again.
>>>
>>> I other words the redirector and ICAP-redirector seem to dislike each
>>> other...
>>>
>>> Any ideas, how we can run both redirectors together?
>>
>> If you do not get better suggestions, I would try Squid3. If you run
>> into ICAP problems with Squid3, we should be able to fix them.
>>
>
> Thanks a lot... Squid3 seems to be still in the developement phase and
> is not stable enough for productive environment. Due to this fact we
> can't use it ;o(

Squid 3.0 was released in the STABLE late 2007.

3.1 is now in the development stages.

>
> Our workaround, using SquidGuard binded with standard squid
> redirector_programm statement and at the same time "Kaspersky antivirus
> for proxy, binded as ICAP redirector is: Running two instances of squid
> on the same server. The first one is on the internet front and binds
> only SquidGuard running with no_cache mode. The second instance uses the
> first as parent_proxy, does Active Directory user authentication, binds
> Kaspersky per ICAP, bandwith management, cache, etc. It seems to work
> well. The only disadvantage is the increased configuration and
> administration complexity.
>
> Alex

Amos

-- 
Please use Squid 2.6STABLE17 or 3.0STABLE1.
There are serious security advisories out on all earlier releases.

Received on Tue Jan 08 2008 - 06:14:30 MST

This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:04 MST