Re: [squid-users] identify virus

From: Amos Jeffries <>
Date: Mon, 21 Apr 2008 14:13:54 +1200 (NZST)

> how can we roughly identify the virus on host machine by seeing squid
> access.log and cache.log

Turn on query-string logging and google the full URI which the client is
trying to connect to. Some virus have well-known attack URI, or analysis
by others published.

If you can't find anything for/against the URI squid is asked for, then
you will have to perform your own detective analysis. Squid itself can
only tell you what the URI to start with.

Good luck.

Received on Tue Apr 22 2008 - 14:13:59 MDT

This archive was generated by hypermail 2.2.0 : Thu May 01 2008 - 12:00:04 MDT