On Mon, 28 Jun 2010 15:15:30 -0500, Seann <nombrandue_at_tsukinokage.net>
wrote:
> Henrik Nordström wrote:
>> mån 2010-06-28 klockan 11:27 +0200 skrev Matus UHLAR - fantomas:
>>
>>> On 28.06.10 10:07, Philippe Dhont wrote:
>>>
>>>> I am looking for the easiest configuration to use squid in
combination
>>>> with an antivirus.
>>>>
>>> try ICAP
>>>
>>
>> http://c-icap.sourceforge.net/ +
>> http://clamav.ne/
>>
>>
>>
> squid-clamav works pretty good, and is a simple redirector. I haven't
> tried ICAP yet, so I can't tell you which one is better.
>
ICAP is better. The old redirector API forced the AV to download the
object on the side, scan it and reply with A URL approximating accept/fail
which caused the client to download the object again. Blocking the client
during the entire scan.
ICAP passes the original client requested object to AV for scanning and
lets the AV reply with a cleaned object or at any point stop scanning and
let the client continue. Newer Squid support trickling the scanned sections
through to the client.
Net result is faster AV scanning, better results and approximately half
the WAN traffic. All the popular AV provide ICAP interfaces or modules so
you can plug straight into Squid-3.
Amos
Received on Mon Jun 28 2010 - 22:57:56 MDT
This archive was generated by hypermail 2.2.0 : Tue Jun 29 2010 - 12:00:03 MDT