Re: [squid-users] Squid3 with ClamAV and Contentfilter from Amos Jeffries on 2011-04-05 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 06 Apr 2011 00:42:55 +1200

On 06/04/11 00:05, Sebastian Schnur wrote:
> First, thanks for your reply...
>> Where did you get that "fact"? I don't recall that being true.
> I got it from several sites and my collegue. Didn't get anything in
> changlogs of squidclamav or libc-icap-mod-squidclamav
> <http://packages.debian.org/wheezy/libc-icap-mod-squidclamav>.
>>
>> * The old clamav integration provided the alternative URL
>> automatically in the background and the browser would redirect to it
>> without the user needing to do anything.
>> * the ICAP filters mid-stream similar to havp. The early clamav server
>> implementation did have issues around delaying the download while it
>> pulled in and scanned the whole object. Not sure if that has been
>> resolved or not.
>>
> If I define the http-request and http-response like the following, the
> response (download file) should be send directly to the client?!
>
> icap_service clamscan_req reqmod_precache routing=1 bypass=1
> icap://localhost:1344/srv_clamav
> icap_service clamscan_resp respmod_precache routing=1 bypass=1
> icap://localhost:1344/srv_clamav
>
> icap_service urlcheck_req reqmod_precache routing=1 bypass=1
> icap://localhost:1344/urlscan
>
> adaptation_service_chain CHAINS_REQ urlcheck_req clamscan_req
> adaptation_access CHAINS_REQ deny CONNECT
> adaptation_access CHAINS_REQ allow all
>
> adaptation_service_chain CHAINS_RESP clamscan_resp
> adaptation_access CHAINS_RESP allow all
>
>> (I do not use clamav, so may be wrong.)
> Which AV-Scanner do you use with squid? I'm thinking about using
> F-Secure...

I don't run AV in the proxy. I run hosting servers with content scans
before it goes near the 'Net.

>>
>> NP: When you go to squid3 you may want to use the 3.1.11 or later
>> packages available in the Debian sid repositories. The squeeze package
>> has a few annoying issues that do not qualify for fixing under the
>> Debian policy.
>>
> In Debian squeeze there's currently squid 3.1.6-1.2 so I should give it
> a try, shouldn't I? I did not found a bug which is very important on
> http://bugs.debian.org/cgi-bin/pkgreport.cgi?package=squid3.

If you like. The bugs I was referring to are closed by the newer uploads
and no longer show in deb bug tracker. I guess you can wait and see if
they matter (IP failures when IPv6 is supposed to be disabled or
unavailable).

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.12
   Beta testers wanted for 3.2.0.6

Received on Tue Apr 05 2011 - 12:43:00 MDT

This archive was generated by hypermail 2.2.0 : Tue Apr 05 2011 - 12:00:02 MDT