[squid-users] peek and splice content inspection question
Yuri Voinov
yvoinov at gmail.com
Thu Aug 13 21:15:46 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
14.08.15 2:56, Alex Rousskov пишет:
> On 08/13/2015 09:38 AM, Amos Jeffries wrote:
>> On 14/08/2015 12:47 a.m., Marko Cupać wrote:
>>> Is it possible - by means of squid's peek and splice feature - to
>>> inspect file extensions and mime types of https traffic? Can bumped
>>> https traffic be forwarded to icap (squidclamav) for AV scanning?
>
>> Doing so is the features intended purpose.
>
>
> And you may be able to use either Secure ICAP (Squid 4) or the eCAP
> ClamAV adapter for AV scanning without transmitting bumped messages over
> plain text ICAP connections.
Yet another solution is not transmit any over net. Just setup all
services on blade system or one box.
>
>
>
>> if I just send traffic to squidclamav on icap
>> tcp port, then I don't store usernames and passwords or private emails
>> in cache?
>
> Squid caching is not related to AV scanning. If you do not disable
> caching, Squid will cache cachable responses. IIRC, the code making the
> cachability decision does not check whether the response was bumped.
> However, you may configure it to do so using the "cache" directive:
>
> http://www.squid-cache.org/Doc/config/cache/
>
> Said that, most responses with private information should not be
> cachable by default because the server should mark them as such.
... and we ignore them due to abuse of server owners no-cache directives
when we fight for increase hit-ratio. There is millions cache-unfriendly
web servers, starting from Google...
>
>
>
> The current eCAP ClamAV adapter [temporary] stores message bodies on
> disk to pass them to the ClamAV library for analysis. I do not know
> about squidclamav.
>
>
> HTH,
>
> Alex.
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJVzQkBAAoJENNXIZxhPexGGDMH/jkrsMwvbDgWADFxcrapPZl8
XCi0fcJTGhO1GPvhBB/T505HMDiwoCeMU5A329i3CWpMXEPJqkllJ0AtPYrcwp7l
gL21HOx50Cqv8rWL4bZR7k9wfb3smLN/NNBZSN6HXZh1chkRhlal+x5qXcfvB7BY
+uJIRnVet0uCQoAHdXuUBH0Qlo+tVaFtlywBRdwNO84uDgW8VaKB4sruV8YO3/Em
wS55QU8nCezaIYaP014LRjh6vpAQfcer5i4FqapGMVe0Qt3VY752ayBl0hN0REN1
kdGoLgvY0263WlWvdbdGB4W1oearfKZzDXUjvwmcTiY0WzpeV+B/XlYFze3w+pg=
=f521
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list