[squid-users] peek and splice content inspection question

Stanford Prescott stan.prescott at gmail.com
Sun Aug 16 14:27:03 UTC 2015


I have SquidClamAV implemented with the Smoothwall Express 3.1 firewall. It
works well and fast with ssl-bump, although the majority of our users only
have relatively small networks with smaller loads.

FYI, E2Guardian has replaced the DansGuardian project and is currently well
maintained. E2Guardian can do content filtering for SSL but only in
explicit mode, It currently does not support intercept (transparent) mode
for SSLBump.

On Fri, Aug 14, 2015 at 10:51 AM, Alex Rousskov <
rousskov at measurement-factory.com> wrote:

> On 08/13/2015 10:31 PM, Amos Jeffries wrote:
> > AFAICS it
> > is the backend AV library only scanning disk objects that causes the
> > whole issue. Otherwise the eCAP could be much, much faster.
>
> The situation is more nuanced: eCAP supports asynchronous adapters. It
> is possible to write a ClamAV adapter that writes messages to disk and
> analyses them without blocking Squid. Doing so should eliminate most
> overheads between Squid and ClamAV.
>
> Factory ClamAV adapter can run in asynchronous mode, but threads are
> only used for _analysis_ of written files. We have not optimized the
> file writing part (yet?). Hopefully, using a RAM-based file system can
> mitigate a large part of that performance damage (as well as address
> some of the security concerns related to disk storage?).
>
> A bigger performance problem, AFAICT, is that ClamAV does not support
> incremental analysis. It waits for the entire file to be downloaded
> first. This breaks the message delivery pipeline and increases
> user-perceived response time. This problem cannot be solved outside the
> ClamAV library.
>
>
> Cheers,
>
> Alex.
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150816/4d6c035c/attachment.html>


More information about the squid-users mailing list