[squid-users] peek and splice content inspection question

Yuri Voinov yvoinov at gmail.com
Sun Aug 16 20:07:32 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
ufdbguard does.

16.08.15 20:27, Stanford Prescott пишет:
> I have SquidClamAV implemented with the Smoothwall Express 3.1 firewall. It
> works well and fast with ssl-bump, although the majority of our users only
> have relatively small networks with smaller loads.
>
> FYI, E2Guardian has replaced the DansGuardian project and is currently
well
> maintained. E2Guardian can do content filtering for SSL but only in
> explicit mode, It currently does not support intercept (transparent) mode
> for SSLBump.
>
> On Fri, Aug 14, 2015 at 10:51 AM, Alex Rousskov <
> rousskov at measurement-factory.com> wrote:
>
>> On 08/13/2015 10:31 PM, Amos Jeffries wrote:
>>> AFAICS it
>>> is the backend AV library only scanning disk objects that causes the
>>> whole issue. Otherwise the eCAP could be much, much faster.
>>
>> The situation is more nuanced: eCAP supports asynchronous adapters. It
>> is possible to write a ClamAV adapter that writes messages to disk and
>> analyses them without blocking Squid. Doing so should eliminate most
>> overheads between Squid and ClamAV.
>>
>> Factory ClamAV adapter can run in asynchronous mode, but threads are
>> only used for _analysis_ of written files. We have not optimized the
>> file writing part (yet?). Hopefully, using a RAM-based file system can
>> mitigate a large part of that performance damage (as well as address
>> some of the security concerns related to disk storage?).
>>
>> A bigger performance problem, AFAICT, is that ClamAV does not support
>> incremental analysis. It waits for the entire file to be downloaded
>> first. This breaks the message delivery pipeline and increases
>> user-perceived response time. This problem cannot be solved outside the
>> ClamAV library.
>>
>>
>> Cheers,
>>
>> Alex.
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJV0O2DAAoJENNXIZxhPexGd40H+wfKHdOmCXaxPQ9TJYvY/qQz
mMLs2qLWae+TnC5Dt89SxOJ8oywodjyZo8BwZWeCnF+oYTjleUoglYxz2d9aJKNi
rONKuAzsOXGekQ4GXv7t7CV2VtUljlppNccw7adWLAPnd4KwrbuRS73hHdoTV3eO
0V951eXnXOttVaW9IOL6kYh6jJtajZBkfoKoEMIR8d+q60vfM+tu7TiLAQHOjxPT
SULJjB3U0swSlG70IwzD5HB/OwdDSlOCHB26A4BkTN9xoUn4gwxD2dRCxlNommtW
MTF0A8s6lJexG4OQ9ci1E909HcfaE7iQJyFonj2st51m0P7aUC5r5DIs9A7/Fbc=
=7hQ0
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150817/be97e141/attachment.html>


More information about the squid-users mailing list