[squid-users] peek and splice content inspection question
Stanford Prescott
stan.prescott at gmail.com
Sun Aug 16 22:03:05 UTC 2015
ufdbGuard is not a content filter.
On Sun, Aug 16, 2015 at 4:07 PM, Yuri Voinov <yvoinov at gmail.com> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> ufdbguard does.
>
> 16.08.15 20:27, Stanford Prescott пишет:
>
> > I have SquidClamAV implemented with the Smoothwall Express 3.1 firewall.
> It
> > works well and fast with ssl-bump, although the majority of our users
> only
> > have relatively small networks with smaller loads.
> >
> > FYI, E2Guardian has replaced the DansGuardian project and is currently
> well
> > maintained. E2Guardian can do content filtering for SSL but only in
> > explicit mode, It currently does not support intercept (transparent) mode
> > for SSLBump.
> >
> > On Fri, Aug 14, 2015 at 10:51 AM, Alex Rousskov <
> > rousskov at measurement-factory.com> wrote:
> >
> >> On 08/13/2015 10:31 PM, Amos Jeffries wrote:
> >>> AFAICS it
> >>> is the backend AV library only scanning disk objects that causes the
> >>> whole issue. Otherwise the eCAP could be much, much faster.
> >>
> >> The situation is more nuanced: eCAP supports asynchronous adapters. It
> >> is possible to write a ClamAV adapter that writes messages to disk and
> >> analyses them without blocking Squid. Doing so should eliminate most
> >> overheads between Squid and ClamAV.
> >>
> >> Factory ClamAV adapter can run in asynchronous mode, but threads are
> >> only used for _analysis_ of written files. We have not optimized the
> >> file writing part (yet?). Hopefully, using a RAM-based file system can
> >> mitigate a large part of that performance damage (as well as address
> >> some of the security concerns related to disk storage?).
> >>
> >> A bigger performance problem, AFAICT, is that ClamAV does not support
> >> incremental analysis. It waits for the entire file to be downloaded
> >> first. This breaks the message delivery pipeline and increases
> >> user-perceived response time. This problem cannot be solved outside the
> >> ClamAV library.
> >>
> >>
> >> Cheers,
> >>
> >> Alex.
> >>
> >> _______________________________________________
> >> squid-users mailing list
> >> squid-users at lists.squid-cache.org
> >> http://lists.squid-cache.org/listinfo/squid-users
> >>
> >
> >
> >
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQEcBAEBCAAGBQJV0O2DAAoJENNXIZxhPexGd40H+wfKHdOmCXaxPQ9TJYvY/qQz
> mMLs2qLWae+TnC5Dt89SxOJ8oywodjyZo8BwZWeCnF+oYTjleUoglYxz2d9aJKNi
> rONKuAzsOXGekQ4GXv7t7CV2VtUljlppNccw7adWLAPnd4KwrbuRS73hHdoTV3eO
> 0V951eXnXOttVaW9IOL6kYh6jJtajZBkfoKoEMIR8d+q60vfM+tu7TiLAQHOjxPT
> SULJjB3U0swSlG70IwzD5HB/OwdDSlOCHB26A4BkTN9xoUn4gwxD2dRCxlNommtW
> MTF0A8s6lJexG4OQ9ci1E909HcfaE7iQJyFonj2st51m0P7aUC5r5DIs9A7/Fbc=
> =7hQ0
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150816/b7737e4d/attachment.html>
More information about the squid-users
mailing list