[squid-users] peek and splice content inspection question

Rafael Akchurin rafael.akchurin at diladele.com
Tue Aug 18 12:44:43 UTC 2015 

Hello Stanford and the list,


Sorry to jump on a late thread - it is also possible to use ICAP/eCAP server to filter the actual contents of the stream.

C-ICAP comes to mind first, then eCap samples from http://www.e-cap.org/Downloads


Best regards,

Rafael

________________________________
From: squid-users <squid-users-bounces at lists.squid-cache.org> on behalf of Stanford Prescott <stan.prescott at gmail.com>
Sent: Monday, August 17, 2015 1:04 AM
To: Yuri Voinov
Cc: squid-users
Subject: Re: [squid-users] peek and splice content inspection question

Yes, really. ufdbGuard, like squidGuard before it, is a URL Filter that filters known unwanted URLs. A content filter, like DansGuardian and E2Guardian are content filters which examine the content of web pages looking for unwanted things.

On Sun, Aug 16, 2015 at 6:10 PM, Yuri Voinov <yvoinov at gmail.com<mailto:yvoinov at gmail.com>> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

O, really?

17.08.15 4:03, Stanford Prescott ?????:
> ufdbGuard is not a content filter.
>
> On Sun, Aug 16, 2015 at 4:07 PM, Yuri Voinov <yvoinov at gmail.com><mailto:yvoinov at gmail.com> wrote:
>
>>
> ufdbguard does.
>
> 16.08.15 20:27, Stanford Prescott ?????:
>
> >>> I have SquidClamAV implemented with the Smoothwall Express 3.1 firewall.
> It
> >>> works well and fast with ssl-bump, although the majority of our users
> only
> >>> have relatively small networks with smaller loads.
> >>>
> >>> FYI, E2Guardian has replaced the DansGuardian project and is currently
> well
> >>> maintained. E2Guardian can do content filtering for SSL but only in
> >>> explicit mode, It currently does not support intercept (transparent) mode
> >>> for SSLBump.
> >>>
> >>> On Fri, Aug 14, 2015 at 10:51 AM, Alex Rousskov <
> >>> rousskov at measurement-factory.com<mailto:rousskov at measurement-factory.com>> wrote:
> >>>
> >>>> On 08/13/2015 10:31 PM, Amos Jeffries wrote:
> >>>>> AFAICS it
> >>>>> is the backend AV library only scanning disk objects that causes the
> >>>>> whole issue. Otherwise the eCAP could be much, much faster.
> >>>>
> >>>> The situation is more nuanced: eCAP supports asynchronous adapters. It
> >>>> is possible to write a ClamAV adapter that writes messages to disk and
> >>>> analyses them without blocking Squid. Doing so should eliminate most
> >>>> overheads between Squid and ClamAV.
> >>>>
> >>>> Factory ClamAV adapter can run in asynchronous mode, but threads are
> >>>> only used for _analysis_ of written files. We have not optimized the
> >>>> file writing part (yet?). Hopefully, using a RAM-based file system can
> >>>> mitigate a large part of that performance damage (as well as address
> >>>> some of the security concerns related to disk storage?).
> >>>>
> >>>> A bigger performance problem, AFAICT, is that ClamAV does not support
> >>>> incremental analysis. It waits for the entire file to be downloaded
> >>>> first. This breaks the message delivery pipeline and increases
> >>>> user-perceived response time. This problem cannot be solved outside the
> >>>> ClamAV library.
> >>>>
> >>>>
> >>>> Cheers,
> >>>>
> >>>> Alex.
> >>>>
> >>>> _______________________________________________
> >>>> squid-users mailing list
> >>>> squid-users at lists.squid-cache.org<mailto:squid-users at lists.squid-cache.org>
> >>>> http://lists.squid-cache.org/listinfo/squid-users
> >>>>
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> squid-users mailing list
> >>> squid-users at lists.squid-cache.org<mailto:squid-users at lists.squid-cache.org>
> >>> http://lists.squid-cache.org/listinfo/squid-users
>
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org<mailto:squid-users at lists.squid-cache.org>
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJV0QpsAAoJENNXIZxhPexG24gIAMNuWsyfn/QkXWTXROZEJYL1
0frhC+w22fjV8svGjTrZEtSKY4LTHiHEjp99bPBEpPdoCURifUq20m018qRoIcEA
XZfadD+s47bT7FvZbc2W58BQZUsWvotQRMNDPE+Mf0e38ev6PXsj16SaHmWytdx2
Z9H0y5qlgJwwbUyfps4uQn1wF16Qlf2Fw5TGRUbBrij+rjPYzDSXTXxtfT+4j/3V
4lZ0bN0HSFfvJrbfcpPoMCnSlRyJOm/b6Rxqv7v733OtrY/41EW1+HE1HOmW0em3
rwpAV1KgWrwMZYHcIBE147itXlz1RGQutX01auiiSvm/hO3h78rl6aSawmanOAM=
=GgTR
-----END PGP SIGNATURE-----


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150818/cd9aae4d/attachment.html>

More information about the squid-users mailing list