[squid-users] Squid 3.5.2 and Avast free anti-virus
Amos Jeffries
squid3 at treenet.co.nz
Mon Mar 2 12:55:06 UTC 2015
On 3/03/2015 1:29 a.m., Alan Palmer wrote:
> Squid 3.5.2 intercept mode and Avast free antivirus 2015 on windows 7
> aren't playing well together. Chrome returns a ca invalid error,
> details reveal
> its the avast web/mail shield cert that its not being trusted.
> Everything works if
> I turn the webshield off, or on a very strange note, works fine on a
> Windows XP
> (I know, old/bad, upgrade blah blah) machine also running avast 2015. The
> windows XP version does have a difference cert than the windows 7 version
> however. Avast seems to be doing a sslbump on its own between the client
> and the squid proxy. Does anyone else have a similar setup working, and
> if so
> whats the magic incantation to make it play nice?
This is roughly what the inter-tubes usually look like:
browser -> AV ===> router ===> NAT -> Squid ===> Internet
As you can see the browser -> AV link has to be working first before
traffic has a chance of even getting near Squid. So config in Squid is
not going to help there.
You may be able to get the Avast CA cert to be trusted by Chrome.
Otherwise a reasonable backup is to drop the WebShield on-machine and
using ICAP in Squid to pass traffic to an AV scanner instead.
Amos
More information about the squid-users
mailing list