[squid-users] Squid 3.5.2 and Avast free anti-virus

Amos Jeffries squid3 at treenet.co.nz
Mon Mar 2 12:55:06 UTC 2015

On 3/03/2015 1:29 a.m., Alan Palmer wrote:
> Squid 3.5.2 intercept mode and Avast free antivirus 2015 on windows 7
> aren't playing well together.  Chrome returns a ca invalid error,
> details reveal
> its the avast web/mail shield cert that its not being trusted.
> Everything works if
> I turn the webshield off, or on a very strange note, works fine on a
> Windows XP
> (I know, old/bad, upgrade blah blah) machine also running avast 2015.  The
> windows XP version does have a difference cert than the windows 7 version
> however.  Avast seems to be doing a sslbump on its own between the client
> and the squid proxy.  Does anyone else have a similar setup working, and
> if so
> whats the magic incantation to make it play nice?

This is roughly what the inter-tubes usually look like:

 browser -> AV ===> router ===> NAT -> Squid ===> Internet

As you can see the browser -> AV link has to be working first before
traffic has a chance of even getting near Squid. So config in Squid is
not going to help there.

You may be able to get the Avast CA cert to be trusted by Chrome.
Otherwise a reasonable backup is to drop the WebShield on-machine and
using ICAP in Squid to pass traffic to an AV scanner instead.


More information about the squid-users mailing list