[squid-users] SquidclamAV respons modification

Amos Jeffries squid3 at treenet.co.nz
Thu Mar 12 01:09:16 UTC 2015

On 12/03/2015 10:26 a.m., Grzegorz Falkowski wrote:
> Hello,
> I plan to use sclamav with c-icap to secure web app from malware threat.
> I prepare whole configuration and it's work fine. Unfortunately in first
> stage of implementation it shouldn't make any changes to the respond. Virus
> detection must be logged and that it.

Bad Idea. You are knowingly allowing your clients to be infected.

> I was looking for a solution in
> documentation of c-icap, clamav, squidclamav but I didn't find any.
> My idea is to modify the way in which the c-icap handle feedback from clamav
> . C-icap should ignore the information that has been detected threat and
> return the original request to squid. I suspect that I will need to modify
> the source code to achieve this
> Has anyone tried to make such a modification?

Why would anyone sane want clients to become infected if they could
prevent it? you will have enough false-negatives occuring anyway.

I recommend you skip this and move on to identifying how clamav records
whats its done and why. Or at least change the planned bypass to make
clamav do less intensive scanning initially. There should be settings in
clamav regarding logging level and level of scan performed.


More information about the squid-users mailing list