[squid-users] SquidclamAV respons modification
grzeg.falkowski at gmail.com
Thu Mar 12 08:01:59 UTC 2015
2015-03-12 2:09 GMT+01:00 Amos Jeffries <squid3 at treenet.co.nz>:
> On 12/03/2015 10:26 a.m., Grzegorz Falkowski wrote:
> > Hello,
> > I plan to use sclamav with c-icap to secure web app from malware threat.
> > I prepare whole configuration and it's work fine. Unfortunately in first
> > stage of implementation it shouldn't make any changes to the respond.
> > detection must be logged and that it.
> Bad Idea. You are knowingly allowing your clients to be infected.
Like I wrote before this is first stage of implementation. We don't want to
interferer user action but we would like have information about potential
threats in uploaded files
> > I was looking for a solution in
> > documentation of c-icap, clamav, squidclamav but I didn't find any.
> > My idea is to modify the way in which the c-icap handle feedback from
> > . C-icap should ignore the information that has been detected threat and
> > return the original request to squid. I suspect that I will need to
> > the source code to achieve this
> > Has anyone tried to make such a modification?
> Why would anyone sane want clients to become infected if they could
> prevent it? you will have enough false-negatives occuring anyway.
> I recommend you skip this and move on to identifying how clamav records
> whats its done and why. Or at least change the planned bypass to make
> clamav do less intensive scanning initially. There should be settings in
> clamav regarding logging level and level of scan performed.
> I did'n find any information in clamav documentation how can I change
scanning level in clamavd.
So I began to consider the above option
> squid-users mailing list
> squid-users at lists.squid-cache.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the squid-users