[squid-users] https antivirus proxy necessary?

Thu Jun 23 15:17:21 UTC 2016

Hello Eliezer and Hans,

Our github.com repo has all the scripts necessary to rebuild latest Squid 3.5.19 with SSL Bump and latest ecap on Ubuntu 14.04 see https://github.com/diladele/squid-ubuntu.

We reuse the Debian Testing package and apply some simple patches on it. I am pretty sure this is as easy to do in Debian Jessy.
Hope this will help to build the Jessy package easier.

Best regards,
Rafael Akchurin
Diladele B.V.

--
Please take a look at Web Safety - our ICAP based web filter server for Squid proxy at http://www.diladele.com

_____________________________________________
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Eliezer Croitoru
Sent: Thursday, June 23, 2016 4:08 PM
To: hans.meyer0 at fn.de
Cc: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] https antivirus proxy necessary?

Hey,

Sorry for not responding earlier.
Your question regarding having two layers of AV technically depends on what both are offering as a product.
We can spate the question of unwrapping HTTPS\TLS connections from inspecting the HTTPS content using an AV.
If you have a trusted source and as an example I would take Microsoft.
Microsoft is known to secure it's infrastructure despite some rumors from security "experts" so you won't need to inspect their updates.
You might want to cache them but not check them with AV. The day you will need to inspect them with AV things will probably start falling from the sky..
If you have a defined business web usage policy it minimizes the options to malice software download but it only fits for special cases with high risk for theft or other crime related sensitive data\info.

Building Latest squid from sources for Debian Jessie can cost money and in some cases it's not worth it.
The answer regarding the price would be the level of QA and other development and integration stages.
Depends on the business size the HTTPS url inspection by itself can be worth a lot.

Can you define what can be costly when building squid for Jessie?
I am asking since I am in the middle of working on a version of latest squid with SSL-BUMP support.(it takes quite some time to automate it)

Eliezer

----
Eliezer Croitoru<http://ngtech.co.il/lmgtfy/>
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il
 << File: ATT00001.txt >>

From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of hans.meyer0 at fn.de
Sent: Wednesday, June 22, 2016 5:10 PM
To: squid-users at lists.squid-cache.org
Subject: [squid-users] https antivirus proxy necessary?

Do you think it's necessary to have an additional https antivir proxy to normal client antivirus?
We are using Avast Business that already offers a web protection.
Can an additional antivir proxy significant higher the level of protection?
In general I think two different antivirus programms see more then one.
But on the other hand an HTTP/HTTPS antivirus proxy is an additional attack surface.
Especially because its costly to build the latest squid version with https support from source on a debian jessie.
So the proxy will not be up a proxy or not?

---
Mail & Cloud Made in Germany mit 3 GB Speicher! Jetzt kostenlos anmelden<https://email.freenet.de/mail/Uebersicht?epid=e9900000450> << OLE Object: Picture (Device Independent Bitmap) >>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160623/e5bad727/attachment.html>