[squid-users] icap SOPHOS SAVDI and custom errorpage

Amos Jeffries squid3 at treenet.co.nz
Sat Jan 11 01:20:37 UTC 2020

On 11/01/20 7:43 am, netadmin wrote:
> I also tried with the settings from David Webb's post ie:
> acl http_status_403 http_status 403
> acl virus_found rep_header X-Blocked -i \Virus found during virus scan\.
> I tried both options:
> http_reply_access deny http_status_403 virus_found
> and
> adapted_http_access deny http_status_403 virus_found
> but something is wrong, I can download the test file (eicar).

There are two problems here.

 *  The string SAVDI adds has no '.' at the end. The regex you have says
(with "\.") that is mandatory.
  - remove that bit of the regex

 * SAVDI is producing status 200. So the 403 status check will not work
for you.
  - remove the http_status_403.

The access.log you showed earlier say that SAVDI is adding both of these
headers which you could use:

 X-Blocked: Virus found during virus scan
 X-Blocked-By: Sophos Anti-Virus


More information about the squid-users mailing list