[squid-users] icap SOPHOS SAVDI and custom errorpage
squid3 at treenet.co.nz
Sat Jan 11 01:20:37 UTC 2020
On 11/01/20 7:43 am, netadmin wrote:
> I also tried with the settings from David Webb's post ie:
> acl http_status_403 http_status 403
> acl virus_found rep_header X-Blocked -i \Virus found during virus scan\.
> I tried both options:
> http_reply_access deny http_status_403 virus_found
> adapted_http_access deny http_status_403 virus_found
> but something is wrong, I can download the test file (eicar).
There are two problems here.
* The string SAVDI adds has no '.' at the end. The regex you have says
(with "\.") that is mandatory.
- remove that bit of the regex
* SAVDI is producing status 200. So the 403 status check will not work
- remove the http_status_403.
The access.log you showed earlier say that SAVDI is adding both of these
headers which you could use:
X-Blocked: Virus found during virus scan
X-Blocked-By: Sophos Anti-Virus
More information about the squid-users