<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA256 <br>
<br>
ufdbguard does.<br>
<br>
16.08.15 20:27, Stanford Prescott пишет:<br>
<span style="white-space: pre;">> I have SquidClamAV implemented
with the Smoothwall Express 3.1 firewall. It<br>
> works well and fast with ssl-bump, although the majority of
our users only<br>
> have relatively small networks with smaller loads.<br>
><br>
> FYI, E2Guardian has replaced the DansGuardian project and is
currently well<br>
> maintained. E2Guardian can do content filtering for SSL but
only in<br>
> explicit mode, It currently does not support intercept
(transparent) mode<br>
> for SSLBump.<br>
><br>
> On Fri, Aug 14, 2015 at 10:51 AM, Alex Rousskov <<br>
> <a class="moz-txt-link-abbreviated" href="mailto:rousskov@measurement-factory.com">rousskov@measurement-factory.com</a>> wrote:<br>
><br>
>> On 08/13/2015 10:31 PM, Amos Jeffries wrote:<br>
>>> AFAICS it<br>
>>> is the backend AV library only scanning disk objects
that causes the<br>
>>> whole issue. Otherwise the eCAP could be much, much
faster.<br>
>><br>
>> The situation is more nuanced: eCAP supports asynchronous
adapters. It<br>
>> is possible to write a ClamAV adapter that writes
messages to disk and<br>
>> analyses them without blocking Squid. Doing so should
eliminate most<br>
>> overheads between Squid and ClamAV.<br>
>><br>
>> Factory ClamAV adapter can run in asynchronous mode, but
threads are<br>
>> only used for _analysis_ of written files. We have not
optimized the<br>
>> file writing part (yet?). Hopefully, using a RAM-based
file system can<br>
>> mitigate a large part of that performance damage (as well
as address<br>
>> some of the security concerns related to disk storage?).<br>
>><br>
>> A bigger performance problem, AFAICT, is that ClamAV does
not support<br>
>> incremental analysis. It waits for the entire file to be
downloaded<br>
>> first. This breaks the message delivery pipeline and
increases<br>
>> user-perceived response time. This problem cannot be
solved outside the<br>
>> ClamAV library.<br>
>><br>
>><br>
>> Cheers,<br>
>><br>
>> Alex.<br>
>><br>
>> _______________________________________________<br>
>> squid-users mailing list<br>
>> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
>> <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
>><br>
><br>
><br>
><br>
> _______________________________________________<br>
> squid-users mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
> <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBCAAGBQJV0O2DAAoJENNXIZxhPexGd40H+wfKHdOmCXaxPQ9TJYvY/qQz
<br>
mMLs2qLWae+TnC5Dt89SxOJ8oywodjyZo8BwZWeCnF+oYTjleUoglYxz2d9aJKNi
<br>
rONKuAzsOXGekQ4GXv7t7CV2VtUljlppNccw7adWLAPnd4KwrbuRS73hHdoTV3eO
<br>
0V951eXnXOttVaW9IOL6kYh6jJtajZBkfoKoEMIR8d+q60vfM+tu7TiLAQHOjxPT
<br>
SULJjB3U0swSlG70IwzD5HB/OwdDSlOCHB26A4BkTN9xoUn4gwxD2dRCxlNommtW
<br>
MTF0A8s6lJexG4OQ9ci1E909HcfaE7iQJyFonj2st51m0P7aUC5r5DIs9A7/Fbc=
<br>
=7hQ0
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</body>
</html>