[squid-users] ACL to block installation program

Antony Stone Antony.Stone at squid.open.source.it
Fri Apr 10 18:46:15 UTC 2015


On Friday 10 April 2015 at 19:57:00 (EU time), brendan kearney wrote:

> I am in a policy enforcement role, and our policy making / auditing team
> approached me about why they could download a jar file from a site that was
> not explicitly allowed to provide java content (I.e. not on the
> whitelist).  It was because the mime type not being accurate.

In that case you need to implement content filtering (checking the actual 
content type) and not trusting the reported content from the sender.

I can't quote a specific implementation, but there must be ways of connecting 
(at the very least) the "file" command for identifying content, and very likely 
ways of creating signatures for .jar files which would trigger ClamAV etc.


Antony.

-- 
The words "e pluribus unum" on the Great Seal of the United States are from a 
poem by Virgil entitled "Moretum", which is about cheese and garlic salad 
dressing.

                                                   Please reply to the list;
                                                         please *don't* CC me.


More information about the squid-users mailing list