[squid-users] SquidclamAV respons modification

Grzegorz Falkowski grzeg.falkowski at gmail.com
Thu Mar 12 08:01:59 UTC 2015


2015-03-12 2:09 GMT+01:00 Amos Jeffries <squid3 at treenet.co.nz>:

> On 12/03/2015 10:26 a.m., Grzegorz Falkowski wrote:
> > Hello,
> > I plan to use sclamav with c-icap to secure web app from malware threat.
> > I prepare whole configuration and it's work fine. Unfortunately in first
> > stage of implementation it shouldn't make any changes to the respond.
> Virus
> > detection must be logged and that it.
>
> Bad Idea. You are knowingly allowing your clients to be infected.
>

Like I wrote before this is first stage of implementation. We don't want to
interferer user action but we would like have information about potential
threats in uploaded files

>
> > I was looking for a solution in
> > documentation of c-icap, clamav, squidclamav but I didn't find any.
> > My idea is to modify the way in which the c-icap handle feedback from
> clamav
> > . C-icap should ignore the information that has been detected threat and
> > return the original request to squid. I suspect that I will need to
> modify
> > the source code to achieve this
> > Has anyone tried to make such a modification?
>
> Why would anyone sane want clients to become infected if they could
> prevent it? you will have enough false-negatives occuring anyway.
>
> I recommend you skip this and move on to identifying how clamav records
> whats its done and why. Or at least change the planned bypass to make
> clamav do less intensive scanning initially. There should be settings in
> clamav regarding logging level and level of scan performed.
>
> I did'n find any information in clamav documentation how can I change
scanning level in clamavd.
So I began to consider the above option

> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
Best regards
Grzegorz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150312/99455e1d/attachment-0001.html>


More information about the squid-users mailing list