[squid-users] https antivirus proxy necessary?

Eliezer Croitoru eliezer at ngtech.co.il
Thu Jun 23 14:08:21 UTC 2016


Hey,

Sorry for not responding earlier.
Your question regarding having two layers of AV technically depends on what
both are offering as a product.
We can spate the question of unwrapping HTTPS\TLS connections from
inspecting the HTTPS content using an AV.
If you have a trusted source and as an example I would take Microsoft.
Microsoft is known to secure it's infrastructure despite some rumors from
security "experts" so you won't need to inspect their updates.
You might want to cache them but not check them with AV. The day you will
need to inspect them with AV things will probably start falling from the
sky..
If you have a defined business web usage policy it minimizes the options to
malice software download but it only fits for special cases with high risk
for theft or other crime related sensitive data\info.

Building Latest squid from sources for Debian Jessie can cost money and in
some cases it's not worth it.
The answer regarding the price would be the level of QA and other
development and integration stages.
Depends on the business size the HTTPS url inspection by itself can be
worth a lot.

Can you define what can be costly when building squid for Jessie?
I am asking since I am in the middle of working on a version of latest
squid with SSL-BUMP support.(it takes quite some time to automate it)

Eliezer

----
Eliezer Croitoru <http://ngtech.co.il/lmgtfy/> 
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il
 

From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On
Behalf Of hans.meyer0 at fn.de
Sent: Wednesday, June 22, 2016 5:10 PM
To: squid-users at lists.squid-cache.org
Subject: [squid-users] https antivirus proxy necessary?

Do you think it's necessary to have an additional https antivir proxy to
normal client antivirus?
We are using Avast Business that already offers a web protection.
Can an additional antivir proxy significant higher the level of protection?
In general I think two different antivirus programms see more then one.
But on the other hand an HTTP/HTTPS antivirus proxy is an additional attack
surface.
Especially because its costly to build the latest squid version with https
support from source on a debian jessie.
So the proxy will not be up a proxy or not?


---
Mail & Cloud Made in Germany mit 3 GB Speicher! Jetzt kostenlos anmelden
<https://email.freenet.de/mail/Uebersicht?epid=e9900000450> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 65101 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160623/2d511e25/attachment-0001.bin>


More information about the squid-users mailing list