[squid-users] kaspersky and ufdbguard

Marcus Kool marcus.kool at urlfilterdb.com
Thu May 17 18:11:25 UTC 2018 

I do not block my Kaspersky AV.
Do you want the Kaspersky software contact the servers of Kaspersky ?

On 17/05/18 09:30, Vacheslav wrote:
> Yeah all that I know, The million dollar question is should I continue blocking it?
> 
> -----Original Message-----
> From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Marcus Kool
> Sent: Thursday, May 17, 2018 3:22 PM
> To: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] kaspersky and ufdbguard
> 
> 195.122.177.165 is an IP address of Kaspersky (see whois 195.122.177.165).
> ufdbguardd blocks this IP address since it is configured to do so which is indicated by 'https-option', most likely because the config has
>      option enforce-https-with-hostname on # default is off.
> 
> Marcus
> 
> 
> On 17/05/18 08:03, Vacheslav wrote:
>> I have this:
>> acl {
>>      allSystems  {
>>         ### EDIT THE NEXT LINE FOR LOCAL CONFIGURATION:
>>         pass
>> 	   alwaysallow
>> 	   # !always-block
>> 	    !ms-data-collection
>> 	   !adult !security
>> 	    !proxies !malware !warez
>> 	   !gambling !violence !drugs
>>         	  !phishtank !spyware
>> 	   chat dating !games religion  finance jobs shops sports travel news
>> 	   webmail forum socialnet youtube
>>              !webtv webradio audiovideo
>> 	   !ads
>>              searchengine
>> 	   # with "logall on" or "logpass on" it makes sense to have the category "checked" in the ACL.
>> 	   any
>> 	   # NOTE: ALL categories are part of the ACL for logging purposes.
>> 	   # Only when logall is off, one can remove the allowed categories from the ACL.
>>      }
>>
>> I don't have a similar config acl.
>>
>> -----Original Message-----
>> From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Amos Jeffries
>> Sent: Thursday, May 17, 2018 1:56 PM
>> To: squid-users at lists.squid-cache.org
>> Subject: Re: [squid-users] kaspersky and ufdbguard
>>
>> On 17/05/18 17:45, Vacheslav wrote:
>>> Peace,
>>>
>>> When I configured Kaspersky to use proxy, I started getting as an example:
>>>
>>> BLOCK -                10.96.0.104     config     https-option
>>> 195.122.177.165:443 CONNECT
>>>
>>> I have require https hostname. Kaspersky is updating fine.
>>>
>>> Anyone has an idea what Kaspersky is connecting ?
>>>
>>
>> That is a custom log format, you have not provided any info about what each field is. So no, we don't have much of a clue what it means.
>>
>> Amos
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
> 
> 
> 
>

More information about the squid-users mailing list