Mailing List Archive

Re: Clamd, clamuko & squid
Hi all,
I just started using clamd with my exim for scanning email, but the
web viruses still get through of course. I am thinking that maybe the
squid/clamd direction is the way to go since I prefer squid over apache
as a cache since I started with squid back when it was harvest?? or some
such name like that.

Anyway I was wondering if anyone has actually done or is working on the
squid caching interface yet that was mentioned below?

thanks
Randal



Re: [clamav-devel] Clamd, clamuko & squid
from [Thomas Lamy] [Bookmark Link][Original]

To: devel@clamav.elektrapro.com
Subject: Re: [clamav-devel] Clamd, clamuko & squid
From: Thomas Lamy <Thomas.Lamy@in-online.net>
Date: Mon, 23 Jun 2003 09:28:31 +0200
Delivered-to: archive-mharc@elektra.elektrapro.com
Delivered-to: mailing list devel@clamav.elektrapro.com
In-reply-to: <1056352360.1534.0.camel@next138.e-nextcom.esp>
List-help: <mailto:devel-help@clamav.elektrapro.com>
List-post: <mailto:devel@clamav.elektrapro.com>
List-unsubscribe: <mailto:devel-unsubscribe@clamav.elektrapro.com>
Mailing-list: contact devel-help@clamav.elektrapro.com; run by ezmlm
References: <1056352360.1534.0.camel@next138.e-nextcom.esp>
Reply-to: <devel@clamav.elektrapro.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3)
Gecko/20030312

Ramn Arnal Palas wrote:

Hi all!!

Hi!

I started with Clam 3 or 4 months ago and my life has become happier
since then. I'm not going to change

Same with me, you're welcome.

My goal is to scan all http flow through my server for viruses.

My situation is this:
-Squid installed and running.
-Dazuko installed and running.
-Clamd & Clamuko installed and running.
-Clamuko protects "/var/spool/squid"
-When I download a virus, it is detected:
Thu Jun 19 21:19:35 2003 -> Clamuko:
/var/spool/squid/00/00/00000024: Eicar-Test-Signature FOUND
-Squid passes the file to the browser.

I wonder if it could be possible directly delete the file as soon as
it's detected by clamuko (or moved to another directory, etc.etc.etc)

I think this is not what one wants, because the virus _already has been_
forwarded to the client, so there's no protection.

I don't know if I'm going in the right direction, please let me know
where should I search for help.


Im currently "porting" squid-vscan
(http://www.openantivirus.org/projects.php#squid-vscan) to the latest
stable squid version, and then use clamd instead of OpenAntiVirus. I do
this in my spare time, so no beta or release date available.
This piece of software will (hopefully) catch viri _before_ they are sent
to the client or stored on disk. It has some drawbacks, especially when
dealing with large files (I have to keep the client session alive...).

I'll post an announcement here if it's ready for testing.


Thomas


---------------------------------------------------------------------
To unsubscribe, e-mail: devel-unsubscribe@clamav.elektrapro.com
For additional commands, e-mail: devel-help@clamav.elektrapro.com