Re: [squid-users] Problem with squivir2, anyone?

From: Frank Fiene <ffiene_at_veka.com>
Date: Fri, 17 Apr 2009 08:52:26 +0200

Am 17.04.2009 um 07:27 schrieb Henrik K:

> On Fri, Apr 17, 2009 at 07:13:35AM +0200, Frank Fiene wrote:
>>
>> Am 16.04.2009 um 17:52 schrieb Henrik K:
>>
>>> On Thu, Apr 16, 2009 at 03:57:35PM +0200, Frank Fiene wrote:
>>>> Hi i have a problem with integrating clamav with squivir2 into
>>>> squid.
>>>
>>> Not that it helps with this specific question, but get yourself a
>>> real
>>> tool.
>>> Redirector based virus scanners are flawed by design. You want to
>>> look
>>> at
>>> proxy based scanners like HAVP (http://www.server-side.de/) or ICAP
>>> based
>>> like c-icap (http://c-icap.sourceforge.net/). They offer performance
>>> and
>>> security.
>>>
>>
>>
>> Is anyone using HAVP? I read only one sentence on the home page:
>>
>> Disadvantage:
>> If the scanning process is too slow and the file is larger than the
>> defined "hold back data" you can still receive a virus! If the file
>> contains a virus and the file is bigger than the "hold back data" the
>> download will be cancelled with no warning. If you try to download
>> the
>> file again you will get the error message (this feature is not
>> implemented yet).
>>
>> My opinion: this is a no-go!
>
> So read a bit more and think about it. Obviously such received file
> without
> the "holded back data" will in 99.9% cases not work. Exe will not
> run, Zip
> will not unpack etc. The "virus" will be harmless.
>
> If you think about "cancelling without warning", which do you prefer?
> Scanner waiting to download large file, only scan it after it's fully
> received, while user is fiddling his thumbs and looking at 0% or
> some custom
> "download" page that breaks many applications? In the unlikely
> scenario that
> a large file even contains a virus, it makes no difference whether
> the user
> gets a "warning" or not (it can be found in HAVP logs if asked).
> HAVP allows
> user start receiving file almost immediately without waiting.
>
> And yes HAVP does have many happy users, it's even used in many
> firewall
> distributions. ;)
>

OK, thx.

I will try wil IPCAP first and Squid-3.

This seems to be a standard solution, right?

Frank

-- 
Frank Fiene / IT-Services
Fon: +49 2526 29-6200
Fax: +49 2526 29-16-6200
mailto: ffiene_at_veka.com
www.veka.com
VEKA AG
Dieselstr. 8
48324 Sendenhorst
Deutschland/Germany
Vorstand: Andreas Hartleif (Vorsitzender), Dr. Andreas W. Hillebrand
               Bonifatius Eichwald, Elke Hartleif, Dr. Werner Schuler
Vorsitzender des Aufsichtsrates: Heinrich Laumann
HRB 8282 AG Münster
Received on Fri Apr 17 2009 - 06:52:38 MDT

This archive was generated by hypermail 2.2.0 : Fri Apr 17 2009 - 12:00:02 MDT