Leonardo Rodrigues Magalhães ha scritto:
Indunil Jayasooriya escreveu:
Hi,
I want to block spyware while users browse internet. Are there any
ACLs to block this ?
Have you done this before?
squid has no 'malware ACL type'. It has, tough, several different ACL
types that can be used to classify and deny malware access, you just
have to create the ACLs.
Can squid 'automagically' recognizes normal accesses and malware
accesses ?? Absolutely NOT.
Is there some third-party ACL file that can be used to acchieve
spy/malware blocking ?? I'm not sure on that, but probably someone is
already doing and maintaning that. Try googling/archive searching for that.
I don't think "fingreprinting" requests from the lan to the internet is
possible. But you can restrict access by acl-blocking domains or regex
urls that are known to spread spyware. I think there must be some sort
of already compiled list for this, but I can't confirm since I never did
a thorough research on the subject.
To collect urls and domains you could also take note of what programs
like ad-aware and spybot s&d find on the affected machine(s), and use
those urls to update your rules.
HTH
--
Marcello Romani
Responsabile IT
Ottotecnica s.r.l.
http://www.ottotecnica.com
