> Leonardo Rodrigues Magalhães ha scritto: >> >> >> Indunil Jayasooriya escreveu: >>> Hi, >>> >>> I want to block spyware while users browse internet. Are there any >>> ACLs to block this ? >>> >>> Have you done this before? >>> >> >> squid has no 'malware ACL type'. It has, tough, several different ACL >> types that can be used to classify and deny malware access, you just >> have to create the ACLs. >> >> Can squid 'automagically' recognizes normal accesses and malware >> accesses ?? Absolutely NOT. >> >> Is there some third-party ACL file that can be used to acchieve >> spy/malware blocking ?? I'm not sure on that, but probably someone is >> already doing and maintaning that. Try googling/archive searching for >> that. >> >> >> > > I don't think "fingreprinting" requests from the lan to the internet is > possible. But you can restrict access by acl-blocking domains or regex > urls that are known to spread spyware. I think there must be some sort > of already compiled list for this, but I can't confirm since I never did > a thorough research on the subject. > To collect urls and domains you could also take note of what programs > like ad-aware and spybot s&d find on the affected machine(s), and use > those urls to update your rules. It is possible to use some external program via external ACL, ICAP, or peer relationships to do the filtering for squid. Amos
