> Hello, > > > In LAN enviroment with transparent squid proxy what is the best and > checked > (except for setting internal for LAN update server) for making > WindowSupdate > and similiar services to work? > > I intercept user traffic with iptables rules. > Most of the traffic can be caught and allowed by a few special ACLs in squid. I use: acl securityUpdates dstdomain "antimalware.txt" where antimalware.txt contains: # WinXP / Win2k ?? / Vista ?? windowsupdate.microsoft.com .update.microsoft.com download.windowsupdate.com www.download.windowsupdate.com redir.metaservices.microsoft.com images.metaservices.microsoft.com c.microsoft.com # Win98 wustat.windows.com crl.microsoft.com # # Avast! Anti-Virus # .avast.com # # Spy-Bot Search & Destroy Anti-Spyware # .safer-networking.org www.spybotupdates.biz # # AVG Anti-Virus # guru.grisoft.com downloadfree.grisoft.com # # Trend PC-Cillin Anti-Virus # .activeupdate.trendmicro.com pccreg.trendmicro.com # # Norton Anti-Virus & Security Squite # liveupdate.symantecliveupdate.com liveupdate.symantec.com # # Zone Alarm Updates cm2.zonelabs.com There are also a few that need a background HTTPS handshake or they fail. - Windows/Microsoft-Update shakes with www.update.microsoft.com:443 - McAfee products shake with sadownload.mcafee.com at varied ports. In standard proxy manually/PAC configured at the user end a CONNECT needs to be permitted for this, in transparent is must be done at the firewall. These are just the products my client base have used recently. I'm sure there is larger list of OK anti-spyware/virus/malware products. NP: spybot has a larger base of mirror update sites. I just have a custom redirector catching all the ones I can and pointing them back at spybotupdates.biz. HTH Amos
