> > how can we roughly identify the virus on host machine by seeing squid > access.log and cache.log > > Turn on query-string logging and google the full URI which the client is trying to connect to. Some virus have well-known attack URI, or analysis by others published. If you can't find anything for/against the URI squid is asked for, then you will have to perform your own detective analysis. Squid itself can only tell you what the URI to start with. Good luck. Amos
