Am 17.04.2009 um 07:27 schrieb Henrik K:
On Fri, Apr 17, 2009 at 07:13:35AM +0200, Frank Fiene wrote:
Am 16.04.2009 um 17:52 schrieb Henrik K:
On Thu, Apr 16, 2009 at 03:57:35PM +0200, Frank Fiene wrote:
Hi i have a problem with integrating clamav with squivir2 into
squid.
Not that it helps with this specific question, but get yourself a
real
tool.
Redirector based virus scanners are flawed by design. You want to
look
at
proxy based scanners like HAVP (http://www.server-side.de/) or ICAP
based
like c-icap (http://c-icap.sourceforge.net/). They offer performance
and
security.
Is anyone using HAVP? I read only one sentence on the home page:
Disadvantage:
If the scanning process is too slow and the file is larger than the
defined "hold back data" you can still receive a virus! If the file
contains a virus and the file is bigger than the "hold back data" the
download will be cancelled with no warning. If you try to download
the
file again you will get the error message (this feature is not
implemented yet).
My opinion: this is a no-go!
So read a bit more and think about it. Obviously such received file
without
the "holded back data" will in 99.9% cases not work. Exe will not
run, Zip
will not unpack etc. The "virus" will be harmless.
If you think about "cancelling without warning", which do you prefer?
Scanner waiting to download large file, only scan it after it's fully
received, while user is fiddling his thumbs and looking at 0% or
some custom
"download" page that breaks many applications? In the unlikely
scenario that
a large file even contains a virus, it makes no difference whether
the user
gets a "warning" or not (it can be found in HAVP logs if asked).
HAVP allows
user start receiving file almost immediately without waiting.
And yes HAVP does have many happy users, it's even used in many
firewall
distributions. ;)
OK, thx.
I will try wil IPCAP first and Squid-3.
This seems to be a standard solution, right?
Frank
--
Frank Fiene / IT-Services
Fon: +49 2526 29-6200
Fax: +49 2526 29-16-6200
mailto: ffiene@xxxxxxxx
www.veka.com
VEKA AG
Dieselstr. 8
48324 Sendenhorst
Deutschland/Germany
Vorstand: Andreas Hartleif (Vorsitzender), Dr. Andreas W. Hillebrand
Bonifatius Eichwald, Elke Hartleif, Dr. Werner Schuler
Vorsitzender des Aufsichtsrates: Heinrich Laumann
HRB 8282 AG Münster
