On Fri, Feb 05, 2010 at 11:26:48AM +1300, Amos Jeffries wrote: > Fredrik Ax wrote: > >Hi, > > > >This might be a bug/"feature" of the c-icap + squid 3.0 combination, > >but I'm not sure that it might not be some kind of miss-configuration > >on my behalf, so I therefore figured I'd try this list and see if > >somebody else have run into this. > > > >To sum it up: When using the c-icap clamav service with squid and you > >are downloading a file larger then the in c-icap.conf set > >srv_clamav.StartSendPercentDataAfter threshold and the virus signature > >is found after c-icap has started to "trickle" out data, the entire > >file including the virus signature is let through. [...] > Well yes. You have configured c-icap to send a file through. It's > going to get through. > Any content alteration is up to the ICAP server. Squid passes on > what it receives back. Of course, and I understand that this list is primarily for pure squid setups, but my hope was that somebody here had encountered the same prob, and had a better understanding of c-icap and possibly a resolution on how to force c-icap to stop sending data once the signature was detected. (Didn't find any appropiate c-icap mailing list, but figured that since it's widely used in conjuction with squid for this purpose this list might be a good bet. Also understood that the author of c-icap have been involved in the squid3 development.) I guess I'd better get the latest development release of c-icap and start digging into the code to see if the problem is there. Best regards, /frax ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
