mån 2010-03-15 klockan 12:30 +0100 skrev Stefan Reible: > The transparent http proxy with clamav ist working very nice, but now > i have problems with the implementation of ssl. My first idea was, to > break down the encryption at the squid, an then create a new one. > > http://wiki.squid-cache.org/Features/SslBump > > Is this possible? I think the problem is, that if someone opens an > https encrypted website like https://google.de he gets the certificate > from the proxy in his browser, not from the webserver. This wouldn`t > be so fine.. Well, it's the only possibility, othewise the proxy (and clamav) won't be able to inspect the https traffic. > PS: I have an secound problem with downloading big files, is it > possilbe to send any infos about the download progress to the > webbrowser? Like opening an ajax script or something else. Yes. See the "viralator" mode of c-icap srv_clamav. The service supports 3 different modes of download management - Wait with response until scanning have completed - Send some data of the file while scanning is performed to keep the client patiently waiting. - "viralator" mode showing progress while scanning is done, and then redirecting to a "download" URL when complete The problem with viralator mode is that it may break some things as it responds with another response while scanning. Regards Henrik
