Search squid archive

Re: transparent squid + clamav + https

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Mar 16, 2010 at 08:58:27PM +0100, Henrik Nordström wrote:
> mån 2010-03-15 klockan 18:47 +0200 skrev Henrik K:
> 
> > If you don't want this limitation, you can use HAVP. It scans the file while
> > it's being transferred to client, while keeping small part of it buffered
> > (in case of virus, it is not transferred so client can't open incomplete
> > file). It's as close to transparent as you can get.
> 
> That's also one of the three modes supported by c-icap clamav service. 

Such comment can only be made when one doesn't understand what HAVP does. It
is NOT the same thing.

http://www.server-side.de/documentation.htm

While one can speculate about the usefulness of scanning huge files at HTTP
level, HAVP with mandatory locking does it much more efficiently.

C-icap will only call the scanner after a file is completely received,
resulting in additional wait and a load spike.

HAVP starts scanning the file immediately as it is received from the server
and gradually unlocked. When c-icap has just started scanning the file, HAVP
has already scanned most (if not all) of it and is sending final bytes to
client. If a virus had happened to be found, HAVP would have already stopped
the unnecessary download without wasting time on the whole file. This also
works on ZIP files as it first tries to download the header at end of the
file using Range request.



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux