On 17/02/11 20:46, Harald Dunkel wrote:
Hi Jeff,
On 02/16/11 16:40, jeffrey j donovan wrote:
is squid configured as intercept ( aka transparent ) or as proxy?
post squid.conf and we can see whats up.
Sorry, I knew I had forgotten something. Here it is:
# cat /etc/squid3/squid.conf | egrep -v ^\#\|^\$
http_access allow all
http_port 3128
http_port 3129 intercept disable-pmtu-discovery=transparent
hierarchy_stoplist cgi-bin ?
cache_dir aufs /var/spool/squid3 4096 16 256
coredump_dir /var/spool/squid3
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
icap_enable on
icap_preview_enable on
icap_preview_size 128
icap_send_client_ip on
icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav
adaptation_access service_req allow all
adaptation_access service_resp allow all
dns_defnames on
The problem could be clam. AFAIK it requires the full object to do its
scan. Which means downloading the full thing then scanning before the
user gets to see the byte one of response. I'm not sure if the various
authors have updated clamav or squidclamav to handle tickle-scanning
yet. If they have check your version supports it.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.11
Beta testers wanted for 3.2.0.5
