I am using squid 3.2.3 + http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11699.patch(Polish: replace several assert(isOpen(fd))) + c-icap 0.1.7 + squidclamav 6.9 + squidGuard 1.4 as default I deny all application/octet-stream reply access, and disable virus scan picture ^.*\.(ico|gif|png|jpg)$ in squidclamav. my problem is when user try to access a link that end of .gif but reply content type is application/octet-stream, c-icap will store that content to /var/tmp and keep it, then die in icap process, even I reload icap. Squid Cache: Version 3.2.3 configure options: '--enable-icmp' '--enable-delay-pools' '--enable-icap-client' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-cachemgr-hostname=localhost' '--enable-ssl' '--enable-cache-digests' '--enable-epoll' '--disable-ipfw-transparent' '--disable-ipf-transparent' '--disable-pf-transparent' '--disable-linux-netfilter' '--enable-follow-x-forwarded-for' '--enable-ident-lookups' '--enable-ssl-crtd' '--enable-auth' '--enable-auth-basic=LDAP,NCSA,SMB,MSNT,MSNT-multi-domain' '--enable-auth-ntlm=smb_lm' '--enable-auth-negotiate=kerberos,wrapper' '--enable-external-acl-helpers=kerberos_ldap_group,AD_group,unix_group,wbinfo_group,LDAP_group,file_userip,LM_group' '--with-default-user=squid' '--enable-ltdl-convenience' acl blockmime rep_mime_type application/octet-stream http_reply_access deny blockmime http_reply_access allow all icap_enable on icap_preview_enable on icap_preview_size 4096 icap_persistent_connections on icap_send_client_ip on icap_send_client_username on icap_client_username_header X-Client-Username icap_service squidclamav_req reqmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav icap_service squidclamav_resp respmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav adaptation_access squidclamav_req allow all adaptation_access squidclamav_resp allow all c-icap.conf PidFile /var/run/c-icap/c-icap.pid CommandsSocket /var/run/c-icap/c-icap.ctl Timeout 300 MaxKeepAliveRequests 100 KeepAliveTimeout 600 StartServers 10 MaxServers 20 MinSpareThreads 10 MaxSpareThreads 20 ThreadsPerChild 10 MaxRequestsPerChild 0 Port 1344 User apache Group apache ServerAdmin i@***.com.cn ServerName proxy TmpDir /var/tmp MaxMemObject 1048576 DebugLevel 0 ModulesDir /usr/local/lib/c_icap ServicesDir /usr/local/lib/c_icap TemplateDir /usr/local/share/c_icap/templates/ TemplateDefaultLanguage en LoadMagicFile /usr/local/etc/c-icap.magic RemoteProxyUsers off RemoteProxyUserHeader X-Authenticated-User RemoteProxyUserHeaderEncoded on ServerLog /var/log/c-icap/server.log AccessLog /var/log/c-icap/access.log Service echo srv_echo.so Service squidclamav squidclamav.so squidclamav.conf clamd_local /var/run/clamav/clamd.sock redirect http://proxy/cgi-bin/clwarn.cgi maxsize 50000000 timeout 2 logredir 0 dnslookup 1 abort ^.*\.(ico|gif|png|jpg)$ abort ^.*\.(css|xml|xsl|js|html|jsp)$ abort ^.*\.swf$ abortcontent ^image\/.*$ abortcontent ^text\/.*$ abortcontent ^application\/x-javascript$ abortcontent ^video\/x-flv$ abortcontent ^video\/mp4$ abortcontent ^application\/x-shockwave-flash$ abortcontent ^.*application\/x-mms-framed.*$ my squid log 1375345064.448 6471 1.1.2.3 TCP_DENIED_REPLY/403 9044 GET http://bbs.chinaacc.com/getresource.php?thumb=1&rid=104959 user_Name FIRSTUP_PARENT/1.1.2.2 text/html ls -l --time-style=+%s /var/tmp -rw------- 1 apache apache 3924554 1375345064 CI_TMP_bykwF4 lsof /var/tmp/CI_TMP_bykwF4 c-icap 20802 apache 33u REG 253,0 3924554 244479 CI_TMP_bykwF4 lsof -p 20802 c-icap 20802 apache 31u REG 253,0 3924554 181742 /var/tmp/CI_TMP_pZJZ3q c-icap 20802 apache 32u REG 253,0 3924554 244478 /var/tmp/CI_TMP_nj2kWD c-icap 20802 apache 33u REG 253,0 3924554 244479 /var/tmp/CI_TMP_bykwF4 c-icap 20802 apache 35u IPv4 20636425 0t0 TCP localhost:icap->localhost:37850 (ESTABLISHED) firebug report: GET getresource.php?thumb=1&rid=104959 200 OK bbs.chinaacc.com 3.7 MB 1.1.2.2:8000 8.43s ParamsHeadersResponseCookies Response Headersview source Connection keep-alive Content-Disposition inline; filename="62037b5agw1droqc7t0qeg.gif" Content-Encoding none Content-Length 3924554 Content-Type application/octet-stream Date Thu, 01 Aug 2013 08:29:43 GMT Last-Modified Thu, 01 Aug 2013 08:29:43 GMT Proxy-Authentication-Info Negotiate oYGyMIGvoAMKAQChCwYJKoZIgvcSAQICooGaBIGXYIGUBgkqhkiG9xIBAgICAG+BhDCBgaADAgEFoQMCAQ+idTBzoAMCAReibARqiHRChCBhCm+q94YpjxLaCevHSu6pf+h8c3qgm0klDOgz9hinJRUaR7kq1pwV5+64cHmG146DDjehdQ+AmKcPRxnMsNnjqGr1zcPK2czlMdEDWOCGka7B3jJPGMIJDK6onV1cKqgcUIPosg== Server nginx Via ICAP/1.0 proxy (C-ICAP/0.1.7 SquidClamav/Antivirus service ) X-Cache MISS from webproxy, MISS from proxy X-Cache-Lookup MISS from proxy:8001, MISS from proxy:8000 X-Powered-By PHP/5.2.10 Request Headersview source Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding gzip, deflate Accept-Language en-US,en;q=0.5 Connection keep-alive Cookie uid=O5dxe1H6GMwUmXg4A3drAg== Host bbs.chinaacc.com User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0 -- Regards, John Xue