Hello Marko, Please take a look at qlproxy (ICAP server for Squid) - this might done what you describe. Best regards, Raf ________________________________________ From: Marko Cupać <marko.cupac@xxxxxxxx> Sent: Tuesday, February 4, 2014 9:37 AM To: squid-users@xxxxxxxxxxxxxxx Subject: Re: squidclamav regexp lists On Tue, 04 Feb 2014 10:29:59 +1300 Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > Try clamav as an ICAP service used by Squid. Whitelisting is done > either in clamav or in the squid.conf adaptation_access rules. ICAP > also allows the scanner to "step out" of the transaction at any time > it determines a pass result (less AV traffic I/O => faster overall > traffic). Squidclamav 6.x is c-icap module. I think I am already using it the way you suggest. Or, if not, can you please me point me to some documentation? > For what reasons do you have squidguard in the loop at all? > > The model of operation Squid is primarily designed for is a central > HTTP proxy routing requests to any service necessary to complete the > transaction. This is the setup I found well documented, and it does the job for me. I'd be glad to get the same functionality with squid only. Basically I need to authenticate all users from Active Directory (which is well documented in the wiki), authorize them in accordance with AD group membership (which could be done with external acls i guess), and redirect them to custom pages in case of some rule violation (transparent 1x1 gif for ads, custom page which displays info about reason for block, user, group, ip address etc.). I hoped to manage this with just squid and c-icap's modules squidclamav and srv_url_check, or maybe directly with squid's acls, but I didn't find good documentation about this kind of setup. Regards, -- Marko Cupać