Re: squid does not send cached object to an icap-server

[Yuri Voinov <yvoinov@xxxxxxxxx>]

This is not squid issue but your AV engine library or ICAP intermediate 
AV library configuration.

05.05.15 16:43, Stefan Kügler пишет:
> Hello.
>
>
> I have a short question using squid as an ICAP-client.
>
>
> It seems that squid doesn't send an already downloaded (and cached) 
> object to an ICAP-server.
>
> Here is a short description what I have done:
>
> 1. downloading a word-document with a macro-virus. The Virus-scanner 
> (ICAP-server) uses an old pattern-file and does not detect the virus.
>
> The object is now in cache.
>
> 2. updating the virus-scanner to the newest pattern-file. The 
> virus-scanner will now detect the macro virus.
>
> 3. downloading the same word-document. The object has been delivered 
> to the client without a new virus scan.
>
>
>
> And now some log-entries:
>
> 1. First download of the word document:
>
> access.log:
> 2015-05-05 12:23:52    144 192.168.2.54 TCP_MISS/200 553301 GET 
> http://www.intern/virus.doc - HIER_DIRECT/193.175.80.229 
> application/msword
>
> icap.log:
> 2015-05-05 12:23:52      5 192.168.2.54 ICAP_ECHO/204 135 REQMOD 
> icap://127.0.0.1:1344/service_scanner - -/127.0.0.1 -
> 2015-05-05 12:23:52    130 192.168.2.54 ICAP_MOD/200 553897 RESPMOD 
> icap://127.0.0.1:1344/service_scanner - -/127.0.0.1 -
>
> AV-Scanner:
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24D2B0700] INFO: Starting 
> ICAP request decoding
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24D2B0700] INFO: Request 
> message decoded in 1 chunks
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24D2B0700] INFO: Finished 
> ICAP request decoding
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24D2B0700] INFO: Starting 
> ICAP request processing
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24D2B0700] INFO: Starting 
> service processing
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24D2B0700] INFO: REQMOD 
> processing
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24D2B0700] INFO: Resource at 
> <GET http://www.intern/virus.doc HTTP/1.1> has no body to be scanned
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24D2B0700] INFO: Finished 
> service processing
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24D2B0700] INFO: The request 
> for URI 'http://www.intern/virus.doc' was allowed (Reason: 'Clean'. 
> Details: '')
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24D2B0700] INFO: Create 
> response headers type: CLEAN 204
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24D2B0700] INFO: Send headers
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24D2B0700] INFO: Finished 
> ICAP request processing
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24D2B0700] INFO: Core library 
> session cleared
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24D1AF700] INFO: Connection 
> closed by foreign host while waiting for requests
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24D1AF700] INFO: Core library 
> session cleared
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24CFAD700] INFO: Starting 
> ICAP request decoding
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24CFAD700] INFO: Request 
> message decoded in 259 chunks
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24CFAD700] INFO: Finished 
> ICAP request decoding
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24CFAD700] INFO: Starting 
> ICAP request processing
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24CFAD700] INFO: Starting 
> service processing
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24CFAD700] INFO: RESPMOD 
> processing
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24CFAD700] INFO: Starting 
> virus scanning for resource at: <GET http://www.intern/virus.doc 
> HTTP/1.1>
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24CFAD700] INFO: Starting 
> virus scanning for resource at: <GET http://www.intern/virus.doc 
> HTTP/1.1>
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24CFAD700] INFO: 
> [service_scanner]File 'virus.doc' content is stored in 
> '/var/spool/avira-icap/icap-tmp.6baFv3'
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24CFAD700] INFO: Finished 
> service processing
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24CFAD700] INFO: The request 
> for URI 'http://www.intern/virus.doc' was allowed (Reason: 'Clean'. 
> Details: '')
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24CFAD700] INFO: Create 
> response headers type: CLEAN
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24CFAD700] INFO: Adding HTTP 
> headers for response type: CLEAN
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24CFAD700] INFO: Send headers
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24CFAD700] INFO: Send the 
> original body (552960 bytes)
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24CFAD700] INFO: Finished 
> ICAP request processing
> May  5 12:23:52 sk1 av-icapd[12412]: [7FD24CFAD700] INFO: Core library 
> session cleared
>
>
>
>
>
> 2. Second download of the word document (after the pattern-update):
>
> access.log:
> 2015-05-05 12:27:43     35 192.168.2.54 TCP_MEM_HIT/200 553309 GET 
> http://www.intern/virus.doc - HIER_NONE/- application/msword
>
> icap.log:
> 2015-05-05 12:27:43      2 192.168.2.54 ICAP_ECHO/204 135 REQMOD 
> icap://127.0.0.1:1344/service_scanner - -/127.0.0.1 -
>
> AV-Scanner:
> May  5 12:27:43 sk1 av-icapd[12412]: [7FD24C4A2700] INFO: Starting 
> ICAP request decoding
> May  5 12:27:43 sk1 av-icapd[12412]: [7FD24C4A2700] INFO: Request 
> message decoded in 1 chunks
> May  5 12:27:43 sk1 av-icapd[12412]: [7FD24C4A2700] INFO: Finished 
> ICAP request decoding
> May  5 12:27:43 sk1 av-icapd[12412]: [7FD24C4A2700] INFO: Starting 
> ICAP request processing
> May  5 12:27:43 sk1 av-icapd[12412]: [7FD24C4A2700] INFO: Starting 
> service processing
> May  5 12:27:43 sk1 av-icapd[12412]: [7FD24C4A2700] INFO: REQMOD 
> processing
> May  5 12:27:43 sk1 av-icapd[12412]: [7FD24C4A2700] INFO: Resource at 
> <GET http://www.intern/virus.doc HTTP/1.1> has no body to be scanned
> May  5 12:27:43 sk1 av-icapd[12412]: [7FD24C4A2700] INFO: Finished 
> service processing
> May  5 12:27:43 sk1 av-icapd[12412]: [7FD24C4A2700] INFO: The request 
> for URI 'http://www.intern/virus.doc' was allowed (Reason: 'Clean'. 
> Details: '')
> May  5 12:27:43 sk1 av-icapd[12412]: [7FD24C4A2700] INFO: Create 
> response headers type: CLEAN 204
> May  5 12:27:43 sk1 av-icapd[12412]: [7FD24C4A2700] INFO: Send headers
> May  5 12:27:43 sk1 av-icapd[12412]: [7FD24C4A2700] INFO: Finished 
> ICAP request processing
> May  5 12:27:43 sk1 av-icapd[12412]: [7FD24C4A2700] INFO: Core library 
> session cleared
>
>
> And now my question: Is this a bug in squid - or is it possible to 
> tell squid to send already cached object to the icap-server?
>
> Kind regards,
>
> Stefan Kuegler
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users