Search squid archive

Re: peek and splice content inspection question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 08/13/2015 09:38 AM, Amos Jeffries wrote:
> On 14/08/2015 12:47 a.m., Marko Cupać wrote:
>> Is it possible - by means of squid's peek and splice feature - to
>> inspect file extensions and mime types of https traffic? Can bumped
>> https traffic be forwarded to icap (squidclamav) for AV scanning?

> Doing so is the features intended purpose.


And you may be able to use either Secure ICAP (Squid 4) or the eCAP
ClamAV adapter for AV scanning without transmitting bumped messages over
plain text ICAP connections.


> if I just send traffic to squidclamav on icap
> tcp port, then I don't store usernames and passwords or private emails
> in cache?

Squid caching is not related to AV scanning. If you do not disable
caching, Squid will cache cachable responses. IIRC, the code making the
cachability decision does not check whether the response was bumped.
However, you may configure it to do so using the "cache" directive:

  http://www.squid-cache.org/Doc/config/cache/

Said that, most responses with private information should not be
cachable by default because the server should mark them as such.


The current eCAP ClamAV adapter [temporary] stores message bodies on
disk to pass them to the ClamAV library for analysis. I do not know
about squidclamav.


HTH,

Alex.

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux