On 08/13/2015 09:38 AM, Amos Jeffries wrote: > On 14/08/2015 12:47 a.m., Marko Cupać wrote: >> Is it possible - by means of squid's peek and splice feature - to >> inspect file extensions and mime types of https traffic? Can bumped >> https traffic be forwarded to icap (squidclamav) for AV scanning? > Doing so is the features intended purpose. And you may be able to use either Secure ICAP (Squid 4) or the eCAP ClamAV adapter for AV scanning without transmitting bumped messages over plain text ICAP connections. > if I just send traffic to squidclamav on icap > tcp port, then I don't store usernames and passwords or private emails > in cache? Squid caching is not related to AV scanning. If you do not disable caching, Squid will cache cachable responses. IIRC, the code making the cachability decision does not check whether the response was bumped. However, you may configure it to do so using the "cache" directive: http://www.squid-cache.org/Doc/config/cache/ Said that, most responses with private information should not be cachable by default because the server should mark them as such. The current eCAP ClamAV adapter [temporary] stores message bodies on disk to pass them to the ClamAV library for analysis. I do not know about squidclamav. HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users