Search squid archive

Re: peek and splice content inspection question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have SquidClamAV implemented with the Smoothwall Express 3.1 firewall. It works well and fast with ssl-bump, although the majority of our users only have relatively small networks with smaller loads.

FYI, E2Guardian has replaced the DansGuardian project and is currently well maintained. E2Guardian can do content filtering for SSL but only in explicit mode, It currently does not support intercept (transparent) mode for SSLBump.

On Fri, Aug 14, 2015 at 10:51 AM, Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
On 08/13/2015 10:31 PM, Amos Jeffries wrote:
> AFAICS it
> is the backend AV library only scanning disk objects that causes the
> whole issue. Otherwise the eCAP could be much, much faster.

The situation is more nuanced: eCAP supports asynchronous adapters. It
is possible to write a ClamAV adapter that writes messages to disk and
analyses them without blocking Squid. Doing so should eliminate most
overheads between Squid and ClamAV.

Factory ClamAV adapter can run in asynchronous mode, but threads are
only used for _analysis_ of written files. We have not optimized the
file writing part (yet?). Hopefully, using a RAM-based file system can
mitigate a large part of that performance damage (as well as address
some of the security concerns related to disk storage?).

A bigger performance problem, AFAICT, is that ClamAV does not support
incremental analysis. It waits for the entire file to be downloaded
first. This breaks the message delivery pipeline and increases
user-perceived response time. This problem cannot be solved outside the
ClamAV library.


Cheers,

Alex.

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux