|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Either SquidGuard, or ufdbGuard has this functional onto blocking page. Just configure it. 17.08.15 5:04, Stanford Prescott пишет: > Yes, really. ufdbGuard, like squidGuard before it, is a URL Filter that > filters known unwanted URLs. A content filter, like DansGuardian and > E2Guardian are content filters which examine the content of web pages > looking for unwanted things. > > On Sun, Aug 16, 2015 at 6:10 PM, Yuri Voinov <yvoinov@xxxxxxxxx> wrote: > >> > O, really? > > 17.08.15 4:03, Stanford Prescott пишет: > >>> ufdbGuard is not a content filter. > >>> > >>> On Sun, Aug 16, 2015 at 4:07 PM, Yuri Voinov <yvoinov@xxxxxxxxx> > <yvoinov@xxxxxxxxx> wrote: > >>> > >>>> > >>> ufdbguard does. > >>> > >>> 16.08.15 20:27, Stanford Prescott пишет: > >>> > >>>>>> I have SquidClamAV implemented with the Smoothwall Express 3.1 > firewall. > >>> It > >>>>>> works well and fast with ssl-bump, although the majority of our users > >>> only > >>>>>> have relatively small networks with smaller loads. > >>>>>> > >>>>>> FYI, E2Guardian has replaced the DansGuardian project and is > currently > >>> well > >>>>>> maintained. E2Guardian can do content filtering for SSL but only in > >>>>>> explicit mode, It currently does not support intercept (transparent) > mode > >>>>>> for SSLBump. > >>>>>> > >>>>>> On Fri, Aug 14, 2015 at 10:51 AM, Alex Rousskov < > >>>>>> rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > >>>>>> > >>>>>>> On 08/13/2015 10:31 PM, Amos Jeffries wrote: > >>>>>>>> AFAICS it > >>>>>>>> is the backend AV library only scanning disk objects that causes > the > >>>>>>>> whole issue. Otherwise the eCAP could be much, much faster. > >>>>>>> > >>>>>>> The situation is more nuanced: eCAP supports asynchronous adapters. > It > >>>>>>> is possible to write a ClamAV adapter that writes messages to disk > and > >>>>>>> analyses them without blocking Squid. Doing so should eliminate most > >>>>>>> overheads between Squid and ClamAV. > >>>>>>> > >>>>>>> Factory ClamAV adapter can run in asynchronous mode, but threads are > >>>>>>> only used for _analysis_ of written files. We have not optimized the > >>>>>>> file writing part (yet?). Hopefully, using a RAM-based file system > can > >>>>>>> mitigate a large part of that performance damage (as well as address > >>>>>>> some of the security concerns related to disk storage?). > >>>>>>> > >>>>>>> A bigger performance problem, AFAICT, is that ClamAV does not > support > >>>>>>> incremental analysis. It waits for the entire file to be downloaded > >>>>>>> first. This breaks the message delivery pipeline and increases > >>>>>>> user-perceived response time. This problem cannot be solved outside > the > >>>>>>> ClamAV library. > >>>>>>> > >>>>>>> > >>>>>>> Cheers, > >>>>>>> > >>>>>>> Alex. > >>>>>>> > >>>>>>> _______________________________________________ > >>>>>>> squid-users mailing list > >>>>>>> squid-users@xxxxxxxxxxxxxxxxxxxxx > >>>>>>> http://lists.squid-cache.org/listinfo/squid-users > >>>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> _______________________________________________ > >>>>>> squid-users mailing list > >>>>>> squid-users@xxxxxxxxxxxxxxxxxxxxx > >>>>>> http://lists.squid-cache.org/listinfo/squid-users > >>> > >>>> > >>>> > >>>> _______________________________________________ > >>>> squid-users mailing list > >>>> squid-users@xxxxxxxxxxxxxxxxxxxxx > >>>> http://lists.squid-cache.org/listinfo/squid-users > >>>> > >>>> > >>> > > >> >> > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJV0aHAAAoJENNXIZxhPexGQiMIAJAAW6E7JKROzwy0B+KcCLK6 BxfcA1o+lvJYwl6drsTeBH4NzO+Ra4eYmJMC94LwYc17E8Zwj5A+1t25cfQ1orIi 5EFjiVQ+0nseAGidcBnUNM1Nw+b4Xa/WswGo9+ApmslSstO1643uwteVip8o+Blg FuhYDuodynLNedsvxFq8/098zkZs1yc8d/pDyTAg4rQIGgU3gvxoMj3DLixFAkSy E0Qx0jEsSBvt0ksJAgxi0dVQh3ybeQqxevLgwDPFI0DuIvDh2Ho+6jwovzv+NyWS EK2i5CigTk2VguviWSFGmhpEkn3mvdLE5Kdj2XCB+1KFecmRv8ITwjvNNPKuh2w= =Mh/Z -----END PGP SIGNATURE----- |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
