Search squid archive

Re: peek and splice content inspection question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Stanford and the list,


Sorry to jump on a late thread - it is also possible to use ICAP/eCAP server to filter the actual contents of the stream.

C-ICAP comes to mind first, then eCap samples from http://www.e-cap.org/Downloads 


Best regards,

Rafael


From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> on behalf of Stanford Prescott <stan.prescott@xxxxxxxxx>
Sent: Monday, August 17, 2015 1:04 AM
To: Yuri Voinov
Cc: squid-users
Subject: Re: peek and splice content inspection question
 
Yes, really. ufdbGuard, like squidGuard before it, is a URL Filter that filters known unwanted URLs. A content filter, like DansGuardian and E2Guardian are content filters which examine the content of web pages looking for unwanted things.

On Sun, Aug 16, 2015 at 6:10 PM, Yuri Voinov <yvoinov@xxxxxxxxx> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
O, really?

17.08.15 4:03, Stanford Prescott пишет:
> ufdbGuard is not a content filter.
>
> On Sun, Aug 16, 2015 at 4:07 PM, Yuri Voinov <yvoinov@xxxxxxxxx> wrote:
>
>>
> ufdbguard does.
>
> 16.08.15 20:27, Stanford Prescott пишет:
>
> >>> I have SquidClamAV implemented with the Smoothwall Express 3.1 firewall.
> It
> >>> works well and fast with ssl-bump, although the majority of our users
> only
> >>> have relatively small networks with smaller loads.
> >>>
> >>> FYI, E2Guardian has replaced the DansGuardian project and is currently
> well
> >>> maintained. E2Guardian can do content filtering for SSL but only in
> >>> explicit mode, It currently does not support intercept (transparent) mode
> >>> for SSLBump.
> >>>
> >>> On Fri, Aug 14, 2015 at 10:51 AM, Alex Rousskov <
> >>> rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
> >>>
> >>>> On 08/13/2015 10:31 PM, Amos Jeffries wrote:
> >>>>> AFAICS it
> >>>>> is the backend AV library only scanning disk objects that causes the
> >>>>> whole issue. Otherwise the eCAP could be much, much faster.
> >>>>
> >>>> The situation is more nuanced: eCAP supports asynchronous adapters. It
> >>>> is possible to write a ClamAV adapter that writes messages to disk and
> >>>> analyses them without blocking Squid. Doing so should eliminate most
> >>>> overheads between Squid and ClamAV.
> >>>>
> >>>> Factory ClamAV adapter can run in asynchronous mode, but threads are
> >>>> only used for _analysis_ of written files. We have not optimized the
> >>>> file writing part (yet?). Hopefully, using a RAM-based file system can
> >>>> mitigate a large part of that performance damage (as well as address
> >>>> some of the security concerns related to disk storage?).
> >>>>
> >>>> A bigger performance problem, AFAICT, is that ClamAV does not support
> >>>> incremental analysis. It waits for the entire file to be downloaded
> >>>> first. This breaks the message delivery pipeline and increases
> >>>> user-perceived response time. This problem cannot be solved outside the
> >>>> ClamAV library.
> >>>>
> >>>>
> >>>> Cheers,
> >>>>
> >>>> Alex.
> >>>>
> >>>> _______________________________________________
> >>>> squid-users mailing list
> >>>> squid-users@xxxxxxxxxxxxxxxxxxxxx
> >>>> http://lists.squid-cache.org/listinfo/squid-users
> >>>>
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> squid-users mailing list
> >>> squid-users@xxxxxxxxxxxxxxxxxxxxx
> >>> http://lists.squid-cache.org/listinfo/squid-users
>
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users@xxxxxxxxxxxxxxxxxxxxx
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJV0QpsAAoJENNXIZxhPexG24gIAMNuWsyfn/QkXWTXROZEJYL1
0frhC+w22fjV8svGjTrZEtSKY4LTHiHEjp99bPBEpPdoCURifUq20m018qRoIcEA
XZfadD+s47bT7FvZbc2W58BQZUsWvotQRMNDPE+Mf0e38ev6PXsj16SaHmWytdx2
Z9H0y5qlgJwwbUyfps4uQn1wF16Qlf2Fw5TGRUbBrij+rjPYzDSXTXxtfT+4j/3V
4lZ0bN0HSFfvJrbfcpPoMCnSlRyJOm/b6Rxqv7v733OtrY/41EW1+HE1HOmW0em3
rwpAV1KgWrwMZYHcIBE147itXlz1RGQutX01auiiSvm/hO3h78rl6aSawmanOAM=
=GgTR
-----END PGP SIGNATURE----- 


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux