Hey, Sorry for not responding earlier. Your question regarding having two layers of AV technically depends on what both are offering as a product. We can spate the question of unwrapping HTTPS\TLS connections from inspecting the HTTPS content using an AV. If you have a trusted source and as an example I would take Microsoft. Microsoft is known to secure it's infrastructure despite some rumors from security "experts" so you won't need to inspect their updates. You might want to cache them but not check them with AV. The day you will need to inspect them with AV things will probably start falling from the sky.. If you have a defined business web usage policy it minimizes the options to malice software download but it only fits for special cases with high risk for theft or other crime related sensitive data\info. Building Latest squid from sources for Debian Jessie can cost money and in some cases it's not worth it. The answer regarding the price would be the level of QA and other development and integration stages. Depends on the business size the HTTPS url inspection by itself can be worth a lot. Can you define what can be costly when building squid for Jessie? I am asking since I am in the middle of working on a version of latest squid with SSL-BUMP support.(it takes quite some time to automate it) Eliezer ---- Eliezer Croitoru <http://ngtech.co.il/lmgtfy/> Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of hans.meyer0@xxxxx Sent: Wednesday, June 22, 2016 5:10 PM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: https antivirus proxy necessary? Do you think it's necessary to have an additional https antivir proxy to normal client antivirus? We are using Avast Business that already offers a web protection. Can an additional antivir proxy significant higher the level of protection? In general I think two different antivirus programms see more then one. But on the other hand an HTTP/HTTPS antivirus proxy is an additional attack surface. Especially because its costly to build the latest squid version with https support from source on a debian jessie. So the proxy will not be up a proxy or not? --- Mail & Cloud Made in Germany mit 3 GB Speicher! Jetzt kostenlos anmelden <https://email.freenet.de/mail/Uebersicht?epid=e9900000450>
<<attachment: winmail.dat>>
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
