Search squid archive

Need help about ICAP scan timeout/max file size for big files

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Hi all,

i am trying to solve the problem, that SQUID is caching all the big files (for example 1GB) before sending them to the client, but the connected ICAP virus scanner is configured with max_file_size 2MB and scan_timeout 5 seconds. So all bigger files, or longer scanning times, should result in "clean" state from the icap virus scanner.

I am running antivirus FSIGK (F-Secure Internet GateKeeper) as an ICAP daemon connected to Squid with this configuration:

#ICAP
icap_enable on
acl domains_dont_icapscan url_regex -i "/etc/squid/ka/domains_dont_icapscan.acl"
acl audio rep_mime_type -i ^(audio\/x-mpegurl|audio\/mpeg|audio\/ogg|audio\/aac|audio/mp3)$

icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/request
adaptation_access service_req allow !domains_dont_icapscan
icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/response
adaptation_access service_resp allow !domains_dont_icapscan !audio

Detecting viruses is working, but downloading large files is a huge problem. Squid is downloading them completely first into the servers memory and caching them, before sending them to the client. Its not stop scanning & caching after 2MB/5Seconds. When downloading big files (f.e. 1gb) the browser just does nothing but waiting a long time, because squid is downloading and caching 1gb before forward to client.

I tried change respmod_precache to respmod_postcache but it seems not to be implemented yet, with respmod_postcache fsigk icap log is empty , no virus detection works anymore.
I have a test-virus-file with 100MB (https://schroeffu.ch/100mbrandomvirus_begin.txt eicar+randomcontent) and the virus is detected by fsigk with settings max_scan_size=104400136 / scan_timeout=9000 , change them to max_scan_size=2147483 (2mb) and scan_timeout=5 (5Seconds) the virus is correctly not detected anymore, but, squid still does cache the 100mb before sending to the client.

How can I configure the ICAP Service to truly let bigger files/longer scan times through the icap service marked as "clean"?

Thanks for any help!
Schroeffu
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux