Re: [squid-users] What Virus Scanning software runs "nicely" withSquid?

From: nils toedtmann <[email protected]>
Date: Thu, 24 Oct 2002 17:28:59 +0200

On Thu, Oct 24, 2002 at 09:30:56AM -0400, Jerry Murdock wrote:
> ----- Original Message -----
> From: "nils toedtmann" <ntoedtmann@marcant.net>
> To: <squid-users@squid-cache.org>
> Sent: Thursday, October 24, 2002 8:56 AM
> Subject: Re: [squid-users] What Virus Scanning software runs "nicely"
> withSquid?
>
>
> > Do You also use "never_direct" to make sure that an unreachable
> > viruswall (high load, segfaults/hangs, mistake) does not lead to
> > bypassing it? Or isn't that nesseccary?
> >
> I use never_direct as the default. Everything goes through the VW unless
> there is an explicit always_direct.
>
> > * If ftp-server use strange permissions on the files/directories,
> > the viruswall messes up the listing totally. Rarely some more
> > difficulties with ftp-servers.
> >
> I haven't noticed the problem, but decided a long time ago that the VW's
> ftp listings weren't "pretty" enough. One of my always_direct acls is for
> ftp directory listings.

Oh, interesting. How do make an acl only for ftp-LISTINGS?

> > * Hangs sometimes on SSL/CONNECT (no problem if You bypass the
> > viruswall for https like Jerry)
> >
> Haven't noticed this, but as you said, my always_direct probably takes
> care of it.
>
> > * on one machine we got hanging dns-lookup-children, filling up
> > CPU/RAM over the time.
> >
> What build of VW? I can honestly say I've had no real problems since
> around build 1200 of 3.6. Haven't seen the need to go to 3.7 yet - if it
> ain't broke.... Current running 1240+ on most boxes.

You're probably right, trendmicro claims that newer builds of 3.6 do
not have those problems (ftp, https). Anyway, since we use our "sandwich"
configuration (was proposed to us by the trendmicro distributor in germany!)
we do not care about proxying bugs of the viruswall :-)

> I'll probably try 3.7 on the next new install ..

The nslookup problem we only had with a young&fresh 3.7 built! I do not
remember which. I You're interested, i'll find out. So You've been warned
now ...

/nils.

By the way: today a collegue of mine discovered a really strange
thing: He downloaded mails from a webmail-account. The mails also
get forwarded via smtp to a local pop3-box. The smtp-scanner
of the viruswall detected a virus in an infected mail, but the
http-scanner DID NOT! We verified, that the downloaded attachment
indeed contained the virus. Seems the the webmailprovider found a
way to bypass the http-viruswall ...

-- 
nils toedtmann
technische abteilung
marcant internet-services gmbh <http://www.marcant.net>
Received on Thu Oct 24 2002 - 09:29:02 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:54 MST