RE: [squid-users] squid and anti-virus

From: Ward, John (I&DBM) <[email protected]>
Date: Thu, 2 Oct 2003 09:12:48 +0200

we use the interscan virus wall product, put in front of the squid or after the squid.

We feel that the squid is more capable of handling the internet than the interscan and thus have put it in that order.

This still allows you to do things like make simple rules for delay pools to limit download speeds and to reduce bandwidth hogging.
One of the cons to this is that if you get bad content, its stored on the squid.
A better way would probably be to make squid proxy to the av scanner and then use squid for suthentication etc. This also works well, but you do lose
the bandwidth control.
If bandwidth control is not an isue for you, then i'd suggest doing it this way.

As far as performance degradation goes, we did notice a slight degradation when the av scanner was in front of the squid.

As such, I haven't yet managed to get time to play with any of the test ICAP stuff. .... maybe its time ...

Hope this helps.
J

-----Original Message-----
From: Wei Keong [mailto:chooweikeong@pacific.net.sg]
Sent: 02 October 2003 04:42
To: Ward, John (I&DBM)
Cc: 'jacques.van.der.merwe'; Squid Users
Subject: RE: [squid-users] squid and anti-virus

Hi John,

Are you using the Interscan WebProtect with ICAP? Or you are putting the
scan engine in front of Squid?

I have tried the Symantec Scan Engine, but somehow it does not work very
well with Squid 2.5S4 & Icap... :(

Rgds,
Wei Keong

On Wed, 1 Oct 2003, Ward, John (I&DBM) wrote:

> Hi Jacques,
>
> There is a way to use the trend micro product in front of the squid. Its not elegant, but it does solve one or two problems.
> things to note:
> 1) if you chain the devices, you will break your ability to use delay pools ( nice for QOS, ask Raymond C ;)
> 2) the trend product runs on linux and we've had it here for a while, but the interface is not very intuitive when it comes to seeing which scanner
> engine/pattern you have
>
> 99.992% of the time it does work well w.r.t removing the virus payload.
>
> John
>
> PS: now might be a good time to beg for CVP / ICAP in squid ;)
>
> -----Original Message-----
> From: jacques.van.der.merwe [mailto:scarab@transwitch.co.za]
> Sent: 01 October 2003 09:11
> To: Squid Users
> Subject: [squid-users] squid and anti-virus
>
>
> greetings all,
>
> has anybody successfully intergrated content scanning (anti virus) and squid? i'm getting uphill from our AV guys about no content scanning at our
> proxy before data arrives at the desktops. i know of MS products floating about that do this, but i'd hate to deploy an MS product within my pure
> Linux environment.
>
> any takers?
>
>
> NOTICE:
>
> This message contains privileged and confidential information intended
> only for the person or entity to which it is addressed.
> Any review, retransmission, dissemination, copy or other use of, or
> taking of any action in reliance upon this information by persons or
> entities other than the intended recipient, is prohibited.
>
> If you received this message in error, please notify the sender
> immediately by e-mail, facsimile or telephone and thereafter delete the
> material from any computer.
>
> The New Africa Capital Group, its subsidiaries or associates do not
> accept liability for any personal views expressed in this message.
>

NOTICE:

This message contains privileged and confidential information intended
only for the person or entity to which it is addressed.
Any review, retransmission, dissemination, copy or other use of, or
taking of any action in reliance upon this information by persons or
entities other than the intended recipient, is prohibited.

If you received this message in error, please notify the sender
immediately by e-mail, facsimile or telephone and thereafter delete the
material from any computer.

The New Africa Capital Group, its subsidiaries or associates do not
accept liability for any personal views expressed in this message.
Received on Thu Oct 02 2003 - 01:15:34 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:16 MST