[squid-users] problems detecting downloads with Squid

From: Luis Miguel <[email protected]>
Date: Mon, 15 Mar 2004 21:46:59 +0100

Hi all, I am using Squid 2.5.4-3 on linux, I am using squidguard as redirector to block all windows executables, all is working fine except for some webs that "bypass" squid, the ".exe" file dont show in the log files and the user can download it using the browser.

The only log squid generates is:

1079005403.984 377 192.168.0.167 TCP_MISS/200 3857 GET http://63.217.29.115/connect.php? - DIRECT/63.217.29.115 text/html
1079005404.704 544 192.168.0.167 TCP_MISS/200 9924 GET http://63.217.29.115/download.php? - DIRECT/63.217.29.115 application/force-download

but you get the .exe file.

If someone want to check the URL: http://63.217.29.115/connect.php?did=od-stnd179

Beware, I think the file that is downloaded is some king of dialer/trojan

Is there any way to detect this kind of downloads? or I am forgetting something.

Greets.
Received on Mon Mar 15 2004 - 13:38:48 MST

This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:02 MST