Re: [squid-users] Re: block spyware with squid

From: Marcello Romani <[email protected]>
Date: Wed, 24 Oct 2007 13:38:49 +0200

Leonardo Rodrigues Magalh�es ha scritto:
>
>
> Indunil Jayasooriya escreveu:
>> Hi,
>>
>> I want to block spyware while users browse internet. Are there any
>> ACLs to block this ?
>>
>> Have you done this before?
>>
>
> squid has no 'malware ACL type'. It has, tough, several different ACL
> types that can be used to classify and deny malware access, you just
> have to create the ACLs.
>
> Can squid 'automagically' recognizes normal accesses and malware
> accesses ?? Absolutely NOT.
>
> Is there some third-party ACL file that can be used to acchieve
> spy/malware blocking ?? I'm not sure on that, but probably someone is
> already doing and maintaning that. Try googling/archive searching for that.
>
>
>

I don't think "fingreprinting" requests from the lan to the internet is
possible. But you can restrict access by acl-blocking domains or regex
urls that are known to spread spyware. I think there must be some sort
of already compiled list for this, but I can't confirm since I never did
a thorough research on the subject.
To collect urls and domains you could also take note of what programs
like ad-aware and spybot s&d find on the affected machine(s), and use
those urls to update your rules.

HTH

-- 
Marcello Romani
Responsabile IT
Ottotecnica s.r.l.
http://www.ottotecnica.com
Received on Wed Oct 24 2007 - 05:39:00 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:02 MDT