Re: [squid-users] Re: block spyware with squid

From: Amos Jeffries <[email protected]>
Date: Fri, 26 Oct 2007 10:25:58 +1300 (NZDT)

> Leonardo Rodrigues Magalh�es ha scritto:
>>
>>
>> Indunil Jayasooriya escreveu:
>>> Hi,
>>>
>>> I want to block spyware while users browse internet. Are there any
>>> ACLs to block this ?
>>>
>>> Have you done this before?
>>>
>>
>> squid has no 'malware ACL type'. It has, tough, several different ACL
>> types that can be used to classify and deny malware access, you just
>> have to create the ACLs.
>>
>> Can squid 'automagically' recognizes normal accesses and malware
>> accesses ?? Absolutely NOT.
>>
>> Is there some third-party ACL file that can be used to acchieve
>> spy/malware blocking ?? I'm not sure on that, but probably someone is
>> already doing and maintaning that. Try googling/archive searching for
>> that.
>>
>>
>>
>
> I don't think "fingreprinting" requests from the lan to the internet is
> possible. But you can restrict access by acl-blocking domains or regex
> urls that are known to spread spyware. I think there must be some sort
> of already compiled list for this, but I can't confirm since I never did
> a thorough research on the subject.
> To collect urls and domains you could also take note of what programs
> like ad-aware and spybot s&d find on the affected machine(s), and use
> those urls to update your rules.

It is possible to use some external program via external ACL, ICAP, or
peer relationships to do the filtering for squid.

Amos
Received on Thu Oct 25 2007 - 15:26:02 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:02 MDT