[squid-users] squidclamav: Reduce overhead by omitting request-scanning?

From: Felix Leimbach <felix.leimbach_at_gmail.com>
Date: Sat, 30 Jun 2012 09:20:51 +0200

Hello list

I'm running squid 3.1.19 with squidclamav 6.6 and while debugging a
different issue, I looked at tcpdumps of the ICAP traffic for
squidclamav.
I noticed that not only the webpages are sent to squidclamav for
scanning, the *requests* are sent and scanned as well.

This looks like unnecessary processing overhead to me and I've
disabled this by removing these lines (from squidclamav's install [1]
page):

icap_service service_req reqmod_precache bypass=1
icap://127.0.0.1:1344/squidclamav
adaptation_access service_req allow all

what's left is the response scanning:

icap_service service_resp respmod_precache bypass=1
icap://127.0.0.1:1344/squidclamav
adaptation_access service_resp allow all

Viruses in webpages are still being caught just fine.

Should the install page be updated or is there a disadvantage to this approach?

[1]�http://squidclamav.darold.net/installv6.html
Received on Sat Jun 30 2012 - 07:20:59 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 30 2012 - 12:00:04 MDT