wade at xwin
Aug 1, 2003, 1:26 PM
Post #1 of 1
Re: Clamd, clamuko & squid
I just started using clamd with my exim for scanning email, but the
web viruses still get through of course. I am thinking that maybe the
squid/clamd direction is the way to go since I prefer squid over apache
as a cache since I started with squid back when it was harvest?? or some
such name like that.
Anyway I was wondering if anyone has actually done or is working on the
squid caching interface yet that was mentioned below?
Re: [clamav-devel] Clamd, clamuko & squid
from [Thomas Lamy] [Bookmark Link][Original]
To: devel [at] clamav
Subject: Re: [clamav-devel] Clamd, clamuko & squid
From: Thomas Lamy <Thomas.Lamy [at] in-online>
Date: Mon, 23 Jun 2003 09:28:31 +0200
Delivered-to: archive-mharc [at] elektra
Delivered-to: mailing list devel [at] clamav
In-reply-to: <1056352360.1534.0.camel [at] next138>
List-help: <mailto:devel-help [at] clamav>
List-post: <mailto:devel [at] clamav>
List-unsubscribe: <mailto:devel-unsubscribe [at] clamav>
Mailing-list: contact devel-help [at] clamav; run by ezmlm
References: <1056352360.1534.0.camel [at] next138>
Reply-to: <devel [at] clamav>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3)
Ramn Arnal Palas wrote:
I started with Clam 3 or 4 months ago and my life has become happier
since then. I'm not going to change
Same with me, you're welcome.
My goal is to scan all http flow through my server for viruses.
My situation is this:
-Squid installed and running.
-Dazuko installed and running.
-Clamd & Clamuko installed and running.
-Clamuko protects "/var/spool/squid"
-When I download a virus, it is detected:
Thu Jun 19 21:19:35 2003 -> Clamuko:
/var/spool/squid/00/00/00000024: Eicar-Test-Signature FOUND
-Squid passes the file to the browser.
I wonder if it could be possible directly delete the file as soon as
it's detected by clamuko (or moved to another directory, etc.etc.etc)
I think this is not what one wants, because the virus _already has been_
forwarded to the client, so there's no protection.
I don't know if I'm going in the right direction, please let me know
where should I search for help.
Im currently "porting" squid-vscan
(http://www.openantivirus.org/projects.php#squid-vscan) to the latest
stable squid version, and then use clamd instead of OpenAntiVirus. I do
this in my spare time, so no beta or release date available.
This piece of software will (hopefully) catch viri _before_ they are sent
to the client or stored on disk. It has some drawbacks, especially when
dealing with large files (I have to keep the client session alive...).
I'll post an announcement here if it's ready for testing.
To unsubscribe, e-mail: devel-unsubscribe [at] clamav
For additional commands, e-mail: devel-help [at] clamav