Hello list
I'm running squid 3.1.19 with squidclamav 6.6 and while debugging a
different issue, I looked at tcpdumps of the ICAP traffic for
squidclamav.
I noticed that not only the webpages are sent to squidclamav for
scanning, the *requests* are sent and scanned as well.
This looks like unnecessary processing overhead to me and I've
disabled this by removing these lines (from squidclamav's install [1]
page):
icap_service service_req reqmod_precache bypass=1
icap://127.0.0.1:1344/squidclamav
adaptation_access service_req allow all
what's left is the response scanning:
icap_service service_resp respmod_precache bypass=1
icap://127.0.0.1:1344/squidclamav
adaptation_access service_resp allow all
Viruses in webpages are still being caught just fine.
Should the install page be updated or is there a disadvantage to this approach?
[1] http://squidclamav.darold.net/installv6.html
Received on Sat Jun 30 2012 - 07:20:59 MDT
This archive was generated by hypermail 2.2.0 : Sat Jun 30 2012 - 12:00:04 MDT