Re: [squid-users] Using ACLs with ICAP/SquidClamAV

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Fri, 13 Jul 2012 00:45:05 +0300

On 7/12/2012 11:17 PM, Peter H. Lemieux wrote:
> This is my first posting. Please be gentle!
>
> I've run Squid in many arrangements but only recently have I been using
> the ICAP client to invoke SquidClamAV. I've browsed the wiki and
> searched on Google, but I can't seem to figure out how I might use ACLs
> to control when a request gets passed to the ICAP server.
>
> We have a Windows server that wants to download an update file from
> windowsupdate.com. That file triggers the known ClamAV false positive
> W32.Virut.Gen.D-159. I'd like to write an ACL so that objects requested
> from this machine's IP address are not passed to the ICAP server but
> sent directly to the requesting machine.
>
> I've written lots of ACLs in the past to exempt hosts, URL regexes, and
> the like, but I can't seem to figure out how to do this with an ICAP
> request. I've looked at the documentation for configuration file
> directives like adaptation_access, icap_service, and the like, but I
> can't seem to find anything that tells me how to use ACLs with those.
> Can anyone point me to some documentation I might read, or suggest some
> methods to use ACLs with ICAP?
>
> Thanks!
>
>
> Peter

use the logic of acls:

##start
#instead of 192.168.0.1 use the machie ip
acl my_machine src 192.168.0.1

icap_service service_av reqmod_precache bypass=0
icap://clamavserver:1344/reqmod
adaptation_access service_av deny my_machine
adaptation_access service_av allow all
##end
That is all

Best Regards,
Elieze

-- 
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
Received on Thu Jul 12 2012 - 21:45:16 MDT

This archive was generated by hypermail 2.2.0 : Fri Jul 13 2012 - 12:00:02 MDT