Re: [squid-users] squidclamav regexp lists

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 04 Feb 2014 22:51:30 +1300

On 4/02/2014 9:37 p.m., Marko Cupać wrote:
> On Tue, 04 Feb 2014 10:29:59 +1300
> Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
>> Try clamav as an ICAP service used by Squid. Whitelisting is done
>> either in clamav or in the squid.conf adaptation_access rules. ICAP
>> also allows the scanner to "step out" of the transaction at any time
>> it determines a pass result (less AV traffic I/O => faster overall
>> traffic).
>
> Squidclamav 6.x is c-icap module. I think I am already using it the way
> you suggest. Or, if not, can you please me point me to some
> documentation?

You have not mentioned specific config as yet. The clamav v6 install
document has all teh main details about use with Squid-3.x
  http://squidclamav.darold.net/installv6.html
This is probably best. Our ICAP documentation has to be quite generic.

If you already have that, great.

>
>> For what reasons do you have squidguard in the loop at all?
>>
>> The model of operation Squid is primarily designed for is a central
>> HTTP proxy routing requests to any service necessary to complete the
>> transaction.
>
> This is the setup I found well documented, and it does the job for me.
> I'd be glad to get the same functionality with squid only. Basically I
> need to authenticate all users from Active Directory (which is well
> documented in the wiki), authorize them in accordance with AD group
> membership (which could be done with external acls i guess),

Yes. Also well documented but so simple that it gets overlooked easily.
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Groups

> and
> redirect them to custom pages in case of some rule violation
> (transparent 1x1 gif for ads, custom page which displays info about
> reason for block, user, group, ip address etc.).

The essence of this is the "rule violation". Determining exactly what
those rules are and what to test is the hardest part. Once that is done
find the ACL type provided by Squid to do the yes/no test
(http://www.squid-cache.org/Doc/config/acl/) and use it in one of the
access permission lists (http_access etc.)

http://wiki.squid-cache.org/SquidFaq/SquidAcl

NP: the more policy you can enforce quickly in http_access the less
processing load on the whole system.

>
> I hoped to manage this with just squid and c-icap's modules squidclamav
> and srv_url_check, or maybe directly with squid's acls, but I didn't
> find good documentation about this kind of setup.
>
> Regards,
>

HTH
Amos
Received on Tue Feb 04 2014 - 09:51:36 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 04 2014 - 12:00:04 MST