[H-GEN] antivirus and squid recommendations?
David Jericho
david.jericho at bytecomm.com.au
Tue Jan 14 18:57:23 EST 2003
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
On Tue, Jan 14, 2003 at 05:01:05PM +1000, Tony Nugent wrote:
> > I have a cowboy here who says "just install inoculate, it's got a linux
> > version". I've yet to look into it but I doubt it filters traffic going
> > through the proxy.
>
> Many virus scanners do filter web content (and activeX and so on),
> but AFAIK they need to be installed in the client box rather than a
> proxy. I have no idea if inoculate does web content scanning.
Most Windows virus scanners work by intercepting the file open and
operation functionality of the OS.
HTTP transfer scanning is a funny prospect for many reasons. In the
most basic case, imagine we transfer a zip through a scanning proxy.
Zip files store the information at the end of the file, so we have to
wait till we receive the entire file to actually be able to pull the
file apart in a reliable manner. If the file takes an hour to transfer
over a link, do we hold the client connection open for an hour,
trickling through just fast enough to keep the browser from timing
out?
It also starts to get funny when you can do partial transfers. Partial
MIME emails are a hassle to deal with, but they can be worked around.
Partial HTTP transfers can be frustrating because the browser will
reassemble automagically, but the proxy really has no real idea what's
going on.
--
David Jericho
Senior Systems Administrator, Bytecomm Pty Ltd
--
Scanned and found clear of viruses by EntireScan. http://www.entirescan.com/
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list