Configuration Nr. 1 is the more secure option since all http traffic is
scanned by the viruswall (which also scans for stuff like javascript
"malware").
Of course this affects performance, or rather the way users experience
their download. In order to scan a file (say a .zip-archive), the viruswall
must wait until it is completely downloaded. During this time it sends only
a few bytes to the client (i.e. squid) to prevent it from timing out (this
ist the so-called "trickle"-option in Viruswall). Once the file is
downloaded to the viruswall and successfully scanned, it is delivered to
the client with LAN bandwidth (assuming your viruswall and squid are on the
same LAN).
For your users this looks like the download is veeeery slow in the beginnig
and then it suddenly becomes extremely fast.
The overall effect on performance of course depends on your number of
users, your proxy hardware etc, but it is usually not too bad if you have
suitable hardware for the viruswall.
In general I would not recommend solution Nr.2. If you want to exclude
certain file types from scanning , you can configure that on the viruswall.
The viruswall is your antivirus policy enforcement point. not squid. There
is one exception to this: If you want live video/audio-streaming via http
you will have to bypass the viruswall for these requests.
Hope this helps
Regards
Horst
Emilio Casbas
<ecasbas@unav. An: squid-users <squid-users@squid-cache.org>
es> Kopie:
Thema: [squid-users] antivirus with squid
28.04.2004
09:27
I searched in the mail list archives for the configuration
of AV viruswall trend micro with squid, but I have some doubt:
Case 1)
clients --> hiearchi proxy --> virus-wall --> internet
All the traffic to the internet go through to the virus wall.
Case 2)
Equal to case 1, but the hierarchi proxy have configured
cache_peer access for the virus wall in the case of \.exe$
\.vbs$ \.zip$ ..... were found in url. In this form not all
the traffic go through virus wall, only suspicious archives.
Wich it is the best configuration?
How does this affect the performance?
Thanks in advance
Emilio
Disclaimer
Diese E-Mail kann vertrauliche und/oder rechtlich geschützte Informationen
enthalten. Wenn Sie nicht der beabsichtigte Empfänger sind oder diese E-Mail
irrtümlich erhalten haben, informieren Sie bitte sofort den Absender tele-
fonisch oder per E-Mail und löschen Sie diese E-Mail aus Ihrem System. Das
unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht
gestattet. Wir haften nicht für die Unversehrtheit von E-Mails, nachdem sie
unseren Einflussbereich verlassen haben.
This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error) please
notify the sender immediately by call or e-mail and destroy this e-mail. Any
unauthorised copying, disclosure or distribution of the material in this
e-mail is strictly forbidden. We are not responsible for the integrity of
e-mails after they have left our sphere of control.
Received on Wed Apr 28 2004 - 01:47:38 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:03 MDT