Re: [squid-users] Blocking harmful jpegs/MIME types

From: Andreas Pettersson <andpet@dont-contact.us>
Date: Thu, 30 Sep 2004 19:25:20 +0200

----- Ursprungligt meddelande -----
Från: "Eric Geater 9/01/04" <egeater@mscoinc.com>
> A discussion in another group handed a suggestion that Squid could be
> told to block MIME types in HTTP responses, which means that Squid could
> be called in to help with certain problems associated with the GDIplus
> vulnerability in Microsoft products.

I like this idea :)
However, blocking all jpegs wouldn't be the best thing to do..
One way to solve this is to write a redirector that redirects all http requests with an url that ends with .jpg to a local cgi script. The scripts fetches the jpg-file, verifies that it is harmless and hands it to squid. In case it contains something bad another image is sent to squid instead.

I did a similiar thing to our users on April 1 this year... :]
The largest news site here in Sweden, www.aftonbladet.se, suddenly got an extra headline with a link to a sensational news story.
It took me some time analyzing the html of the index page to find the correct regex that inserted an extra headline between the others and without trashing something else. But at last I got it working, complete with article on separate page, layout, image and all URL's looking absolute real. Success.

ehm.. Back to the real problem.
One other method is of course to use a real AntiVirus solution, like ClamAV or similiar.

/Andreas
Received on Thu Sep 30 2004 - 11:24:43 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:03 MDT