Leonardo Rodrigues Magalhães ha scritto:
>
>
> Indunil Jayasooriya escreveu:
>> Hi,
>>
>> I want to block spyware while users browse internet. Are there any
>> ACLs to block this ?
>>
>> Have you done this before?
>>
>
> squid has no 'malware ACL type'. It has, tough, several different ACL
> types that can be used to classify and deny malware access, you just
> have to create the ACLs.
>
> Can squid 'automagically' recognizes normal accesses and malware
> accesses ?? Absolutely NOT.
>
> Is there some third-party ACL file that can be used to acchieve
> spy/malware blocking ?? I'm not sure on that, but probably someone is
> already doing and maintaning that. Try googling/archive searching for that.
>
>
>
I don't think "fingreprinting" requests from the lan to the internet is
possible. But you can restrict access by acl-blocking domains or regex
urls that are known to spread spyware. I think there must be some sort
of already compiled list for this, but I can't confirm since I never did
a thorough research on the subject.
To collect urls and domains you could also take note of what programs
like ad-aware and spybot s&d find on the affected machine(s), and use
those urls to update your rules.
HTH
-- Marcello Romani Responsabile IT Ottotecnica s.r.l. http://www.ottotecnica.comReceived on Wed Oct 24 2007 - 05:39:00 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:02 MDT