> Hello,
>
>
> In LAN enviroment with transparent squid proxy what is the best and
> checked
> (except for setting internal for LAN update server) for making
> WindowSupdate
> and similiar services to work?
>
> I intercept user traffic with iptables rules.
>
Most of the traffic can be caught and allowed by a few special ACLs in
squid. I use:
acl securityUpdates dstdomain "antimalware.txt"
where antimalware.txt contains:
# WinXP / Win2k ?? / Vista ??
windowsupdate.microsoft.com
.update.microsoft.com
download.windowsupdate.com
www.download.windowsupdate.com
redir.metaservices.microsoft.com
images.metaservices.microsoft.com
c.microsoft.com
# Win98
wustat.windows.com
crl.microsoft.com
#
# Avast! Anti-Virus
#
.avast.com
#
# Spy-Bot Search & Destroy Anti-Spyware
#
.safer-networking.org
www.spybotupdates.biz
#
# AVG Anti-Virus
#
guru.grisoft.com
downloadfree.grisoft.com
#
# Trend PC-Cillin Anti-Virus
#
.activeupdate.trendmicro.com
pccreg.trendmicro.com
#
# Norton Anti-Virus & Security Squite
#
liveupdate.symantecliveupdate.com
liveupdate.symantec.com
#
# Zone Alarm Updates
cm2.zonelabs.com
There are also a few that need a background HTTPS handshake or they fail.
- Windows/Microsoft-Update shakes with www.update.microsoft.com:443
- McAfee products shake with sadownload.mcafee.com at varied ports.
In standard proxy manually/PAC configured at the user end a CONNECT needs
to be permitted for this, in transparent is must be done at the firewall.
These are just the products my client base have used recently. I'm sure
there is larger list of OK anti-spyware/virus/malware products.
NP: spybot has a larger base of mirror update sites. I just have a custom
redirector catching all the ones I can and pointing them back at
spybotupdates.biz.
HTH
Amos
Received on Mon Nov 19 2007 - 14:23:05 MST
This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST