Re: [squid-users] Defending against new attacks

From: Emrah Tuerker <emtue@dont-contact.us>
Date: Wed, 26 Sep 2001 14:44:33 +0100

hi,
we had the same problem here und after a long brainstorm we decided to use a gateway antivirus
scanner in order to scan the whole HTTP, FTP (and SMTP) traffic.
It looks like:

Client -> Squid -> Antivirusscanner -> Webserver

so ALL the traffic is scanned and theres no problem with Virusses, malicious ActiveX or JAVA applets.
So maybe thats an idea ? only thing is that a good gateway antivirusscanner will cost you lots of $$$.
Ahh, well our Antivirusgateway ist Trend Viruswall (www.trendmicro.com).....give it a try :-)

greets
Emrah Tuerker

At 25.09.01 14:33:00, you wrote:
>With the nimda virus semi-behind now, I'm looking at a way of protecting
>from something like this in the future. The only thought I've had so
>far is a way of filtering out executables from being downloaded from the
>web.
>
>I've looked at some threads similar to this in the logs but I have some
>questions. Is there any better way then using a url pattern match to
>handle this? I know I can use url_regex \.eml or \.exe or any
>executable but is this the right way to be doing it? I've noticed that
>since I used it to filter .exe, I've had a few problem with people
>browsing sites that use .exe for their cgi extension and squid will deny
>the client even though it's not trying to download it.
>
>Is using url_regex based acl's really the best way to be doing this?
>
>Thanks for any input,
>
>-Brian
>
>--
>Brian M Dial
>UNIX Systems Administrator
>Rummel, Klepper & Kahl, LLP
>Phone: 410.728.2900 x1329
>Cell: 410.598.0742
>http://www.rkkengineers.com
>
>
Received on Wed Sep 26 2001 - 06:42:27 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:29 MST