[squid-users] Opasoft virus problem

From: Kwan Chee Kin <cheekin.kwan@dont-contact.us>
Date: Tue, 28 Jan 2003 10:25:17 +0800

Hi,
        I hope i'm mailing to the correct mailing list.

        Lately my network was attacked by the Opaserv virus. This virus has
the ability to grab the configuration from the Netscape browser and makes a
http request for www.opasoft.com (a bogus URL)going through the Web Proxy,
in which is the Squid Web Proxy. The infected host will try to make at least
100 hits/minute to the bogus URL through the Squid. This affect the squid
logs - access.log and store.log. It grew to a few Gigs within hours.

        The Squid was dropped to its knees and lie dead since there was no
more diskspace in the machine. I was able to clean up the machine by
removing the huge log files and creating new log files and proceed on to
remove the pcs that were infected by the virus.

        My question will be is there any solution to this type of problem
where the squid will just drop requests that have more than 30 hits to a
bogus or unreachable URL and not log into the logs?

        Or is there any third-party solution like a plug-in that will solve
this problem?

        Any suggestion appreciated. Thank you.

Best regards,
Kwan Chee Kin
Received on Mon Jan 27 2003 - 19:21:03 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:53 MST