Re: [squid-users] c-icap + squid 3.0, StartSendPercentDataAfter lets viruses through

From: Fredrik Ax <frax_at_axnet.nu>
Date: Fri, 5 Feb 2010 08:35:51 +0100

On Fri, Feb 05, 2010 at 11:26:48AM +1300, Amos Jeffries wrote:

> Fredrik Ax wrote:
> >Hi,
> >
> >This might be a bug/"feature" of the c-icap + squid 3.0 combination,
> >but I'm not sure that it might not be some kind of miss-configuration
> >on my behalf, so I therefore figured I'd try this list and see if
> >somebody else have run into this.
> >
> >To sum it up: When using the c-icap clamav service with squid and you
> >are downloading a file larger then the in c-icap.conf set
> >srv_clamav.StartSendPercentDataAfter threshold and the virus signature
> >is found after c-icap has started to "trickle" out data, the entire
> >file including the virus signature is let through.

[...]

> Well yes. You have configured c-icap to send a file through. It's
> going to get through.
> Any content alteration is up to the ICAP server. Squid passes on
> what it receives back.

Of course, and I understand that this list is primarily for pure squid
setups, but my hope was that somebody here had encountered the same
prob, and had a better understanding of c-icap and possibly a
resolution on how to force c-icap to stop sending data once the
signature was detected.

(Didn't find any appropiate c-icap mailing list, but figured that
since it's widely used in conjuction with squid for this purpose this
list might be a good bet. Also understood that the author of c-icap
have been involved in the squid3 development.)

I guess I'd better get the latest development release of c-icap and
start digging into the code to see if the problem is there.

Best regards,
/frax

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
Received on Fri Feb 05 2010 - 07:34:37 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 05 2010 - 12:00:04 MST