Re: [squid-users] transparent squid + clamav + https

From: Henrik Nordström <henrik_at_henriknordstrom.net>
Date: Mon, 15 Mar 2010 14:54:34 +0100

mån 2010-03-15 klockan 12:30 +0100 skrev Stefan Reible:

> The transparent http proxy with clamav ist working very nice, but now
> i have problems with the implementation of ssl. My first idea was, to
> break down the encryption at the squid, an then create a new one.
>
> http://wiki.squid-cache.org/Features/SslBump
>
> Is this possible? I think the problem is, that if someone opens an
> https encrypted website like https://google.de he gets the certificate
> from the proxy in his browser, not from the webserver. This wouldn`t
> be so fine..

Well, it's the only possibility, othewise the proxy (and clamav) won't
be able to inspect the https traffic.

> PS: I have an secound problem with downloading big files, is it
> possilbe to send any infos about the download progress to the
> webbrowser? Like opening an ajax script or something else.

Yes. See the "viralator" mode of c-icap srv_clamav.

The service supports 3 different modes of download management

- Wait with response until scanning have completed
- Send some data of the file while scanning is performed to keep the
client patiently waiting.
- "viralator" mode showing progress while scanning is done, and then
redirecting to a "download" URL when complete

The problem with viralator mode is that it may break some things as it
responds with another response while scanning.

Regards
Henrik
Received on Mon Mar 15 2010 - 13:54:37 MDT

This archive was generated by hypermail 2.2.0 : Tue Mar 16 2010 - 12:00:03 MDT