Hi Amos,
the PoC is for a project involving malware inspection, a personal
project. I tried to chain 2 Squids as part of solution.
The AV perform the check on the wire before actually allowing Parent
Squid to get hold of it.
I.e. Client --> ... ... -> Parent Squid --> AV (inspects HTTP, it it
is 'infected', do a "TCP Disconnect" as seen on Sysinternals Procmon)
--> Website
*There was no "TCP Disconnect" for 'clean' pages.
From what I observe when the client is directly connected to the
Parent Squid, I got the following message in Parent.
I am OK with this message in Parent, but how can I let the Child also
know that and display similar message when Parent got it instead of
hung?
---------------------------------------------------------------------------------------------------------------
ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: http://www.eicar.org/download/eicar.com.txt
The following error was encountered:
* Read Error
The system returned:
(10054) WSAECONNRESET, Connection reset by peer.
An error condition occurred while reading data from the network.
Please retry your request.
Your cache administrator is webmaster.
Generated Fri, 21 May 2010 15:29:41 GMT by test-caf801f8d2 (squid/2.7.STABLE8)
---------------------------------------------------------------------------------------------------------------
thanks,
James Tan
Received on Fri May 21 2010 - 16:15:14 MDT
This archive was generated by hypermail 2.2.0 : Sun May 23 2010 - 12:00:32 MDT