I compiled it.
1,
When I use %20's instead of escaped spacebars, I run
echo
"ftp://ftp.mozilla.org/pub/mozilla.org/thunderbird/releases/latest-2.0/win32/sk/Thunderbird%20Setup%202.0.0.4.exe
127.0.0.1/ - - GET" | /usr/local/bin/squidGuard -dc
/etc/squid/squidGuard.conf
The last lines I get are:
2007-06-15 12:00:13 [15441] squidGuard 1.3-alpha started (1181901613.633)
2007-06-15 12:00:13 [15441] recalculating alarm in 1787 seconds
2007-06-15 12:00:13 [15441] squidGuard ready for requests (1181901613.767)
2007-06-15 12:00:13 [15441] squidGuard stopped (1181901613.767)
This, I assume, means that page passed. BAD.
**********
2,
When I escape the spacebars, I run
echo
"ftp://ftp.mozilla.org/pub/mozilla.org/thunderbird/releases/latest-2.0/win32/sk/Thunderbird\
Setup\ 2.0.0.4.exe 127.0.0.1/ - - GET" | /usr/local/bin/squidGuard -dc
/etc/squid/squidGuard.conf
I get
2007-06-15 12:02:35 [15547] squidGuard 1.3-alpha started (1181901755.798)
2007-06-15 12:02:35 [15547] recalculating alarm in 1645 seconds
2007-06-15 12:02:35 [15547] squidGuard ready for requests (1181901755.928)
http://10.2.2.29/proxy/upozor-blok.html Setup\/- 2.0.0.4.exe 127.0.0.1/
2007-06-15 12:02:35 [15547] squidGuard stopped (1181901755.928)
BAD again, because it wrongly redirects to message regarding other
blocking rule, not the executable (that should redirect to other message
page). I tested old squidguard too, and it does the same.
However, the file is downloaded if the path I put in the browser! I
don't understand why it dosen't display at least the wrong message, but
instead it offers file download!!
I suspect that spacebar symbols are confusing it. When I look at status
bar in Firefox, there are two spacebars in the name of file. When I use
"copy the link address" and paste it here, look:
ftp://ftp.mozilla.org/pub/mozilla.org/thunderbird/releases/latest-2.0/win32/sk/Thunderbird%20Setup%202.0.0.4.exe
%20 is used instead of spacebar. And as shown in example 1, the
squidGuard PASSES the file with %20's
There is something wrong with the spacebars somewhere in the way inside
browser-squid-squidguard.
*******
3,
When I run other file
echo "ftp://ftp://ftp.elf.stuba.sk/pub/pc/pack/acdzip.exe 127.0.0.1/ -
- GET" | /usr/local/bin/squidGuard -dc /etc/squid/squidGuard.conf
I get
2007-06-15 12:04:39 [15573] Request(bezne/exec/-)
ftp://ftp://ftp.elf.stuba.sk/pub/pc/pack/acdzip.exe 127.0.0.1/- - - REDIRECT
http://10.2.2.29/proxy/upozor-video.html 127.0.0.1/- - -
2007-06-15 12:04:39 [15573] squidGuard stopped (1181901879.032)
This is GOOD, that's how it should be.
When I look into squidclamav.log, the Thunderbird file contains %20's.
The same in squid access.log
And as I demonstrated in example 1, squidGuard behaves wrongly when
facing the %20's in the file name, he downloads the file.
Peter
John Mark Clayton wrote / napísal(a):
On 6/14/07, Mgr. Peter Tuharsky <[EMAIL PROTECTED]> wrote:
Hi, Mark
I'd like to, however it is production server I'm using SquidGuard on.
I'm afraid of the alpha..
I understand. However, would you consider building the alpha
and run a commandline test for me? Then we'll know if there is
an issue to fix. You can run squidGuard from the command line
without putting it online. I do this all the time on my server. The
way to do it is like this:
echo
"ftp://ftp.mozilla.org/pub/mozilla.org/thunderbird/releases/latest-2.0/win32/sk/Thunderbird
Setup 2.0.0.4.exe 127.0.0.1/ - - GET" | squidGuard -dc
$confdir/squidGuard.conf
All on one line. You may need to play with escape characters in
front of the spaces to get it to pass your shell. I would really
appreciate it.
However I'm glad the SquidGuard is picking up again. I think it's
probably the best redirector ever. I felt curious when I saw the
development stalling.
I miss some really good redirector chaining. Zapchain is far from
perfect and dosen't work in some cases. I'd like to implement squidguard
+ dansguardian + clamav.. I must wait long enough for the solution
probably ;-)
The 1.3 release should come out soon. The 2.0 release will be
awhile. I have know idea if or when debian will pick up a new
release. Soon, I hope.
Have a nice day
Peter
Thanks and you too,
Mark
John Mark Clayton wrote / napísal(a):
> Hi Peter,
> There is a development version of squidGuard at:
> http://squidguard.org/Downloads/Devel/squidGuard-1.3-alpha.tar.gz
> It has a more complete regex implementation. Would you be
> willing to build and test this alpha release? squidGuard development
> is picking up again and the support maillist is fairly prompt so you
> may be able to get additional help there.
> Regards,
> Mark
>
> On 6/13/07, Mgr. Peter Tuharsky <[EMAIL PROTECTED]> wrote:
>> Hi,
>>
>> I discovered that ordinary files are blocked, however if the file has
>> spaces in the name, it isn't catched.
>>
>>
>>
>
>
--
Odchádzajúca správa neobsahuje vírusy, nepoužívam Windows.
=======================
Mgr. Peter Tuhársky
Referát informatiky
Mesto Banská Bystrica
ČSA 26
975 39 Banská Bystrica
Tel: +421 48 4330 118
Fax: +421 48 411 3575
=======================
