John Horne wrote: > On Wed, 2009-02-11 at 09:17 +1300, Jason Haar wrote: > >> We use the open source HAVP proxy. It supports clamav, sophie, trophie, >> and several other commercial AV products and works very well. We still >> use it in conjunction with Squid, as it is a pure "AV proxy" and doesn't >> have all the other "bells-and-whistles" that Squid has. We use Squid as >> our frontends, and they are configured to use HAVP (running on the same >> box) as parent proxies. End result: all the creamy goodness of Squid >> plus the sanitized delightedness of clean webpages (well, mostly ;-) >> >> > May I ask if this (HAVP/ClamAV/Squid) scales well? How many users are > your web-caches supporting (do you in fact run multiple caches?), and > does it (HAVP/ClamAV) impose any significant loading on the hardware? > > >
3.5K users - but spread over 25+ squid servers. We're world-wide so lots of Squid servers with only 50-300 users. Load is (almost by definition) not a problem on 90% of the proxies with those sorts of user numbers. They all run clamd plus 1-2 other commercial AVs (won't name them - no free advertising ;-). The busiest server probably has 600 users - and loadav <<1 - it would be a quad-core Dell - nothing super-special. And they all run squidguard for content filtering, and snort because they didn't get me off them fast enough ;-) Snort is the biggest CPU user on these systems. You have to remember to crank up the havp "SERVERNUMBER", but other than that the documentation really covers it. Works well - at least for us :-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
