> I want to know if there is a way to identify the URL of an object in the
> squid cache folders?
>
> My issue: Looking after a proxy and clamscan occasionally finds an
> infected file in the /var/cache/squid folder tree.. All of the client
> machines have anti-virus on them but I want to identify the URL (And
> therefore the workstation from the logs) of the machine that downloaded it
> so I can see why it didn't pick up quite an old bit of malware that
> clamscan is finding... (Or, if it silently blocked it and didn't alert
> the admin console for the site).
>
> Anyone got a pointer, or a better keyword to search for? :-)
I suspect logs are your only fallback. Possibly you'll need to use the
store.log files to identify things based on time.
Remember clamscan's definitions file has a heap of things that aren't
viruses. It detects spam and phishing text which is just clutter.
To purge an object from teh cache, you can use the squidclient command
First add an ACL to permit the purge method
acl purge method PURGE
http_access allow purge localhost
http_access deny purge
Reload squid
Then run something like this
squidclient -m PURGE -h 127.0.0.1
http://www.something.com/badness/thingy.jpg
--
Criggie
http://criggie.org.nz/
_______________________________________________
Linux-users mailing list
[email protected]
http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
