we use the interscan virus wall product, put in front of the squid or after the squid.
We feel that the squid is more capable of handling the internet than the interscan and thus have put it in that order. This still allows you to do things like make simple rules for delay pools to limit download speeds and to reduce bandwidth hogging. One of the cons to this is that if you get bad content, its stored on the squid. A better way would probably be to make squid proxy to the av scanner and then use squid for suthentication etc. This also works well, but you do lose the bandwidth control. If bandwidth control is not an isue for you, then i'd suggest doing it this way. As far as performance degradation goes, we did notice a slight degradation when the av scanner was in front of the squid. As such, I haven't yet managed to get time to play with any of the test ICAP stuff. .... maybe its time ... Hope this helps. J -----Original Message----- From: Wei Keong [mailto:[EMAIL PROTECTED] Sent: 02 October 2003 04:42 To: Ward, John (I&DBM) Cc: 'jacques.van.der.merwe'; Squid Users Subject: RE: [squid-users] squid and anti-virus Hi John, Are you using the Interscan WebProtect with ICAP? Or you are putting the scan engine in front of Squid? I have tried the Symantec Scan Engine, but somehow it does not work very well with Squid 2.5S4 & Icap... :( Rgds, Wei Keong On Wed, 1 Oct 2003, Ward, John (I&DBM) wrote: > Hi Jacques, > > There is a way to use the trend micro product in front of the squid. Its not > elegant, but it does solve one or two problems. > things to note: > 1) if you chain the devices, you will break your ability to use delay pools ( nice > for QOS, ask Raymond C ;) > 2) the trend product runs on linux and we've had it here for a while, but the > interface is not very intuitive when it comes to seeing which scanner > engine/pattern you have > > 99.992% of the time it does work well w.r.t removing the virus payload. > > John > > PS: now might be a good time to beg for CVP / ICAP in squid ;) > > -----Original Message----- > From: jacques.van.der.merwe [mailto:[EMAIL PROTECTED] > Sent: 01 October 2003 09:11 > To: Squid Users > Subject: [squid-users] squid and anti-virus > > > greetings all, > > has anybody successfully intergrated content scanning (anti virus) and squid? i'm > getting uphill from our AV guys about no content scanning at our > proxy before data arrives at the desktops. i know of MS products floating about that > do this, but i'd hate to deploy an MS product within my pure > Linux environment. > > any takers? > > > NOTICE: > > This message contains privileged and confidential information intended > only for the person or entity to which it is addressed. > Any review, retransmission, dissemination, copy or other use of, or > taking of any action in reliance upon this information by persons or > entities other than the intended recipient, is prohibited. > > If you received this message in error, please notify the sender > immediately by e-mail, facsimile or telephone and thereafter delete the > material from any computer. > > The New Africa Capital Group, its subsidiaries or associates do not > accept liability for any personal views expressed in this message. > NOTICE: This message contains privileged and confidential information intended only for the person or entity to which it is addressed. Any review, retransmission, dissemination, copy or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is prohibited. If you received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and thereafter delete the material from any computer. The New Africa Capital Group, its subsidiaries or associates do not accept liability for any personal views expressed in this message.
