Hi all, I am using Squid 2.5.4-3 on linux, I am using squidguard as redirector to block all windows executables, all is working fine except for some webs that "bypass" squid, the ".exe" file dont show in the log files and the user can download it using the browser.
The only log squid generates is: 1079005403.984 377 192.168.0.167 TCP_MISS/200 3857 GET http://63.217.29.115/connect.php? - DIRECT/63.217.29.115 text/html 1079005404.704 544 192.168.0.167 TCP_MISS/200 9924 GET http://63.217.29.115/download.php? - DIRECT/63.217.29.115 application/force-download but you get the .exe file. If someone want to check the URL: http://63.217.29.115/connect.php?did=od-stnd179 Beware, I think the file that is downloaded is some king of dialer/trojan Is there any way to detect this kind of downloads? or I am forgetting something. Greets.
