pmquan wrote: >> Identify the offending IP addresses from access.log and then firewall >> these stations from using the proxy until they have been cleaned.
> But it is impossible with me, i have more than 4'000 concurrent clients > infected with this virus. I cant firewall all of them and they are using > dynamic ip address. Do you have another way? Determine from Squid's access.log what the Welchia-infected stations are requesting, and block those requests using Squid acls. Adam
