Nire.Com

SquidClamAV: trust_cache risk and return mode? [Append]

«Previous post: WordPress themes and plugins with a blank line breaks content RSS feed

Check for virus redirector for Squid "SquidClamAV" introduced in order to improve performance have the option of trust_cache. I use this option is a double-edged sword, called story. (Append) trust_cache also tried to measure the performance mode.

Mode trust_cache risk

trust_cache settings back to what some virus checking proxy to speed up the operation as, / etc / squidclamav.conf located in the.

• trust_cache 0 that is, Web Client request GET Every time that the object is cached, not for the virus check.
• trust_cache 1 and, the remaining trust objects in the cache does not check for viruses.

Now, whether or not the cache object is already a virus check, but that they considered cash-Virus Checked, trust_cache is a precarious place.

When trust_cache 1

http_access allow localhost ↓ omission of the
operation fails squidclamav ↓
The virus was th object 1 GET ↓
Cached virus

Squid where I noticed a mistake SquidClamAV correct settings for the new object as a virus check was done properly,

Next, go through the same th 2 URL ↓
squidclamav pass without checking the cached object

Thus, as long as they remain in the cache, the virus will continue to be distributed.

The following is actually trust_cache mode, you had to pass state tests after recovery the virus problem.

 # / Usr / local / bin / squidclamav
 SquidClamav running as UID 0: writing logs to stderr
 Sun Apr 5 23:38:51 2009 LOG Reading configuration from / etc / squidclamav.conf
 Sun Apr 5 23:38:51 2009 LOG Anonymizing User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
 Sun Apr 5 23:38:51 2009 LOG SquidClamav (PID 6327) started
 http://www.eicar.org/download/eicar_com.zip 192.168.0.1 myurl GET
 Sun Apr 5 23:39:04 2009 DEBUG Request: http://www.eicar.org/download/eicar_com.zip 192.168.0.1 myurl GET
 Sun Apr 5 23:39:04 2009 DEBUG regex matched: http://www.eicar.org/download/eicar_com.zip
 Sun Apr 5 23:39:04 2009 DEBUG Curl will use proxy: http://127.0.0.1:3128
 Sun Apr 5 23:39:04 2009 DEBUG HIT Cache found, trusted cached = already scanned, skipping ...

URL content if you know a foot virus, as described above squidclient -m PURGE PURGE explicitly that you can, if you are unsure, you should delete the whole cache.

(Append) mode trust_cache somewhat risky, the return speed?

Note this product is handled trust_cache mode, ON or how much speed is recognized that, and quickly Burodobandosupidotesuto I looked at.

VMware virtual machines running on a CentOS 5.3 + Squid 2.6. For ext3 + ufs cache_dir is used. Are compared in three different SquidClamAV all alone and did not install the Squid, SquidClamAV and trust_cache 0 or 1 state.

trust_cache 1, page Burodobandosupidotesuto I read beforehand, once you have cash.

First is appalled that, SquidClamAV speed down one-third strength is the speed at the moment was introduced, it falls to about half of it up. trust_cache not much improvement was observed at high speeds.

Environments do not know a lot of clients have not tested it, they are limited number of clients, light enough to use as a home server for Uirusuchekkugetouei just trust_cache bother taking a risk means that no one like.

More: WordCamp Tokyo 2009 Session Summary Contents (Matt / Wordbench / Multibyte) »

Related Posts

• SquidClamAV: they can pass the virus settings wrong / how to delete the cache (0)
• Check with the virus SquidClamAV Web proxy (+ cleanup verified) (0)
• Check with the virus SquidClamAV Web proxy (Squid + Clamd preparation Edition) (1)
• Check with the virus SquidClamAV Web proxy (SquidClamAV Guide Settings) (0)
• WordPress: made at 1 HTML wp-cache to cache the page, but dramatically effective ... (0)