Awie: 2008/7/1 Wong <[EMAIL PROTECTED]>: > >> ----- Original Message ----- >> From: "Luis Hernán Otegui" <[EMAIL PROTECTED]> >> To: "ClamAV users ML" <clamav-users@lists.clamav.net> >> Sent: Monday, June 30, 2008 21:19 >> Subject: Re: [Clamav-users] Scanning IM >> >> >>> Wong: >>> >>> 2008/6/30 Wong <[EMAIL PROTECTED]>: >>>> Dear All, >>>> >>>> I need a tools to integrate ClamAV to scan IM such as MSN and/or YM. >>> >>> Do you want to scan the traffic from those Instant Messengers, or do >>> you want to scan locally on a machine the received items? For the >>> first one, you could try redirecting IM traffic through Squid, and >>> then use something like DansGuardian, Python-ClamAV, HAVP, etc. >>> For the later one, run ClamAV as the defaoult virus scanner every time >>> a file is transferred (you could specify which command should run, et >>> least in Windows Messenger). >> >> >> Yes, I want to online scanning such as qmail-scanner. I am also a Squid >> (and >> SquidGuard) user. >> >> Seems I need some info about how to redirecting IM traffic to Squid. > > It all depends on your OS/Platform, but in the end, it's a matter of > running some firewall rules to redirect traffic (making a transparent > proxy), or properly configure the IMs to use the proxy. You could > however drop a proxy.pac file which could configure internet settings > if your users are on Windows machines. > >> > > Hi Luis, > > I'm using Linux with transparent Squid proxy. So far, I use SquidGuard to > filter content, but I did not see that SquidGuard has feature to be > integrated with ClamAV.
Well, this is getting totally off-topic, but I'll give it a little push: AFAIK, SquidGuard can't be integrated with ClamAV directly. You could run either HAVP (http://www.server-side.de/) along with SquidGuard, or DansGuardian (http://dansguardian.org, this one replaces SquidGuard, and can use its block lists). Both of these run the traffic through ClamAV with a more than decent performance. See their sites for advice on how to get'em working. > > IM uses TCP ports, am I correct? I still have no idea how to redirect IM to > Squid. You're right, IMs use TCP ports to connect to the Internet. You could force their traffic through Squid (or, to be more precise, through DansGuardian or HAVP, which would then scan the content with ClamAV or other AV engine, and forward the traffic to Squid, and then to the Net) redirecting them via firewall rules, as you do with HTTP traffic. For instance, Windows Live Messenger uses TCP ports 1863, 80 and others (see the full list here: http://support.microsoft.com/kb/927847), and Yahoo! Messenger uses TCP port 5050 and others (see full detail here: http://www.helpbytes.co.uk/yconnect.php). For every other major IM protocol (as Jabber, which is used by Gtalk) you should search the default port list and then redirect those ports through the AV/Squid combo. > > Please advise. You could get better/proper help by asking in the DG or HAVP lists. Anyway, I'll give you a hand off from the ClamAV list, since I think the topic is getting beyond its intended scope. > > Thanks a lot. Ur Welcome ;-). > > Awie > > > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > Luis -- _____________________________________ GNU/GPL: "May The Source Be With You... Linux Registered User #448382. _____________________________________ _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
