UmmmÅ the text diagram is not rendered as intended. What I was trying to show is:
Client ---> Apache Reverse Proxy ---non scanning urls---->bunch of application servers Client ---> Apache Reverse Proxy ---Scan a list of urls for virus in client uploaded files --> Squid(act as a reverse proxy) + CICAP + Clamd ---> Virus found --> HTTP 403 to Clent Client ---> Apache Reverse Proxy ---Scan a list of urls for virus in client uploaded files --> Squid(act as a reverse proxy) + CICAP + Clamd ---> No virus --> bunch of application servers Manoj On 18/02/15 12:42 PM, "Manoj Ramakrishnan" <manojramakrish...@nbnco.com.au> wrote: >Hi Scott, > >I had a look at what havp does and am not sure it will fit with our >current design. Will do a spike to find out. > >Our application stack has the following design > > >Client ==> Apache Reverse Proxy ============>(non scanning >urls)================> Bunch of app servers > || > ^^ > || > || > Scan a list of urls for virus > || > in client uploaded files > || > || > || > || > || > || > || > Squid(act as a reverse proxy) + CICAP + Clamd >========>No virus ==>Go to || > || > || > Virus found(Go back to client with 403) > > > >I probably can replace CICAP with HAVP But I am not sure how can I use the >HAVP to act as a reverse proxy without another Squid. > > >Hope this explains. > >Manoj > > > > >On 18/02/15 11:10 AM, "Scott Kitterman" <ubu...@kitterman.com> wrote: > >>On Tuesday, February 17, 2015 11:58:02 PM Manoj Ramakrishnan wrote: >>> On 18/02/15 6:09 AM, "Steven Morgan" <smor...@sourcefire.com> wrote: >>> >On Tue, Feb 17, 2015 at 1:11 AM, Manoj Ramakrishnan < >>> > >>> >manojramakrish...@nbnco.com.au> wrote: >>> >> Hi Al, >>> >> >>> >> Thanks for replying. >>> >> It is exactly what I thought. But why is it different from ZIP file? >>> >> I added extra characters in the beginning of the ZIP file but no >>>issues >>> >> >>> >>in >>> >> >>> >> scanning that and finding eicar signature. >>> >> >>> >> It may be because of this file typing signature, which is not tied >>>to a >>> > >>> >fixed offset (the '*' in second field is wildcard offset): >>> > "1:*:504b0304:ZIP-SFX:CL_TYPE_ANY:CL_TYPE_ZIPSFX" >>> > >>> >There are no corresponding wildcard magics for GZIP. Could you please >>> >confirm by looking for a message containing "ZIP/ZIP-SFX signature >>>found >>> >at" in your debug output. >>> > >>> >> Also curious to see why is it not working in case #4 and #6? >>> > >>> >Using "LeaveTemporaryFiles yes", you should be able to inspect files >>>in >>> >the >>> >ClamAV temp directory as forwarded by your web proxy. This will show >>>the >>> >files as seen by ClamAV. As already pointed out, if there are any >>> >additional characters (http headers, etc.), it will not be recognized >>>as >>> >GZIP. Are there any settings in squidclamav to control how files are >>> >formed >>> >for forwarding to ClamAV? >>> >>> At the moment there is no settings in squidclamav to extract the >>>multipart >>> form data and send only the attachment to clamd. >>> >>> As Kevin mentioned, if clamd doesn't natively support parsing HTTP >>> messages then we need to find a way to pass correct data to clamd. >>> >>> Is HTTP message parsing support on your feature roadmap for clamd? >> >>I haven't been following this thread very closely, so this may be off >>track, >>but would havp do what you need: >> >>http://www.server-side.de/ >> >>Scott K >>_______________________________________________ >>Help us build a comprehensive ClamAV guide: >>https://github.com/vrtadmin/clamav-faq >> >>http://www.clamav.net/contact.html#ml > >_______________________________________________ >Help us build a comprehensive ClamAV guide: >https://github.com/vrtadmin/clamav-faq > >http://www.clamav.net/contact.html#ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
