[squid-users] Is Squid 4.9 gone?

2019-12-20 Thread netadmin 


At the address:
http://www.squid-cache.org/Versions/
the latest version appears as 4.8 although I am running 4.9!
What happened to version 4.9?
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Is Squid 4.9 gone?

2019-12-20 Thread netadmin 

"No, 4.9 was available on squid-cache.org some time ago :-)"

Squid 4.8 is still here
http://www.squid-cache.org/Versions/
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] icap SOPHOS SAVDI and custom errorpage

2020-01-09 Thread netadmin 
I try to use the configuration given in the previous post with: Squid 4.9 and
Sophos SAVDI 2.6.
If I download a virus file, the Squid sends the file for scanning and is
detected by Sophos SAVDI (I find it in logs) but it is not blocked by Squid
(I can download it).
The problem I think is in the response received by the Squid after the scan
but I do not know where.
Has anyone managed to make this solution functional?



--
Sent from: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] icap SOPHOS SAVDI and custom errorpage

2020-01-09 Thread netadmin 
I'm sorry I didn't know how the list I posted works.
Direct reference is in the basement of the post:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html

I will also post the required information as soon as I restore the
configuration on a test server.




--
Sent from: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] icap SOPHOS SAVDI and custom errorpage

2020-01-09 Thread netadmin 
http://squid-web-proxy-cache.1019090.n4.nabble.com/icap-SOPHOS-SAVDI-and-custom-errorpage-td4674469.html



--
Sent from: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] icap SOPHOS SAVDI and custom errorpage

2020-01-10 Thread netadmin 
squid.conf
  
access.log
  
icap.log
  
Sophos_SAVDI.log

  



--
Sent from: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] icap SOPHOS SAVDI and custom errorpage

2020-01-10 Thread netadmin 
I also tried with the settings from David Webb's post ie:
acl http_status_403 http_status 403
acl virus_found rep_header X-Blocked -i \Virus found during virus scan\.

I tried both options:
http_reply_access deny http_status_403 virus_found
and
adapted_http_access deny http_status_403 virus_found

but something is wrong, I can download the test file (eicar).




--
Sent from: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] icap SOPHOS SAVDI and custom errorpage

2020-01-11 Thread netadmin 
Thank you for your time, patience and lessons learned.
Now it is all functional and I can no longer download the test file neither
by clicking nor with Save link as.
I will come back with a post that includes the necessary settings for both
Sophos SAVDI version 2.6 (I highly recommend it for scanning Squid traffic
and antivirus for e-mail) but also for Squid version 4.9 (I have been using
it for 10 years and it is an extraordinary tool for network traffic
management).

Thanks again Amos!



--
Sent from: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] icap SOPHOS SAVDI and custom errorpage

2020-01-11 Thread netadmin 
Configurations for Sophos-SAVDI (savdid.conf):
> threadcount: 
Normally it should be at least the maximum of customers.
> loglevel: 0
> address: 127.0.0.1
Configurations for Squid-ICAP (squid.conf):
> acl virus_found rep_header X-Blocked -i \ Virus found during virus scan
> http_reply_access deny virus_found
> access_log daemon: /var/log/access.log virus_found
> icap_log daemon: /var/log/icap.log icap_squid
> deny_info ERR_ACCESS_DENIED virus_found
> icap_enable on
> icap_service sophosicap respmod_precache icap: //127.0.0.1: 4020 / sophos
> adaptation_access sophosicap allow all
Configurations for Squid-ssl-bump (squid.conf):
> http_port :  ssl-bump \
cert = / usr / local / squid / ssl_cert / myCA.pem \
generate-host-certificates = on dynamic_cert_mem_cache_size = 4MB
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all
> sslcrtd_program / usr / local / squid / libexec / security_file_certgen -s
> / var / lib / ssl_db -M 4MB



--
Sent from: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid ICAP -> Sophos SAVDI -> read_ahead_gap question

2020-01-27 Thread netadmin 
My system:
7th generation Intel processor with 32 GB RAM
HDD on SATA without RAID
OS: Linux Slackware 64 bit
Squid version: 4.10 (compiled from sources)
Number of clients using ICAP: 20
Relevant squid.conf options:
reply_body_max_size 20 MB localnet
http_port 192.168.1.1:3128 ssl-bump \
cert=/usr/local/squid/ssl_cert/myCA.pem \
generate-host-certificates=on dynamic_cert_mem_cache_size=16MB
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all
sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s
/var/lib/ssl_db -M 16MB
sslcrtd_children 32 startup=10 idle=2
cache_mem 4096 MB
maximum_object_size_in_memory 20 MB
maximum_object_size 200 MB
cache_dir ufs <...> 10240 16 256
quick_abort_min -1
read_ahead_gap 20 MB
icap_enable on
icap_service_failure_limit 20
icap_service sophosicap respmod_precache icap://127.0.0.1:4020/sophos
adaptation_access sophosicap deny CONNECT
adaptation_access sophosicap allow all

If I try to download a 20 MB file on all workstations at the same time,
without the option "read_ahead_gap 20 MB", the download fails on a small
number of workstations.
After about a week of searching and reading the documentation I tried the
above option, the download errors are gone and the processor load is low.
I do not fully understand the transfer mechanism between the ICAP client
(Squid) and the ICAP server (Sophos SAVDI), but I noticed that the download
time is shorter if the file is stored in RAM cache (using cache_mem)
compared to disk storage.
If I use disk storage for the 20 MB file, during the simultaneous download
the processor load reaches 100% - this I think not because of the ICAP
server - and download errors occur.
Is the maximum supported size for a file transmitted to the ICAP server 20
MB?
Is there anything wrong with my settings?



--
Sent from: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid ICAP -> Sophos SAVDI -> read_ahead_gap question

2020-01-29 Thread netadmin 
> reply_body_max_size 20 MB localnet
This is the last line for the respective option, before it there are others
that set limits, for example:
reply_body_max_size 200 MB ubuntu_updates
The line has the role of blocking the download of files larger than 20 MB
for which antivirus scanning (with the current settings) takes too long.
> read_ahead_gap 20 MB
The setting was wrong, it works for my particular case, but it creates
problems when downloading the package updates for Ubuntu, which do not go
through the ICAP filter. Now I have reduced the value to 64 KB and the
problem when downloading the Ubuntu updates has disappeared.
Simultaneous download on 20 workstations, with antivirus scanning through
the ICAP server works without problems only for files of up to 10 MB and
anyway a 100% load on the processor appears for a period of several seconds
from the moment the download for customers begins.
For example, if I use wget:
wget
http://mirror.slackware.hr/slackware/slackware-13.1/slackware/kde/oxygen-icons-4.4.3-i486-1.txz
--2020-01-29 10:32:37 -
http://mirror.slackware.hr/slackware/slackware-13.1/slackware/kde/oxygen-icons-4.4.3-i486-1.txz
Connecting to 192.168.1.1:3128 ... connected.
Proxy request sent, awaiting response ... 200 OK
Length: 21117900 (20M)
Saving to: 'oxygen-icons-4.4.3-i486-1.txz'
oxygen-icons-4.4.3- 47% [>] 9.47M 609KB / s in 18s
2020-01-29 10:33:25 (553 KB / s) - Connection closed at byte 9926425.
Retrying.
--2020-01-29 10: 33: 26-- (try: 2)
http://mirror.slackware.hr/slackware/slackware-13.1/slackware/kde/oxygen-icons-4.4.3-i486-1
.txz
Connecting to 192.168.1.1:3128 ... connected.
Proxy request sent, awaiting response ... 206 Partial Content
Length: 21117900 (20M), 11191475 (11M) remaining
Saving to: 'oxygen-icons-4.4.3-i486-1.txz'
oxygen-icons-4.4.3- 100% [+ ==>] 20.14M 2.08MB / s in 7.9s
2020-01-29 10:33:46 (1.34 MB / s) - 'oxygen-icons-4.4.3-i486-1.txz' saved
[21117900/21117900]
I think the "read_ahead_gap 20 MB" option here helps maintain the
connection.
So the problem is not at the client-to-server connection (Squid -> Sophos
SAVDI), nor at the antivirus scan but it can be in the server-to-client
response buffer.



--
Sent from: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users