2015-03-12 2:09 GMT+01:00 Amos Jeffries <squ...@treenet.co.nz>: > On 12/03/2015 10:26 a.m., Grzegorz Falkowski wrote: > > Hello, > > I plan to use sclamav with c-icap to secure web app from malware threat. > > I prepare whole configuration and it's work fine. Unfortunately in first > > stage of implementation it shouldn't make any changes to the respond. > Virus > > detection must be logged and that it. > > Bad Idea. You are knowingly allowing your clients to be infected. >
Like I wrote before this is first stage of implementation. We don't want to interferer user action but we would like have information about potential threats in uploaded files > > > I was looking for a solution in > > documentation of c-icap, clamav, squidclamav but I didn't find any. > > My idea is to modify the way in which the c-icap handle feedback from > clamav > > . C-icap should ignore the information that has been detected threat and > > return the original request to squid. I suspect that I will need to > modify > > the source code to achieve this > > Has anyone tried to make such a modification? > > Why would anyone sane want clients to become infected if they could > prevent it? you will have enough false-negatives occuring anyway. > > I recommend you skip this and move on to identifying how clamav records > whats its done and why. Or at least change the planned bypass to make > clamav do less intensive scanning initially. There should be settings in > clamav regarding logging level and level of scan performed. > > I did'n find any information in clamav documentation how can I change scanning level in clamavd. So I began to consider the above option > Amos > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > Best regards Grzegorz
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
