I read more and more mail about the fact the development of the antispyd project has stop for more than six months. However I always think about improvement for the project and I now imagine new features that has NEVER been developed in commercial solutions of corporation malware and inappropriate web use filtering.
In fact, I start to build this software when I was in an engineer school, now I am a PhD candidate in machine learning and I think can develop some really cool features :... read more
I wish to provide a first stable release for this version, so I need HELP !!!
Please send me bug notifications and wishlist for the future of this project.
Moreover, I wish to provide a first list of signature of known web threats, so I need your participation too !!!
Thank you in advance :)
Regards,
--
Julien
<jnm42@users.sourceforge.net>
This release provides a major improvement of the signature based filtering engine ( the BLOCK_SIGN filter), term of performance and functionnality.
The signatures are now stored in a 3-Tree to enhance the matching of each HTTP message.
Morevorer, this filtering can now be performed on each HTTP message content.
Finally, a signature can now use hexadecimal array of byte to specify a field's value.
For more informations ans samples,
See the man page :)... read more
I'm going to clean up and enhance the signature based threat detection engine (BLOCK_SIGN).
The main goals are :
- Speed up the signature checking :
The signatures will be stored in a 3-Tree to drastically reduce the number of test for each HTTP message.
- Enhance the signature definition:
A signature will be composed of 3 definition parameters : "url", "fld", "content" and an optional parameter "shape", to allow admins to specify what action to perform when a signature is matched.
Moreover, It will be possible to specify hexadecimal characters in the 3 definition fields of a signature.... read more
This release provide two aspects :
- the capability of inter-connection with others HTTP cache and proxy, via a new configuration directive : "cache_peer" (I know you know it :) ) and "direct_connect" directive for fault tolerance.
- An HTTP engine acceleration via the use of the N-Tree algorithm for HTTP header fast reconnaissance.
Regards,
--
Julien
<jnm42@users.sourceforge.net>
The main goal of this release will be to provide a stable software package.
So, I will now work on some part of the code to increased usuability of the project like the configuration system and log system, to provide a more comprehensive error checking and log monitoring.
Moreover, I have already speed up the HTTP parsing system with the use of "Valued N-Tree" for the header type reconnaissance problem. Some other improvements have to, and will be, done.... read more
This release provides 2 new features :
- Domain White-List configuration
- BLOCK_SIZE filter.
The BLOCK_SIZE filter provides the ability to perform a control of incoming and outcoming traffic for wished mime types based on HTTP message size. The control configuration can be different for incoming and outcoming traffic.
This control is performed with two independant technics : "HTTP header checking" and "HTTP flow tracking". ... read more
Regarding to the fast development model of the projet, an rss feed will be provide on the antispyd website.
the adress is : http://antispyd.sourceforge.net/backend/antispyd-news.xml
The purpose is to provide up-to-date informations about releases and perpectives of this project.
--
Julien
<jnm42@users.sourceforge.net>
This release has one main purpose, the web engine clean up and enhancement. The HTTP lexer and parser have been cleaned up and improved.
And a better keep-alive processing has been developed to speed up HTTP flow transition.
regards,
--
Julien
<jnm42@users.sourceforge.net>
The algorithm of url matching via N-Tree walking has been implemented and increases in a drastic way the efficient of the url filter :)
For the URL matching filter, it's now possible to use list file of url to match, as provide urlblacklist.com.
See the man for more details.
The server use now a pre-forked listen process architecture (R.I.P Steven). This design increase the global efficience too. A configuration directive has been added to specify the number of process to pre-fork.
See the man for more details too.... read more
I developed a very fast string matching algorithm based on N-Tree walking ;)
It will be used for URL Matching and a future features of Domain matching (FILTER_DOMAIN will be implemented very soon).
Major improvement of the log system. See the man page and the configuration samples :)