Re: [Devil-linux-develop] New feature request: HAVP (HTTP Antivirus Proxy)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Bruce Smith wrote:
> Has anyone actually tried the program?
> I'd like to hear how well it really works (or not).

Sorry, I cannot help here.

> Also, I see there are some other AV addons for squid listed on the
> http://www.clamav.net/3rdparty.html#webftp  page mentioned. =20
> Is this one the "best" one for DL?

Dunno.  Se below..

> Also, looking at the docs, it appears that it does not work directly
> with squid, but it's a standalone proxy server and squid can be setup t=
o
> proxy it's traffic through it.  Not the best way to integrate it with
> Squid, IMO.

True, but this gives the option not to cache, but just filter/check for=20
viruses, and you can get by without Squid.

> I'm curious why you picked this one over the others listed?=20

Good question :-)

> (unless you don't plan on using Squid, then I understand)
> As you can probably tell, I use and like Squid.  :-)

I like Squid too.  It is just not required in all installations.

I go through all the choices on the above mentioned clamav page:

DansGuardian Anti-Virus Patch - takes the Virus Scanning capabilities of=20
ClamAV and integrates them into the content filtering web proxy=20
DansGuardian.
Latest: Antivirus plugin stable version 6.4.3 for DansGuardian 2.8.0.6
I'm not sure if this DansGuardian 2.8.0.6 is a proxy which has to be=20
installed, too.
OK. This one looks good feature-wise, but that additional requirement...=20
Hmm...

Frox - Frox is a transparent ftp proxy.
Not for the intended usage?
Otherwise, Frox might be a nice addon, if ftp proxy is required.
...or does Squid do ftp proxying really well nowadays?

HAVP - proxy with an antivirus filter. It does not cache or filter=20
content. At the moment the complete traffic is scanned. A reason for=20
that is the chance of malicious code in nearly every filetypes e.g. HTML=20
(JavaScript) or Jpeg.

mod_clamav - Apache virus scanning filter
Not for the intended usage.

ClamAV module for ProFTPD - This is an add on module for ProFTPD
Not for the intended usage.

SafeSquid - if I understand right, the free version is a cache only, and=20
does not have ClamAV support. Commercial version has it all.
If I'm wrong, the this might be the best one.

SquidClamAV Redirector - 404 Not Found ...

Squidclam - this is really not ready yet

Viralator - Viralator is a perl script that virus scans http downloads=20
on a linux server after passing through the squid proxy server.
Future Enhancements:
1. Remove the use of Wget and use LWP Perl module to download the files
2. Fix Internet Explorer anonomous FTP problem
3. Fix websites that use .exe as a web page extension

So,

DansGuradian
HAVP
SafeSquid

These are the only three options I see.

If DG requires another proxy to be installed, and SS does not have=20
ClamAV support in the free version, we only have HAVP left.

>  - BS
>=20
>=20
>=20
>=20
>>You got my OK.
>>Anybody wants to submit a patch?
>>
>>Heiko
>>
>>On Thu, September 8, 2005 15:45, Kari Mattsson wrote:
>>
>>>from their web site:
>>>
>>>HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus scanne=
r.
>>>The main aims are continuous, non-blocking downloads and smooth scanni=
ng
>>>of dynamic and password protected HTTP traffic. Havp antivirus proxy h=
as a
>>>parent and transparent proxy mode. It can be used with squid or
>>>standalone.
>>>
>>># HTTP Antivirus proxy
>>># Scans complete incomming traffic
>>># Nonblocking downloads
>>># Smooth scanning of dynamic and password protected traffic
>>># Can used with squid or other proxy
>>># Parent proxy support
>>># Transparent proxy support
>>># Logfile
>>># Process change to defined user and group
>>># Daemon
>>># Use Clamav (GPL antivirus)
>>># Operating System: Linux
>>># Written in C++
>>># Released under GPL
>>>
>>>
>>>http://www.server-side.de/index.htm
>>>
>>>
>>>I think this really would add something very unique to DL:
>>>I've been searching for a CD-based Linux with realtime http traffic
>>>virus scanning.  None found so far.
>>>
>>>The external boxes from Panda/TrendMicro/etc. are hideously expensive.
>>>A DL box would be more suitable for many organisations.
>>>
>>>
>>>OK. Those expensive boxes do more, but still..
>>>
>>>
>>>I found this HAVP from http://www.clamav.net/3rdparty.html#webftp
>>>
>>>
>>>The source download is less than 600 KB.
>>>
>>>
>>>This is a Request For Comment :-)
>>>
>>>
>>>
>>>Terveisin/With kind regards/Med h=E4lsningar/Lugupidamisega,
>>>
>>>
>>>Kari Mattsson
>>>
>=20
>=20
>=20
>=20
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development Lifecycle Pract=
ices
> Agile & Plan-Driven Development * Managing Projects & Teams * Testing &=
 QA
> Security * Process Improvement & Measurement * http://www.sqe.com/bsce5=
sf
> _______________________________________________
> Devil-linux-develop mailing list
> Dev...@li...
> https://lists.sourceforge.net/lists/listinfo/devil-linux-develop
>=20

Terveisin/With kind regards/Med h=E4lsningar/Lugupidamisega,

Kari Mattsson
Trivore Corp.