[Snort-inline-users] Tips for integrating with Squid?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I'm currently evaluating the possibility of using snort-inline as a 
malware/phishing filter on an existing squid cache.

I would appreciate some feedback/suggestions on a few issues.

Performance is critical.  Does --enable-nfnetlink help in this regard? 
Are there any other suggestions to optimize deployment, other than 
simply enabling only the rules/preprocessors appropriate for web traffic?

As a feature request, would it be possible to add an iptables client 
re-direct to the clamav preprocessor and rule syntax?  I would like to 
implement something like SquidClamAV project where users are presented 
with a page detailing that the site is blocked and why.

-- 
Cooper Nelson
Network Security Analyst
UCSD ACS/Network Operations
cn...@uc... x41042