OT: more IE6 vulnerabilities

Spicer, Kevin Kevin.Spicer at BMRB.CO.UK
Thu Jan 29 11:45:22 GMT 2004 

Matthew Day wrote:
> <snip>
>> Boy am I glad that we just implemented virus scanning on all our http
>> traffic (although https still worries me!).  Funny thing is that to
>> do it we had to put a squid box between our ISA server and the
>> internet! Yep we're proxying our proxy! 
>> 
> I'd be really glad to have this in place too - unfortunately I don't
> :) 
> 
> We're in the early stages of a project to set up a HTTP proxy and
> this looks like a massive point in favour of using squid. Are there
> any docs you can point me to on doing this?

Matthew, hope you don't mind that I've copied this back to the list - it may be off topic but it seems to be an area of concern for people on the list and yours is not the first enquiry I've had.

It was set up by a coleague, but from what he's told me he used DansGuardian Virus Scan http://www.pcxperience.org/dgvirus/ (this is a mix of DansGuardian and old MailScanner code and runs on top of squid)

He made a couple of changes to improve performance...
1) Use clamdscan rather than clamscan (for speed) this was simply a case of setting up clamd and adding the letter d to the appropriate place in the perl script.  One gotcha, make sure that freshclam/ clamd work together so that clamd picks up updates when they are loaded.
2) Using sophie (from http://www.vanja.com/tools/sophie/)  Sophie (for those that don't know) is a daemon for Sophos, which eliminates the Sophos startup time (6 seconds for each request!!!).  [Before anyone asks, the libsavi stuff wouldn't have worked because DVG calls the perl script for each request, so you would still have the startup time].  This required rather more work, and is still being tweaked, my coleague hopes to submit patches back to the project once he has cleaned it up a bit. 

We're using this as an upstream proxy to our ISA server, which does all the access control stuff for users.  Its added only a little latency, not really noticable - especially as the ISA server caches anyway.

It blocked a SCO.A this morning from someones webmail account, boy were we pleased!



BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

More information about the MailScanner mailing list