I want to write a script that is called by the redirect_program option in squid.conf, and redirects http requests if they were to download a specially crafted jpeg.

As far as I know such a redirect program should accept the url on its standard input, and should print the rewritten url (or blank line) on its standard output. I though I might do it with bash, as I have no perl knowledge, besides, the task seemed to be simple.

My first attempt to do it:

IFS="
"
for url in `cat` ; do
echo $url >> /var/log/redir/redir.log
case $url in
*jpg)
echo "http://redirected.to.here/" ;;
*)
echo $url ;;
esac
done

But my script only works if I feed it with urls this way:
cat urllist.txt | redirect.sh

If I try to use it from squid as intended, then squid gets stalled (no pages are served any longer).
Besides, there is no url in /var/log/redir/redir.log, as if the script did not start, though I see several instances of the script running.

What is the problem with my script?

I read now that the redirect program shall not use buffered I/O.

Does my script use buffered I/O?
Can it be modified to use unbuffered I/O?

OK, I have been spending my last day with googling the web for anything that can start me in the right direction, but I found nothing useful.

I only found that there are very few using the redirect_program feature of squid, and the redirect programs they use are all perl scripts, and do nothing except match patterns against the input url and rewrite the url based on the result of the pattern match.

What I want to establish is, however, much more: I want the redirect program to get the destination url from squid on the standard input; call wget to download and temporarily store the destination of the input url, call clamd or my jpeg sanity checker script, check the exit codes of those, rewrite (or not) the url based on the exit codes; give the resulting url back to squid on the standard output.

Since I found not a single redirection script on the internet that would use bash, I think I should do it in perl.

All what I have now as a start is this simple perl redirector script that only rewrites one url to an other:
#!/usr/bin/perl
$|=1;
while (<>) {
s@http://www.yahoo.com@http://10.10.10.10@;
print;
}

I have no perl knowledge and I do not want to become a perl programmer just to write a small redirector script (though I know I should learn the basic syntax to do that).

Could you give me a hint how to call an external program from perl, and how to check its exit code?

Thanks for everyone who shows interest in this weblog of mine :-)

Success. And I did it with perl.

So here is my first perl script, serving as a redirector for squid, filtering downloaded executables and jpegs through clamav and my jpeg sanity checker.
If clamd finds an infected executable, then the client will be served with an error page, instead; if my jpeg sanity checker finds a specially crafted jpeg in the downloads, then the client will be served with an other image (red exclamation mark), instead.

Sure, the following script is nasty, as I knew nothing of perl yesterday and I know only a little today. Presently, the script totally lacks error handling, and there are lots of other todo's, too.
It basically works, though I subjected it to very limited testing so far.

Here it is:

#!/usr/bin/perl
$|=1;
$wget="/usr/local/bin/wget";
$antivir="/usr/local/bin/clamdscan";
$jpegcheck="/usr/local/bin/catchjpegvirs.sh";
$exevirert="http://public.foo.bar/virert.html";
$jpegvirert="http://public.foo.bar/virert.gif";
$downloads="/data3/downloads";
while ($_ = <> ) {
@list = split(" ", $_);
$url = "$list[0]";
if ( $url =~ /\/$/ ) {
print;
} else {
if ( $url =~ /(?i)\.(exe|pif|scr|vbs|bat|sys|jpg|jpeg|jpeg2|icon)$/ ) {
if ( $url =~ /[\;\"\|\<]/ ) {
print;
} else {
@fileline = split("/", $url);
$filename = "$fileline[-1]";
$filename =~ s/[\;\"\`\<\{\|]/_/g;
system("$wget -q -c $url -O $downloads/$filename >/dev/null");
$returncode=($? >> 8);
if ( $returncode != 0 ) {
print;
} else {
if ( $url =~ /(?i)(jpg|jpeg|jpeg2|icon)$/) {
$parancs = $jpegcheck ;
$virerturl = $jpegvirert ;
} else {
$parancs = "$antivir --quiet" ;
$virerturl = $exevirert ;
}
system("$parancs $downloads/$filename >/dev/null");
$returncode=($? >> 8);
if ( $returncode != 0 ) {
system("/bin/echo $url >> /data3/downloads/log.txt");
print "$virerturl\n";
} else {
print;
}
}
unlink "$downloads/$filename"
}
} else {
print;
}
}
}

Actually, it does not work very well yet :-(.
It only works when someone requests single files.

When complex pages are requested, the redirector script often does not seem to give a rewritten url back to squid, but a totally different, ancient url, instead.

This may be related to the "\n" printed by the script after the rewritten url. If the "\n" is not there, squid seems to be stucked. If the "\n" is there, then squid receives a surplus "\n", which mixes up things.

Principally, this may be the good old buffered I/O problem, that does not seem to be solved yet.

I put the "\n" at the end of all "print" commands, and now things are much better: squid and the redirector script stay sychronized.
Though it happened once that only a fraction of the requested page was loaded, but it was loaded fully after reloading the page.

Edit: I added a whitelist and a blacklist so as not to re-check urls that has been once checked. The redirector script has been working like a charm with three users for two weeks now. It is time to allow some more users to use it.
By the way, the redirector script (or to be more precise: clamd) catched a virus which would have been sucked in by NAV Corp. Ed.: the troian.downloader one (or troian.dropper as BitDefender identified it).