Hi all

I am currently researching the possibility of setting up an antivirus scanning web proxy based on linux (clients on the network use this proxy and have all there web, ftp etc. scanned for virus before it reaches the client).

So far I haven't really found any clearcut solutions.

I imagine using a commercial antivirus product, but does anyone have any experience combining such with, say, squid or something?

Are there other ways to do this I should consider?

Or is this basically a project best left for the Windows world where full vendorsupported solutions already exist?

Regards,
Henning

So far I haven't really found any clearcut solutions.
Possibly because there is not a significant threat or no (commercial) interest to develop such products.

SMTP can be done on a server, but IMO HTTP and FTP scanning is best left to clientside apps. You could use a signature-based scanner like Snort in front of the proxy tho, and have it drop connections but you'll have to tune the rulesets for false positives.
Furthermore I'd think running AV will be major CPU intensive on a large cache, and besides that what happens to the payload on a "MISS" from the cache?

Or is this basically a project best left for the Windows world where full vendorsupported solutions already exist?
Sure, as long as consumers don't want to contribute to improve existing products or push (vendors) for building new ones we can all sit together and wonder why Linux "ain't takin' over" (not that that's a valid goal). Of course, of course, it ain't your "responsability", and you haven't got the expertise and time to invest in it... All valid reasons...

openantivirus.org has a module called squid-vscan. However, as the project status says, the scannerdaemon is lacking many features and as such not able to detect polymorphic viruses ....