Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am currently researching the possibility of setting up an antivirus scanning web proxy based on linux (clients on the network use this proxy and have all there web, ftp etc. scanned for virus before it reaches the client).
So far I haven't really found any clearcut solutions.
I imagine using a commercial antivirus product, but does anyone have any experience combining such with, say, squid or something?
Are there other ways to do this I should consider?
Or is this basically a project best left for the Windows world where full vendorsupported solutions already exist?
So far I haven't really found any clearcut solutions.
Possibly because there is not a significant threat or no (commercial) interest to develop such products.
SMTP can be done on a server, but IMO HTTP and FTP scanning is best left to clientside apps. You could use a signature-based scanner like Snort in front of the proxy tho, and have it drop connections but you'll have to tune the rulesets for false positives.
Furthermore I'd think running AV will be major CPU intensive on a large cache, and besides that what happens to the payload on a "MISS" from the cache?
Or is this basically a project best left for the Windows world where full vendorsupported solutions already exist?
Sure, as long as consumers don't want to contribute to improve existing products or push (vendors) for building new ones we can all sit together and wonder why Linux "ain't takin' over" (not that that's a valid goal). Of course, of course, it ain't your "responsability", and you haven't got the expertise and time to invest in it... All valid reasons...
openantivirus.org has a module called squid-vscan. However, as the project status says, the scannerdaemon is lacking many features and as such not able to detect polymorphic viruses ....
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.