LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-10-2008, 11:35 AM   #1
cccc
Senior Member
 
Registered: Sep 2003
Distribution: Debian Squeeze / Wheezy
Posts: 1,623

Rep: Reputation: 51
scan download files over HTTPS using Anti-Virus Proxy


hi

I've setuped Anti-Virus Proxy HAVP+CLAMAV+SQUID3 on my debian etch stable.
with HTTP it seems to work, but the file download over HTTPS, for example from:

https://secure.eicar.org/eicar_com.zip

will be not scanned.
knows someone why and howto solve this problem Anti-Virus Proxy ?

Last edited by cccc; 05-11-2008 at 05:04 AM.
 
Old 05-10-2008, 11:46 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984
well the ssl session is between your client and the destination, your proxy having access to the contents of that would form the basis of a man in the middle attack, generally not something a user with a supposedly "secure" session will appreciate. squid 3.0 does appear to have a larger amount of support for this... http://www.visolve.com/squid/squid30/network.php and then i assume it'd just plug into the AV as normal. Note that as you have seperate ssl connections on both sides, you have to use your own SSL cert on the inside, which your clients maybe object to - you clearly can't pass on the original SSL details, so have to provide it yourself. If this isn't only for personal use then you need to be *really* careful. you want to avoid terminating numerous types of connection, e.g. online banking. if this is in a commercial environment and users find you've potentially had clear access to their bank details, they'll quite rightfully want your head on a plate.

Last edited by acid_kewpie; 05-10-2008 at 11:49 AM.
 
Old 05-11-2008, 05:29 AM   #3
cccc
Senior Member
 
Registered: Sep 2003
Distribution: Debian Squeeze / Wheezy
Posts: 1,623

Original Poster
Rep: Reputation: 51
thanks a lot,

I've setuped only for personal use.

howto setup squid to decipher SSL ?
I mean to get SSL between a squid and remote server.

Last edited by cccc; 05-14-2008 at 07:38 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
scan https through dansguardian, clamav and squid hassan2 Ubuntu 1 03-13-2008 03:23 AM
Dedicated HTTPS proxy? anybody1234 Linux - Security 16 11-08-2005 10:07 PM
I want to download ftp-site files via wget and socks5 proxy server. jiawj Red Hat 2 10-28-2004 03:32 PM
SuSE 9.1 has no HTTPS through our Proxy slacker9876 Linux - Networking 2 05-13-2004 08:13 PM
https proxy (???) aaronluke Linux - Networking 3 09-12-2002 09:35 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration