LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
Reload this Page scan https through dansguardian, clamav and squid
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices


Reply
  Search this Thread
Old 03-11-2008, 07:42 PM   #1
hassan2
LQ Newbie
 
Registered: Oct 2004
Location: London, England
Posts: 23

Rep: Reputation: 15
scan https through dansguardian, clamav and squid

I have a ubuntu machine which run squid, dansguardian, and clamav.

HTTP request is scanned with dansguardan and clamav then proxyed using squid
However an HTTPS request makes a tunnel connection between itself and the SSL server on the other side (using DIRECT rather than an HTTP GET method).

Does this mean you can not scan HTTPS request? How do you configure dansguardian and clamav to scan HTTPS request?
 
Old 03-13-2008, 03:23 AM   #2
jimbo1954
Member
 
Registered: Oct 2006
Location: High Wycombe, Bucks, UK.
Distribution: Debian and Fedora Core in equal measure
Posts: 264

Rep: Reputation: 33
The whole idea behind HTTPS is that it resists man-in-the-middle attacks. Putting a proxy between the session endpoints is the same as a man-in-the-middle attack just done for a different reason, so you are trying to use two opposing technologies. Generally, you should have a trust relationship with a site that you communicate with using https, and the link will use ssl and so is encrypted, etc, so the usual technique is to simply tunnel https through the proxy/deep packet inspection.

There's some good info here:
http://www.linux.com/base/ldp/howto/...-2.htmlt#ss2.3

you also probably should read the announcements on DansGuardian:

"Sun 22nd April 2001 - version 0.8.6 - beta 3
Added SSL Tunnelling support so now DansGuardian can handle HTTPS. It does not filter HTTPS - it just tunnels it through. Socket closing code improved."
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Preventing DansGuardian Bypass via HTTPS Proxies win32sux Linux - Security 16 08-19-2008 03:08 PM
disable dansguardian without clamav hassan2 Ubuntu 1 03-11-2008 11:02 PM
Virus Scanning through HTTP Web Traffic with Dansguardian & ClamAV jomy Linux - Security 3 12-14-2005 12:06 PM
Virus Scanning Through HTTP web traffic with Dansguardian & ClamAV jomy Linux - Networking 2 12-11-2005 10:56 AM
Dansguardian with ClamAV jomy Linux - Networking 0 11-30-2005 12:28 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu

All times are GMT -5. The time now is 10:33 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration