Interestingly...
I'd decided this was all to hard, and thought I'd just take a look at
the files themselves..
Squid writes a head block to the files, which gives you the URL the
cached file came from.. Grep for the file name, reveals everyone who
has downloaded it and you know where your problem lies!
In this case, it was actually a virus signature file update clam was
picking up, so I've applied the big ignore. ;-)
Cheers, Chris H.
On 20/01/16 13:10, Criggie wrote:
I want to know if there is a way to identify the URL of an object in the
squid cache folders?
My issue: Looking after a proxy and clamscan occasionally finds an
infected file in the /var/cache/squid folder tree.. All of the client
machines have anti-virus on them but I want to identify the URL (And
therefore the workstation from the logs) of the machine that downloaded it
so I can see why it didn't pick up quite an old bit of malware that
clamscan is finding... (Or, if it silently blocked it and didn't alert
the admin console for the site).
Anyone got a pointer, or a better keyword to search for? :-)
I suspect logs are your only fallback. Possibly you'll need to use the
store.log files to identify things based on time.
Remember clamscan's definitions file has a heap of things that aren't
viruses. It detects spam and phishing text which is just clutter.
To purge an object from teh cache, you can use the squidclient command
First add an ACL to permit the purge method
acl purge method PURGE
http_access allow purge localhost
http_access deny purge
Reload squid
Then run something like this
squidclient -m PURGE -h 127.0.0.1
http://www.something.com/badness/thingy.jpg
_______________________________________________
Linux-users mailing list
[email protected]
http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
