Hi all, i am trying to solve the problem, that SQUID is caching all the big files (for example 1GB) before sending them to the client, but the connected ICAP virus scanner is configured with max_file_size 2MB and scan_timeout 5 seconds. So all bigger files, or longer scanning times, should result in "clean" state from the icap virus scanner.
I am running antivirus FSIGK (F-Secure Internet GateKeeper) as an ICAP daemon connected to Squid with this configuration: #ICAP icap_enable on acl domains_dont_icapscan url_regex -i "/etc/squid/ka/domains_dont_icapscan.acl" acl audio rep_mime_type -i ^(audio/x-mpegurl|audio/mpeg|audio/ogg|audio/aac|audio/mp3)$ icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/request adaptation_access service_req allow !domains_dont_icapscan icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/response adaptation_access service_resp allow !domains_dont_icapscan !audio Detecting viruses is working, but downloading large files is a huge problem. Squid is downloading them completely first into the servers memory and caching them, before sending them to the client. Its not stop scanning & caching after 2MB/5Seconds. When downloading big files (f.e. 1gb) the browser just does nothing but waiting a long time, because squid is downloading and caching 1gb before forward to client. I tried change respmod_precache to respmod_postcache but it seems not to be implemented yet, with respmod_postcache fsigk icap log is empty , no virus detection works anymore. I have a test-virus-file with 100MB (https://schroeffu.ch/100mbrandomvirus_begin.txt (https://schroeffu.ch/100mbrandomvirus_begin.txt) eicar+randomcontent) and the virus is detected by fsigk with settings max_scan_size=104400136 / scan_timeout=9000 , change them to max_scan_size=2147483 (2mb) and scan_timeout=5 (5Seconds) the virus is correctly not detected anymore, but, squid still does cache the 100mb before sending to the client. How can I configure the ICAP Service to truly let bigger files/longer scan times through the icap service marked as "clean"? Thanks for any help! Schroeffu
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
