Hi Amos, the PoC is for a project involving malware inspection, a personal project. I tried to chain 2 Squids as part of solution.
The AV perform the check on the wire before actually allowing Parent Squid to get hold of it. I.e. Client --> ... ... -> Parent Squid --> AV (inspects HTTP, it it is 'infected', do a "TCP Disconnect" as seen on Sysinternals Procmon) --> Website *There was no "TCP Disconnect" for 'clean' pages. >From what I observe when the client is directly connected to the Parent Squid, I got the following message in Parent. I am OK with this message in Parent, but how can I let the Child also know that and display similar message when Parent got it instead of hung? --------------------------------------------------------------------------------------------------------------- ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://www.eicar.org/download/eicar.com.txt The following error was encountered: * Read Error The system returned: (10054) WSAECONNRESET, Connection reset by peer. An error condition occurred while reading data from the network. Please retry your request. Your cache administrator is webmaster. Generated Fri, 21 May 2010 15:29:41 GMT by test-caf801f8d2 (squid/2.7.STABLE8) --------------------------------------------------------------------------------------------------------------- thanks, James Tan
