Hello list I'm running squid 3.1.19 with squidclamav 6.6 and while debugging a different issue, I looked at tcpdumps of the ICAP traffic for squidclamav. I noticed that not only the webpages are sent to squidclamav for scanning, the *requests* are sent and scanned as well.
This looks like unnecessary processing overhead to me and I've disabled this by removing these lines (from squidclamav's install [1] page): icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access service_req allow all what's left is the response scanning: icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access service_resp allow all Viruses in webpages are still being caught just fine. Should the install page be updated or is there a disadvantage to this approach? [1] http://squidclamav.darold.net/installv6.html
