----- Original Message ----- From: "Martin McWhorter" <[EMAIL PROTECTED]> To: "squidguard" <[EMAIL PROTECTED]> Sent: Friday, September 28, 2001 7:55 AM Subject: Re: Anti-virus?
> The enharent problem with a www virus filter is SSL/HTTPS. Yes. > All a virus would have to do to get past a www virus scanner is put > itself on a SSL page. Then it is encryped from the webserver to the > browser. That means that what ever your HTTP proxy scans might as well > be random bits 'cuz the virus signatures are not going to match up. Exactly. > An alternative is block downloading of .vbs .exe .com .zip files in > squidguard. Or only allow the downloading of .html .txt .jpg .jpeg .gif > .png .css .js .jar. This will have only partial success - SSL also encrypts the HTTP request, so you do not know what is being requested. The only solution that will always work is either SSL Man-In-The-Middle attacks against your own clients, or client side antivirus. Rob
