Squid Proxy Antivirus - Recommendations / Performance [closed]

Solution 1:

I've implemented two anti-virus proxy servers using HAVP and ClamAV and it has worked well for the last year or so. Even though HAVP hasn't reached a 1.0 version yet is has been very stable.

If you go the HAVP route, make sure to check out the implementation recommendations located at http://havp.hege.li/forum/viewtopic.php?f=2&t=11. You will want to make a "Squid sandwich" with a copy of Squid running before and after requests make it to HAVP.

The CPU/RAM requirements aren't that bad since you won't be scanning downloads over a certain size. On a 50 user network we're running HAVP and ClamAV on an older 2.8GHZ Xeon server with 2 GB of RAM with no no problem. There was also no noticeable difference in speed between running Squid alone or with HAVP scanning enabled.

With regards to what scanner(s) to use, I have used ClamAV in mail servers for a long time and it's quite good in that niche. However, the level of protection offered for HTTP clients doesn't seem to be as comprehensive at this time. (But ClamAV is continually getting better so I'm sure that won't be true for long.) We use it as a second level of defense in addition to Sophos on the Windows client boxes and they work very well together.

Solution 2:

alt text
With this guide I configured Squid + c_icap +Clamav and I found it to be the best atleast for now for squid plus antivirus automatic. It will deny any file with a virus from downloading from internet (of course that clamav detects)

I tried some of the list, like viralator (but seems project dead).

Hope it helps!