In this article, I will review the previous articles, entitled
- Configuring Squid + HAVP(ClamAV) in Ubuntu : Example #1
- Configuring Squid + HAVP(ClamAV) in Ubuntu : Example #2
Equation result from the configuration on both the article.
- When a file that you downloaded or a site that contains a virus can be detected directly, so can not be forwarded to the local workstation.
Differences result from the configuration on both the article.
- Configuring Squid + HAVP(ClamAV) in Ubuntu : Example #1
• Squid cache files is through scanning.
• If in the Squid configuration settings, implement delay-pool & content filtering based on IP/MAC address from the local workstation, will continue to function properly.
Because, Squid still receive an IP/MAC address is actually from the local workstation.
- Configuring Squid + HAVP(ClamAV) in Ubuntu : Example #2
• Squid cache files are not through scanning.
• If in the Squid configuration settings, implement delay-pool & content filtering based on IP/MAC address from the local workstation, will not work.
Because, Squid serves as a “parent-proxy” and only accept requests from HAVP as “transparent-proxy”.
So the IP address received by the Squid is localhost (e.g. 127.0.0.1), and this configuration is more suitable to be applied to delay-pool & content filtering, in general.
Is HAVP + ClamAV is working well on both the configuration examples?
To test whether the configuration is working properly, please download the following test file.
http://www.eicar.org/download/eicarcom2.zip
Which later in the Internet browser will display a message like the following.
At the time this article was written, ClamAV version 0.94.2 already upgraded to 0.95.3.
For more information, please visit the website at http://www.server-side.de.
kokikode's Blog 
November 25, 2011 at 9:23 AM
Very very great tutorials thank you. GBU.
November 21, 2012 at 11:09 PM
would you enhance this with using privoxy as “intercepting proxy” for better adblockin?