And since HTTP is an interactive protocol, your users would be up in arms about how long it takes to scan when they go to browse a page; Emails, who cares if there's a delay of 30 seconds? (unless you're using Email for real-time messaging, which you shouldn't...)
Some people kvetch about the one or two second delay that an HTTP proxy takes! Now picture a five to ten second delay (and that would be an optimistic estimate...)
And since HTTP is an interactive protocol, your users would be up in arms about how long it takes to scan when they go to browse a page; Emails, who cares if there's a delay of 30 seconds? (unless you're using Email for real-time messaging, which you shouldn't...)
Some people kvetch about the one or two second delay that an HTTP proxy takes! Now picture a five to ten second delay (and that would be an optimistic estimate...)
Hi secapp, a good coded virusscanner combined with a right configured http-proxy on a right sized computer should not have such a delay. Do you mean that a virusscanner takes 3 to 8 seconds to scan a single side?
We've used such products on CheckPoint and the performance was atrocious; to identify virile patterns it had to first cache the entire file, then consult a pattern database; the users were screaming.
For such protection I sooner rely on centrally managed browser security settings with a centralized list of trusted websites; all those sites not trusted run in high security mode; a request can be made to knowledgeable people when users want a site added to the list...
Not to mention the fact that virus scanners won't catch numerous malicious one-off variants...
just to give my three cents here. Afaik there is no really working datastream scanner available on the market right now. The antivirus biggies suchh as Sophos, Kaspersky and others offer filescanner engines means that HTTP and FTP downloads have to be dumped to disk(or memory) in order to be scanned which causes a noticable delay.
Hi,
shurly the file to be scanned has to be completly in memory or on disk but this is what asl-squid does in cachingmode anyway so the delay to read the file completly would be there if you scan it or if you dont.
One programm on the market is the "TREND-MICRO Viruswall" it has a delay but this is it not why i dont want to take the new license for one year and another year ...
The point is that i dont want to proxy on asl and proxy on viruswall again to scan. because that is a delay that i dont want to have.
actually the thing about the squid is not correct. The squid sends the file and stores it at the same time. It is passing it on to the user while keeping a copy in memory to sync out to disc later (AFTER the user already receaved the content)
