ACL inside ClamAV?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

ACL inside ClamAV?

Felipe Arturo Polanco
Hi,

Is it possible to use SQUID ACL inside ClamAV or any other ICAP server?

The idea is to have a list of file types to be denied for some users and allowed for some others.

Thanks,

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: ACL inside ClamAV?

Rafael Akchurin

Hello Felipe,

 

We have something like this in our ICAP server.

See https://docs.diladele.com/administrator_guide_7_0/web_filter/policies/blocking_file_downloads.html

 

Best regards,

Rafael Akchurin

Diladele B.V.

 

From: squid-users <[hidden email]> On Behalf Of Felipe Arturo Polanco
Sent: Friday, 15 March 2019 16:38
To: [hidden email]
Subject: [squid-users] ACL inside ClamAV?

 

Hi,

 

Is it possible to use SQUID ACL inside ClamAV or any other ICAP server?

 

The idea is to have a list of file types to be denied for some users and allowed for some others.

 

Thanks,


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: ACL inside ClamAV?

Alex Rousskov
In reply to this post by Felipe Arturo Polanco
On 3/15/19 9:38 AM, Felipe Arturo Polanco wrote:

> Is it possible to use SQUID ACL inside ClamAV or any other ICAP server?

Not exactly -- Squid ACLs do not cross the adaptation boundary -- but it
is possible for the ICAP or eCAP service to take Squid ACL _results_
into account. It is also possible for Squid itself to apply ACLs based
on the ICAP or eCAP service decisions.

The specifics would heavily depend on what exactly you are trying to do,
on Squid version, and on your ICAP/eCAP service capabilities. Thus,
start by detailing your use case.


> The idea is to have a list of file types to be denied for some users and
> allowed for some others.

There are many ways to interpret this description. For example, you can
use Squid ACLs to _not_ send responses (of a certain content type
requested by certain users) to an ICAP service. Or, with some ICAP or
eCAP services, you can take the service's "this file is of certain type"
decision and use that info in a Squid ACL to decide whether to block or
forward the scanned response.

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users