scan download files over HTTPS using Anti-Virus Proxy

'chris' — Mon, 12 May 2008 23:47:41 GMT

hi

I've setuped Anti-Virus Proxy:

HAVP+CLAMAV+SQUID

only for personal use on my debian etch stable.

with HTTP it seems to work, but the file download over HTTPS,
for example from:

https://secure.eicar.org/eicar_com.zip

will be not scanned.

howto setup squid to decipher, I mean SSL between a remote server and proxy
or allow scan download files over ssl ?

Re: scan download files over HTTPS using Anti-Virus Proxy

Mike Stroyan — Thu, 15 May 2008 22:34:06 GMT

The common answer for this is that squid and havp don't support
inspection of https/SSL. The entire reason for SSL is to prevent
man-in-the-middle decoding. However, there are some proxies such as
http://www.delegate.org/delegate/ and http://crypto.stanford.edu/ssl-mitm
that will try to enable SSL inspection by posing as the client for the
https server and posing as the host for the https client. They depend
on having a browser configured with the proxy as a certificate authority
so it can create a phony server certificate to present to the client browser.

I actually see a claim at http://www.securenetassociates.com/network_composer.htm
that they have a SSL filter that can act as a man-in-the-middle without any
configuration of the client browsers. That is alarming and unlikely.

topic scan download files over HTTPS using Anti-Virus Proxy in Operating System - Linux

scan download files over HTTPS using Anti-Virus Proxy

Re: scan download files over HTTPS using Anti-Virus Proxy