Operating System - Linux
1820390 Members
3769 Online
109623 Solutions
New Discussion

scan download files over HTTPS using Anti-Virus Proxy

 
'chris'
Super Advisor

scan download files over HTTPS using Anti-Virus Proxy

hi

I've setuped Anti-Virus Proxy:

HAVP+CLAMAV+SQUID

only for personal use on my debian etch stable.

with HTTP it seems to work, but the file download over HTTPS,
for example from:

https://secure.eicar.org/eicar_com.zip

will be not scanned.

howto setup squid to decipher, I mean SSL between a remote server and proxy
or allow scan download files over ssl ?
1 REPLY 1
Mike Stroyan
Honored Contributor

Re: scan download files over HTTPS using Anti-Virus Proxy

The common answer for this is that squid and havp don't support
inspection of https/SSL. The entire reason for SSL is to prevent
man-in-the-middle decoding. However, there are some proxies such as
http://www.delegate.org/delegate/ and http://crypto.stanford.edu/ssl-mitm
that will try to enable SSL inspection by posing as the client for the
https server and posing as the host for the https client. They depend
on having a browser configured with the proxy as a certificate authority
so it can create a phony server certificate to present to the client browser.

I actually see a claim at http://www.securenetassociates.com/network_composer.htm
that they have a SSL filter that can act as a man-in-the-middle without any
configuration of the client browsers. That is alarming and unlikely.