PfSense, Squid running ClamAV stopped a virus again WOW great work

JonathanLee · Apr 6, 2022, 3:48 AM

Check it out

Gertjan · Apr 7, 2022, 2:16 PM

ClamAV found something suspect in a "http" stream.
That's "easy" en very feasible a decade or so ago.

The device "192.168.1.5" was really visiting a http site ? Is 192.168.1.5 a PC ? Phone ? xbox ?
Or a https site that includes contaminated javascripts from other sites, using "http" so the browser would have yelled already.

Most, if not all sites, are https these days. I would say 'bravo' when Squid+ClamAV finds something in TLS streams. That's much harder to do.

JonathanLee · Apr 7, 2022, 2:25 PM

@gertjan ClamAV uses Icap with squid is it possible for it to do that? Icap is http. It has caught a virus on the streamer once also however. My browser itself did not catch the issue this time all ClamAV with this one. This was a iMac running desktop version M1 2021. This was me looking for math help.