Squid cache Antivirus Update
-
as i seen here (http://doc.pfsense.org/index.php/Squid_Package_Tuning#Caching_Windows_Updates), i manage to do windows update cache, anyone here manage to do cache AntiVirus update like, Avira, MalwareBytes, Kapersky etc…? Only seen for AVG there..is other av possible to cache?
-
It should be possible, you just need to know the URL from which the updates are downloaded and adjust the URL pattern to match.
If you already have squid logging web access, it may just be a matter of triggering an update and watching the squid log.
-
am i on correct track?
some that i find in squid.loghttp://mbam-cdn.malwarebytes.org/program/mbam-setup.exe
http://pupdate-af.avg.com/pupdate/w8krnl436ay.bin
http://af.avg.com/softw/80free/update/f8ui437bc.bin
http://data-cdn.mbamupdates.com/v0/database/data/rules.3961.refrefresh_pattern pupdate-af.avg.com/..(bin) 4320 100% 43200 reload-into-ims;
refresh_pattern af.avg.com/..(bin) 4320 100% 43200 reload-into-ims;
refresh_pattern mbam-cdn.malwarebytes.org/..(exe) 4320 100% 43200 reload-into-ims;
refresh_pattern data-cdn.mbamupdates.com/..(ref) 4320 100% 43200 reload-into-ims;my custom option should be like this..
refresh_pattern windowsupdate.com/..(cab|exe) 4320 100% 43200 reload-into-ims;refresh_pattern download.microsoft.com/..(cab|exe) 4320 100% 43200 reload-into-ims;refresh_pattern au.download.windowsupdate.com/..(cab|exe) 4320 100% 43200 reload-into-ims;refresh_pattern guru.avg.com/..(bin) 4320 100% 43200 reload-into-ims;refresh_pattern pupdate-af.avg.com/..(bin) 4320 100% 43200 reload-into-ims;refresh_pattern af.avg.com/..(bin) 4320 100% 43200 reload-into-ims;refresh_pattern mbam-cdn.malwarebytes.org/..(exe) 4320 100% 43200 reload-into-ims;refresh_pattern data-cdn.mbamupdates.com/..(ref) 4320 100% 43200 reload-into-ims;range_offset_limit -1;redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3
-
Looks right, but of course the real test is whether or not it actually works. ;D
-
this is what i found on squid.log
http://dl5.avgate.net/upd/vdf/antivir2.vdf.gz
http://dl7.avgate.net/upd/vdf/antivir2.vdf.gzcan i use this for caching?
refresh_pattern .avgate.net/..(gz) 720 100% 10080 reload-into-ims;
-
You could probably get away with:
refresh_pattern avgate.net/.*.gz 720 100% 10080 reload-into-ims;
You really only need the () when specifying more than one extension, e.g. ".gz" is ok, but you could use ".(gz|exe|bin|zip)" if they had more kinds of files in that same location.
-
;D thanks..something new that i learn..
this is my current setting so far..
refresh_pattern .avgate.net/..gz 720 100% 10080 reload-into-ims;refresh_pattern .facebook.com/..* 720 100% 10080 reload-into-ims;refresh_pattern windowsupdate.com/..(cab|exe) 4320 100% 43200 reload-into-ims;refresh_pattern download.microsoft.com/..(cab|exe) 4320 100% 43200 reload-into-ims;refresh_pattern au.download.windowsupdate.com/..(cab|exe) 4320 100% 43200 reload-into-ims;refresh_pattern guru.avg.com/..bin 720 100% 10080 reload-into-ims;refresh_pattern pupdate-af.avg.com/..bin 4320 100% 43200 reload-into-ims;refresh_pattern af.avg.com/..bin 720 100% 10080 reload-into-ims;refresh_pattern mbam-cdn.malwarebytes.org/..exe 720 100% 10080 reload-into-ims;refresh_pattern data-cdn.mbamupdates.com/..ref 720 100% 10080 reload-into-ims;refresh_pattern personal.avira-update.com/.. 720 100% 10080 reload-into-ims;refresh_pattern dl.antivir.de/.*.zip 720 100% 10080 reload-into-ims;range_offset_limit -1;redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3
-
refresh_pattern avgate.net/.*.gz 720 100% 10080 reload-into-ims;
refresh_pattern .avgate.net/..gz 720 100% 10080 reload-into-ims;
just seen a bit different.. avgate.net or *.avgate.net? got different
-
Actually it should probably be:
refresh_pattern avgate.net/.*\.gz 720 100% 10080 reload-into-ims;
Since the regex isn't achored, that will match the same as .*avgate.net, and the . in .gz should probably have the \ before it so it's really considered a period.
It still would have worked, but really either one of those should match the pattern you were trying to make.