Squid ClamAV Not detecting Test-Virus on site

  • Squid ClamAV Not detecting Test-Virus on site https://www.wicar.org/test-malware.html????

    Tests on this site fail, at the same time, the local antivirus Symantec determines their.
    Can you help me.

  • Guys problem with this site (https://www.wicar.org/test-malware.html) was not solved, is it really not interested in anyone?

  • ClamAV or any other AV running on a system like pfSense will not be able to perform virus inspection on an https site. I'm sure you know https is encrypted traffic. Therefore, the AV can't do any kind of packet level inspection since the data between the web site to your client PC is encrypted. If you have squid setup to do HTTPS/SSL Interception (Man in the middle), then it should be able to perform a virus scan of that encrypted data. However, this is a bad idea. I'm no expert on this, but there have been many posts on these forums (as well as other forums I'm sure) as to why it's not a great idea to "breach" that encrypted data for any purpose. It could break https traffic in some cases. I think newer SSL/TLS standards may not like the data being altered for any reason. Also, it may pose a legal issue since https encryption is supposed to offer privacy and security. If the data is broken down along its route for virus inspection or any other purpose, then privacy is technically no longer intact. Security wise, performing AV inspection is a good thing, but if that AV system is compromised, you are then potentially allowing someone to access encrypted data which would otherwise be inaccessible, by design.

Log in to reply