Ideas

Last Update: 25-Nov-2010


 

 

Documentation

Introduction:

HAVP (HTTP AntiVirus proxy) is a proxy with an anti-virus filter. It does not cache or filter content. At the moment the complete traffic is scanned. The reason for this is the chance of malicious code in nearly every filetype e.g. HTML (JavaScript) or Jpeg. I aim to stop especially dialer or browser exploits. But writing a http Anti Virus Proxy is a real dilemma! Huge downloads are a problem for virus scanning proxies. A Client should not receive data which is unchecked by the virus scanner, but big downloads should not timeout.

I read about some techniques (Squid Redirector, Apache Proxy, ICAP) and decided to write my own proxy.
There is a nice anti-virus solution for the Dansguardian content filter where I found some good ideas. Also I found some information on anti-virus at openantivirus and on proxies at tinyproxy and kprox.

Main aims of Havp are:

Continuous and non-blocking downloads
Smooth scanning of dynamic and password protected homepages

Design:

Havp writes data from a server in a temporary file and hard locks the end of a file. A second fork begins scanning all written data. In that time the data is sent to the client. All Data? No, you can define the size of data which is held back and only deliver it to the client when scanning is complete.

Advantages:
Scanning starts simultaneous with download. Compressed files are a problem because they are only extracted during download.

Disadvantage:
If the scanning process is too slow and the file is larger than the defined "hold back data" you can still receive a virus! If the file contains a virus and the file is bigger than the "hold back data" the download will be cancelled with no warning. If you try to download the file again you will get the error message (this feature is not implemented yet).

Installation Manual:

Please read the INSTALL file from the package.

That's all - havP fun..

 

 


Supported by:

 

 

 

 

 

 

 
 
(c) Christian Hilgers - Disclaimer - Visitors since 15.02.05