Linux Proxy Server/Adware blocker

[JezEling]

Hi All,

I am looking to implement a Linux Proxy Server and so far have found Squid, which seems to be the leader. My question is does anyone know if there is software I can add to this to detect and remove adware, malware and spyware as well as viruses on the fly when a user accesses a page? We are a Windows shop for our desktops and need to protect them from stuff like this. Currently we have MS Proxy Server version 2 and a really old Mcafee product which is now discontinued and lacking in some features.

Thanks in advance

Jez

 

[BIS]

I really wouldn't know, but a good start at least would be to download, install, update and run Spybot Search and Destroy - I say this as it has a nifty 'immunize' feature.
It won't catch everything obviously, but it's a start...

 

[ericbrunson]

Adware blockers abound.

Two minutes on google turned up:

http://www.openantivirus.org/projects.php

with plugins for squid and httpf

http://www.pcxperience.org/dgvirus/

a plugin for DansGuardian

http://software.othello.ch/mod_clamav/

a plugin for Apache

http://viralator.loddington.com/

a plugin for squid

 

[marsd]

I think you want a server side solution for detecting
downloads that are harmful.Sounds like you want miracle
ingredient x42 to me.
You can use squid to filter the registered application types
that users download and you can use squid or iptables to
filter on strings in general. Make or find a databse of
well-known binary names or contents and filter on these.
It's not going to stop a knowledgeable user from downloading
that 1500kb text file named plain.txt and renaming it
kazaalite.trojan-killharddrive.exe locally.

Good luck

 

[ericbrunson]

The filters I listed above have the ability to scan downloads before they are proxied and examine them for virus signatures and block them if suspect.

 

[bswip]

You may also want to fine tune your settings so that only images or ads that are from the site you are visiting get loaded. There are about 18 sites that a majority of web servers extract images, ads, etc....

A simple solution is to either add them to your hosts file with an address of 127.0.0.1 0 --- Yes, they won't resolve or if you are running DNS add them to point to loaclhost.

Here's a link to the site that I used for my solution

http://pgl.yoyo.org/adservers/#foursteps

 

[btaber]

And another solution:

http://www.privoxy.org/

Brian

 

[ericbrunson]

Privoxy, AKA JunkBuster is a good solution for blocking Ad Sites. It does not perform anti-virus functions.