linux poison RSS
linux poison Email

Protection from malware using Squid proxy server

Malware (for "malicious software") is any program or file that is harmful to a computer user. Thus, malware includes computer viruses, worms, Trojan horses, and also spyware, programming that gathers information about a computer user without permission.

Ignoring the threat of malware is one of the most reckless things you can do in today's increasingly hostile computing environment. Malware is malicious code planted on your computer, and it can give the attacker a truly alarming degree of control over your system, network, and data - without your knowledge

Now, you can get complete protection from such malware by using/configuring the Malware Block List with squid so that you, your network and your users are protected.

Visit : http://www.malware.com.br for more information of the Malware Block List

To use the Malware Block List on a Squid proxy to block user access to URLs that contain Malware you need to perform the following simple steps:

* Download the block list:
      wget -O - http://malware.hiperlinks.com.br/cgi/submit?action=list_squid > malware_block_list.txt

* Create an ACL in the main configuration file (squid.conf) pointing to a file which will have the list URLs:
      acl malware_block_list url_regex -i "/etc/squid/malware_block_list.txt"

* Enable the ACL created previously:
      http_access deny malware_block_list
      deny_info http://malware.hiperlinks.com.br/denied.shtml malware_block_list

* Force Squid reconfiguration:
      squid -k reconfigure

To have an up-to-date block list, create a cron job to run every 4 hours, pointing to a script like this: 
      #!/bin/sh
      wget -O - http://malware.hiperlinks.com.br/cgi/submit?action=list_squid > /etc/squid  /malware_block_list.txt
      squid -k reconfigure 

* Testing  time: After reloading the squid, try to visit the following site ("www.uploadhut.com"), you should see something like ..


If you are able to see this page on your browser -- relax, you are now safe from the malware :)




5 comments:

Anonymous said...

What about viruses and spyware ?

Anonymous said...

Running regular expression search on a 3K line text file is properly the worst idea I have seen in a long time.

DevOps said...

I think this is a very good idea for normal small business and even for a home use.

Thanks,
Nikesh

Anonymous said...

Some of the URLs in blacklist are only for a certain host (ex www.malware.tld is blocked but malware.malware.tld isn't). So I searched for ?www\. in the file and replaced it with ?(.*\.|)
Works fine so far :-)

Anonymous said...

Thx for the write-up I use a similar way to assist in protecting my kids from the interweb :)

Post a Comment

Related Posts with Thumbnails