Alexander Grüner wrote:
>> which malware does show the content to the user? :) Aha, probably
>> some of
>> those "toolbars" :)
>
>
> according to my log at least:
>
> "Mozilla/4.0 (compatible; MSIE 6.0.2600.0000;;Q324929;; Windows NT
> 5.0; FunWebProducts)"
> "Mozilla/4.0 (Compatible; MyWaySearchAssistantDE)"
> "Mozilla/4.0 (Compatible; MyWebSearch)"
> "Mozilla/4.0 (Compatible; MyWebSearchSearchAssistant)"
>
> a lot more according to:
> http://www.bleedingsnort.com/cgi-bin/viewcvs.cgi/user-agents/useragents.txt?root=Spyware-User-Agents&rev=1.4&view=markup
> :-)
>
> this one is really funny:
> VIRUS Beagle Worm beagle_beagle
>
> anyway, I am still missing a possibility to report the malware.
>
> further ideas are to block old Browser versions with security leaks
> like Firefox 1.0.1 etc.
> ok, I could do it with different files and different error messages,
> each for one single blocking event...but I do not like that idea very
> much... ;-)
>
> BTW: Looking to the source code of squid does not reveal the
> possibility to customize this event...at least not for somebody like
> me who cannot program at this high level...perhaps it is really not
> possible ?
>
> Regards,
> Alexander
Perhaps it's not the route you would like to take, but you can use an
external webserver to supply your deny_info pages. A dynamic page
written with SSI, PHP, Perl or the like would be able to show the
UserAgent. A lightweight httpd server (such as thttpd) could be run on
the same hardware as the Squid server without too much impact, if no
other webserver was available.
Chris
Received on Wed Apr 12 2006 - 14:45:37 MDT
This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:02 MDT