Hi all, I am using Squid 2.5.4-3 on linux, I am using squidguard as redirector to block all windows executables, all is working fine except for some webs that "bypass" squid, the ".exe" file dont show in the log files and the user can download it using the browser.
The only log squid generates is:
1079005403.984 377 192.168.0.167 TCP_MISS/200 3857 GET http://63.217.29.115/connect.php? - DIRECT/63.217.29.115 text/html
1079005404.704 544 192.168.0.167 TCP_MISS/200 9924 GET http://63.217.29.115/download.php? - DIRECT/63.217.29.115 application/force-download
but you get the .exe file.
If someone want to check the URL: http://63.217.29.115/connect.php?did=od-stnd179
Beware, I think the file that is downloaded is some king of dialer/trojan
Is there any way to detect this kind of downloads? or I am forgetting something.
Greets.
Received on Mon Mar 15 2004 - 13:38:48 MST
This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:02 MST