Problem after build on SuSE 11.2

[reinerotto]

I built squid-gsb on SuSE 11.2 It looks like, the download of the data-base using the gsb-updater is OK, but testing the gsb_redirector from the cmd-line does not detect the phishing test page http://www.google.com/tools/firefox/safebrowsing/phish-o-rama.html

Using firefox with detection enabled works for this page.

I ran the gsb_redirector with debug, and that produced a few messages like

• Going to read malware-hsh.dat
• Going to read black-hash.dat
• Several messages stating something like ... hash for www.google.com/tools/ = 103f7c8814f8987e44765fd2fea3f5d6 hash for google.com/tools/firefox/safebrowsing/phish-o-rama.html = 1809a05b742d0c2c523ff19ec497e5b7 ....

  last console output:

  hash for google.com/tools/firefox/safebrowsing/ = f3a55778d45d12cab3d57dfac1ce6152

My config: cat /etc/squid-gsb/squid-gsb.conf black-hash-file = /var/squid-gsb/black-hash.dat malware-hash-file = /var/squid-gsb/malware-hash.dat debug = 1 black-url = http://............/gsb.html malware-url = http://........./gsb.html key = ABQIAAAA5FZRS39f..........

So the phishing-test-page was not detected. Anything else, I can do, to trace down the problem ?

[alexott]

thanks for report, but I need to reproduce this on my machine, and I'll ask for additional information if I'll unable to reproduce this issue

[reinerotto]

I see, you did some modifications. So could you confirm the problem, is it fixed or whatever is the actual status on my issue ?

[alexott]

I could do this only tomorrow, when I'll have some free time

[alexott]

ok, this is not a error at all - it seems, that Google excluded this page from their databases, because it also doesn't blocked in firefox. I checked several URLs from http://www.google.com/safebrowsing/diagnostic?site=google.com and all sites were found by gsb_redirector

[reinerotto]

You are right. Also my firewfox now does not complain any more about http://www.google.com/tools/firefox/safebrowsing/phish-o-rama.html

I used some other test sites, and it is OK.

Sorry for the inconvinience.

I just read, you live in PB. Peacful town, so nothing disturbed me there during my time at university. My room to live was in Nord-Borchen. Even too peaceful there :-)

[alexott]

Yep, I often ride through Nord/Kirsch-Borchen during my bike trips...

[reinerotto]

I just tried to implement squid-sb into my squid-3.10 and saw in squid.conf, that the (new ?) interface to a URL-rewriter/redirector is URL client_ip "/" fqdn user method [ kvpairs]

This has the effect, that your squid-gsb also generates hashes like

hash for testing.google.test/testing/malware/ 192.168.0.1 / 1234 reiner GET = d96d19aaf07aceac415a54b4317d14cf

which are unnecessary work. May be, you can simply ignore everything after the URL to reduce the load.

[reinerotto]

It works with squid 3.10 So you can update the docs: Tested on SuSE 11.2, too :-)

[alexott]

ok, thanks - I need to re-work documentation heavily

[reinerotto]

One more idea regarding the code itself:

For performance reasons, squid has the possibility to spawn multiple instances of the same redirector. I notice, this needs quite some memory, probably because of the multiple instances of the same hash table being created. Some type of shared-memory or memory-mapped file used for the hash-table, which can be read by all redirectors, should reduce memory requirements significantly, I guess.

[alexott]

good idea, I created separate issue to track it