SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0001169: Web proxy antivirus not work on SSL https protocol - MantisBT
MantisBT - Endian Firewall
View Issue Details
0001169Endian FirewallProxy HTTPpublic2008-07-28 09:072011-05-26 12:27
mormogeacl 
 
normalfeatureN/A
acknowledgedopen 
2.2-rc2 
 
0001169: Web proxy antivirus not work on SSL https protocol
Web proxy antivirus not work on SSL https protocol
Web proxy antivirus not work on SSL https protocol
http://www.eicar.org/anti_virus_test_file.htm [^]
No tags attached.
duplicate of 0000749acknowledged  http proxy and ssl 
parent of 0002488acknowledged  contentfilter on https 
parent of 0002591acknowledged  Upgrade Squid to 3.1 
has duplicate 0002284closed  Antivirus doesn't work if you download using SSL or HTTPS 
Not all the children of this issue are yet resolved or closed.
Issue History
2008-07-28 09:07mormogeaclNew Issue
2008-07-28 09:07mormogeaclStatusnew => assigned
2008-07-28 09:07mormogeaclAssigned To => simon-endian
2008-09-09 13:47peter-endianNote Added: 0001588
2008-09-09 13:47peter-endianAssigned Tosimon-endian =>
2008-09-09 13:48peter-endianSeverityminor => feature
2008-09-09 13:48peter-endianReproducibilityhave not tried => N/A
2008-09-09 13:53peter-endianStatusassigned => acknowledged
2009-10-21 16:38peter-endianRelationship addedhas duplicate 0002284
2009-10-21 16:40peter-endianRelationship addedduplicate of 0000749
2010-09-24 09:27peter-endianRelationship addedparent of 0002488
2010-09-24 09:27peter-endianRelationship addedparent of 0002591
2011-04-29 16:44datapharmerNote Added: 0006163
2011-05-26 12:27datapharmerNote Added: 0006501

Notes
(0001588)
peter-endian   
2008-09-09 13:47   
The matter of an encrypted channel (SSL) is that *nobody* can read or scan its contents. This includes also a web proxy.

We don't intercept ssl connections yet. Maybe this will come in the future
(0006163)
datapharmer   
2011-04-29 16:44   
I would love to see this implemented. It is a reality that it would be simple to bypass all firewall virus scanning and filtering simply by linking to a site that starts with https... Sonic wall implements this by intercepting and then issuing a replacement certificate, which could be installed to clients via network policy.

See sonic wall kb article for details: http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=8365 [^]
(0006501)
datapharmer   
2011-05-26 12:27   
This may be a good solution for a future version of endian: http://wiki.squid-cache.org/Features/SslBump [^]