antispyd

This release provides a major improvement of the signature based filtering engine (the BLOCK_SIGN filter) in terms of both performance and functionality. The signatures are now stored in a 3-Tree to enhance the matching of each HTTP message. This filtering can be performed on each HTTP message's content. A signature can use the hexadecimal array of a byte to specify a field's value.

Interconnection with other HTTP caches and proxies
is now possible via a new configuration directive,
"cache_peer". The "direct_connect" directive was
added for fault tolerance. The HTTP engine was
accelerated via the use of the N-Tree algorithm,
Fast reconnaissance has been implemented for HTTP
headers.

This release provides two new features: Domain
White-List configuration and BLOCK_SIZE filter.
The BLOCK_SIZE filter provides the ability to
control incoming and outgoing traffic for desired
MIME types based on HTTP message size. The control
configuration can be different for incoming and
outgoing traffic. This monitoring is performed
with two independent techniques: "HTTP header
checking" and "HTTP flow tracking". Moreover, the
filter management software architecture has been
cleaned up.

This release cleans up and enhances the Web
engine. The HTTP lexer and parser have been
cleaned up and improved. Better keep-alive
processing has been developed to speed up HTTP
flow transition. Antispyd is now tested with
valgrind.

The algorithm of URL matching via N-Tree walking
has been implemented and drastically increases the
efficiency of the URL filter. For the URL matching
filter, it's now possible to use a file containing
a list of URLs to match, as provided by
urlblacklist.com. The server now uses a pre-forked
listen process architecture to increase
efficiency. A configuration directive has been
added to specify the number of processes to
pre-fork.