GEN:SID 1:618
Message SCAN Squid Proxy attempt
Summary This event is generated when a scan is detected.
Impact Information gathering.
Detailed Information This event indicates that an attempt has been made to scan a host.

This may be the prelude to an attack. Scanners are used to ascertain which ports a host may be listening on, whether or not the ports are filtered by a firewall and if the host is vulnerable to a particular exploit.
Affected Systems Any host.
Attack Scenarios An attacker can determine if ports 21 and 20 are being used for FTP. Then the attacker might find out that the FTP service is vulnerable to a particular attack and is then able to compromise the host.
Ease of Attack Simple.
Corrective Action Determine whether or not the scan was legitimate then look for other events concerning the attacking IP address.

Check the host for signs of compromise.
Additional References