Yes, it can be done. You need policy routing, i.e. the ability to handle two distinct routing tables simultaneously. The reason is that you need to have two simultaneous gateways, one for Squid and the other for the remaining applications. Two gateways are not allowed in OSes, the only exception being policy routing in the Linux kernel.
You find a very good and very short explanation of policy- (sometimes also called source-) routing in David Schwartz's answer to a question on a sister site (Unix and Linux).
You will need to setup your VPN so that its routing table is the alternative routing table. The details depend on the kind of VPN you use.
Now, supposing that the VPN virtual interface is called tun0, with IP address 10.0.0.2, you will need a rule that uses the second routing table (let's call it table2) for applications coming from 10.0.0.2:
ip rule add from 10.0.0.2 table table2 and you also need to make sure that Squid binds to 10.0.0.2 as its outgoing address: for this, you need the directive
tcp_outgoing_address 10.0.0.2