AW: [suse-security] Doubts about "SuSE-FW-on-CD"
-----Ursprüngliche Nachricht----- Von: Christopher Mahmood [mailto:ckm@suse.com] Gesendet: Freitag, 12. Oktober 2001 01:24 An: Hirsch Wolfgang Cc: suse-security@suse.de Betreff: Re: [suse-security] Doubts about "SuSE-FW-on-CD"
* Hirsch Wolfgang (hirsch@fwf.ac.at) [011011 02:54]:
I also want to know, if there any possibilities to scan for viruses.
That's probably something that's better done on a mail server.
Sure, but my box is a http-proxy too and three weeks ago, we had the nimda-virus on internal workstations . Wolfgang
--
-ckm
Sure, but my box is a http-proxy too and three weeks ago, we had the nimda-virus on internal workstations .
Then you need an application level gateway, but that doesn't work to well for incoming stuff like http, requests would be delayed a lot, etc. For SMTP it's another story, store and forward with a much slower response time expected. You need to reassemble the stream at the application level and scan then entire thing. Of course there are a million ways to avoid this. You could do an http accelerator with squid and say filter on "+" or other characters, but this might not be so good for your site and is a lot of setup/etc. Wolfgang
--
-ckm
Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.seifried.org/security/
On Fri, 12 Oct 2001, Hirsch Wolfgang wrote:
* Hirsch Wolfgang (hirsch@fwf.ac.at) [011011 02:54]:
I also want to know, if there any possibilities to scan for viruses.
That's probably something that's better done on a mail server. Sure, but my box is a http-proxy too and three weeks ago, we had the nimda-virus on internal workstations .
Well, a lot of tools for scanning at the SMTP level do exist (see www.openantivirus.org for a product list). The only open-source soultion I know for squid is called "viralator" (with a small patch, it can be used for ftp-traffic to if squid works as ftp-proxy, too). viralator needs squirm and, of course a virus scanner. It works, but don't expect it's fast or really useable if several hunderts clients are conencted to your proxy. best regards, Rainer Link -- Rainer Link | SuSE - The Linux Experts link@suse.de | Developer of A Mail Virus Scanner (amavis.org) www.suse.de | Founder OpenAntiVirus Project (www.openantivirus.org)
participants (3)
-
Hirsch Wolfgang
-
Kurt Seifried
-
Rainer Link