RE: [Sheflug] Antivirus measures

["Morris, David (Allvac, UK)" <david [at] xxxxxxxxxxxx>]

> -----Original Message-----
> From: shef-lug-admin [at] list.sheflug.org.uk 
> [mailto:shef-lug-admin [at] list.sheflug.org.uk] On Behalf Of Chris Johnson
> Sent: Friday, May 21, 2004 11:28 AM
> To: shef-lug [at] list.sheflug.org.uk
> Subject: [Sheflug] Antivirus measures
> 
> I'm thinking of putting an AV plugin on my firewall (IPcop).  
> I'm also thinking of setting up a local email server so that 
> we can automatically remove spam messages from works mail.  
> I'm presuming I can add AV scanning to this PC as well.
> 
> What I'm not sure on is how the firewall scanner will work.  
> I'm presuming any files downloaded via ftp or http will be 
> scanned but what about mail attachments or does this depend 
> on the software.

One assumes that because the http and ftp content is only passing
through the IPCop firewall on a packet by packet basis, AV scanning
would be difficult to impossible to implement. You'd have to have
something that was capable of checking at the packet level rather than
the file level. If it were looking for dodgy content in http, if you're
running squid on the IPCop box, the AV solution would be capable of
detecting any virii in the cached content, but by then, it's already on
the client. In other words, you'd be better off with s/w on the clients.
DansGuardian is checking URLs so is working at a different level.

It's a different kettle of fish with mail. Because your mail server
stores messages for later retrieval, it gets all the content before
passing it on elsewhere therefore it's able to scan the file properly.

Of course, I could be wrong (it wouldn't be the first time :-)

-- 
David Morris

___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.