[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Sheflug] Antivirus measures

To: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Subject: RE: [Sheflug] Antivirus measures
From: Alan Dawson <aland [at] xxxxxxxxxxxxxx>
Date: Fri, 21 May 2004 14:20:37 +0100
Delivered-to: shef-lug [at] list.sheflug.org.uk
List-help: <mailto:shef-lug-request [at] list.sheflug.org.uk?subject=help>
List-id: Sheflug <shef-lug.list.sheflug.org.uk>
List-post: <mailto:shef-lug [at] list.sheflug.org.uk>
List-subscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=subscribe>
List-unsubscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=unsubscribe>
Reply-to: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Sender: shef-lug-admin [at] xxxxxxxxxxxxxxxxxxx
User-agent: Internet Messaging Program (IMP) 3.2.2

Quoting "Morris, David (Allvac, UK)" <david [at] allvac.co.uk>:

>  
> 
> > -----Original Message-----
> > From: shef-lug-admin [at] list.sheflug.org.uk 
> > [mailto:shef-lug-admin [at] list.sheflug.org.uk] On Behalf Of Chris Johnson
> > Sent: Friday, May 21, 2004 11:28 AM
> > To: shef-lug [at] list.sheflug.org.uk
> > Subject: [Sheflug] Antivirus measures
> > 
> > I'm thinking of putting an AV plugin on my firewall (IPcop).  
> > I'm also thinking of setting up a local email server so that 
> > we can automatically remove spam messages from works mail.  
> > I'm presuming I can add AV scanning to this PC as well.
> > 
> > What I'm not sure on is how the firewall scanner will work.  
> > I'm presuming any files downloaded via ftp or http will be 
> > scanned but what about mail attachments or does this depend 
> > on the software.
> 
> One assumes that because the http and ftp content is only passing
> through the IPCop firewall on a packet by packet basis, AV scanning
> would be difficult to impossible to implement. You'd have to have
> something that was capable of checking at the packet level rather than
> the file level. If it were looking for dodgy content in http, if you're
> running squid on the IPCop box, the AV solution would be capable of
> detecting any virii in the cached content, but by then, it's already on
> the client. In other words, you'd be better off with s/w on the clients.
> DansGuardian is checking URLs so is working at a different level.
> 


Squid will proxy http and ftp traffic,  there is a plug in for it

http://www.openantivirus.org/projects.php

squid-vscan that could do what you ask, but I've never used it



> It's a different kettle of fish with mail. Because your mail server
> stores messages for later retrieval, it gets all the content before
> passing it on elsewhere therefore it's able to scan the file properly.
> 

Soton University produce the fine mailscanner

http://www.mailscanner.info

which is designed for filtering email through other products (like SpamAssassin
or ClamAV)

You can add multiple AV scanners and custom spam / file attachment rule to it.

AED
-- 
"The long revolution is creating small federated microsocieties, true guerilla 

 cells practising and fighting for this self-management. Effective radicality  
 authorises all variations and guarantees every freedom. "  
  
 
 
___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.

Follow-Ups:
- RE: [Sheflug] Antivirus measures
  - From: Chris Johnson

References:
- RE: [Sheflug] Antivirus measures
  - From: Morris, David (Allvac, UK)

Prev by Date: RE: [Sheflug] Antivirus measures
Next by Date: [Sheflug] Internal modem com port setting
Previous by thread: RE: [Sheflug] Antivirus measures
Next by thread: RE: [Sheflug] Antivirus measures
Index(es):
- Date
- Thread