Menu
▾
▴
[Snort-inline-users] [Fwd: Re: Fortinet IDS]
|
From: Jason <sec...@br...> - 2004-10-19 04:26:10
|
forgot to add the x-post... oops -------- Original Message -------- Subject: Re: Fortinet IDS Date: Mon, 18 Oct 2004 18:59:17 -0400 From: Jason <sec...@br...> To: Ian Gallagher <cdi...@gm...> CC: Don Draper <do...@dr...>, foc...@se... References: <200...@ww...> <d6c...@ma...> I am not sure how fortinet does it however I know snort-inline now has a clamav preprocessor that will scan for viruses in the traffic and block it if discovered. There is no proxy involved and all traffic is scanned based on a configuration you define. It is a recent development and sure to require beefy hardware but might be worth exploring for the edge points that require virus scanning. X-posting to snort-inline if they want to chime in. https://sourceforge.net/tracker/index.php?func=detail&aid=1012679&group_id=78497&atid=553469 Ian Gallagher wrote: > I'm almost certain that their products scan transparently. > > > On 14 Oct 2004 13:30:38 -0000, Don Draper <do...@dr...> > wrote: > >> In-Reply-To: <200...@mx...> >> >> Does anyone know if Fortinet on-board virus scanning uses an SMTP >> proxy server? Or is it able to accomplish this transparently by >> simply inspecting the packets as most the IDS/IPS do. >> >> We just purchased a new Proventia M10 from ISS and have discovered >> that we cannot use it for Anti-Virus (email) or Anti-Spam due the >> ffact that it uses an on-board SMTP proxy server that does not >> support SMTP authentication among other issues. The IPS module does >> not need the proxy and works fine. Having on-board virus scanning >> at the network edge would be very helpful and Fortinet docs would >> make you think it is ALL done with packet inspection and without >> any nasty proxies in the middle. Does anyone know how this works? >> >> TIA, >> >> Don >> >> -------------------------------------------------------------------------- >> Test Your IDS >> >> Is your IDS deployed correctly? Find out quickly and easily by >> testing it with real-world attacks from CORE IMPACT. Go to >> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 >> to learn more. >> -------------------------------------------------------------------------- >> >> >> > > > |
