[Snort-inline-users] General anti-virus capabilities

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I found your project on the ClamAV website. What I'd like to know is
what are the general limitations using this type of scheme for
anit-virus protection for LAN workstations behind the firewall? For
example, when using a web proxy anti-virus solution the software must
completely buffer long web file downloads before it can do virus
scanning. I don't see how this could be done using iptables were you
have to "vote" on a packet-by-packet basis. Secondly, is the current
inline snort version suitable for production use?

Thx, Ken