Menu
▾
▴
RE: [Snort-inline-users] General anti-virus capabilities
|
From: Ken H. <ke...@ac...> - 2005-05-04 11:27:09
|
Thanks, Victor for your frank info. I agree with you about layered security as well. I will install the software and do a little testing. BTW: do you have any recommendation about any open source HTTP proxy/virus scanner. I'm going to check out SquidSafe but would like to know what people in the Linux community are using. -----Original Message----- From: sno...@li... [mailto:sno...@li...] On Behalf Of Victor Julien Sent: Wednesday, May 04, 2005 4:13 PM To: Ken Hilliard Cc: sno...@li... Subject: Re: [Snort-inline-users] General anti-virus capabilities Ken Hilliard wrote: > I found your project on the ClamAV website. What I'd like to know is > what are the general limitations using this type of scheme for > anit-virus protection for LAN workstations behind the firewall? For > example, when using a web proxy anti-virus solution the software must > completely buffer long web file downloads before it can do virus > scanning. I don't see how this could be done using iptables were you > have to "vote" on a packet-by-packet basis. Secondly, is the current > inline snort version suitable for production use? Hi Ken, The ClamAV preprocessor in Snort is not a replacement for a HTTP Proxy Scanner or a AV Smtp Gateway. Due to the nature of the scanner, we scan only raw and incomplete data. So there is no mime decoding, unzipping, or any other preprocessing of the data. Still, i can catch (and block) viruses in Msn, Smb, Imap, Pop3, Ftp, Http. Maybe not all of then, but i see it as an extra layer of protection. Regards, Victor ------------------------------------------------------- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r _______________________________________________ Snort-inline-users mailing list Sno...@li... https://lists.sourceforge.net/lists/listinfo/snort-inline-users |
