Menu
▾
▴
snort-inline-users
|
From: Ken H. <ke...@ac...> - 2005-05-04 05:55:04
|
I found your project on the ClamAV website. What I'd like to know is what are the general limitations using this type of scheme for anit-virus protection for LAN workstations behind the firewall? For example, when using a web proxy anti-virus solution the software must completely buffer long web file downloads before it can do virus scanning. I don't see how this could be done using iptables were you have to "vote" on a packet-by-packet basis. Secondly, is the current inline snort version suitable for production use? Thx, Ken |
|
From: christopher <ch...@sy...> - 2005-05-04 06:06:02
|
Dear Ken, snort_inline certainly suitable for production used. just the matter of the rules update only need to purchase from snort. On Tue, 2005-05-03 at 21:53 +0700, Ken Hilliard wrote: > I found your project on the ClamAV website. What I’d like to know is > what are the general limitations using this type of scheme for anit- > virus protection for LAN workstations behind the firewall? For > example, when using a web proxy anti-virus solution the software must > completely buffer long web file downloads before it can do virus > scanning. I don’t see how this could be done using iptables were you > have to “vote” on a packet-by-packet basis. Secondly, is the current > inline snort version suitable for production use? > > > > > Thx, Ken > > -- Christopher Chong Chew Vun Enterprise Deployment Team SYNCHROWEB TECHNOLOGY SDN BHD (670983D) Unit No. CT-05-12, 5th Floor Corporate Tower, Subang Square, Jln SS 15/ 4G Subang Jaya, Selangor D. Ehsan, Malaysia. T. +[60]3 5621 9028 F. +[60]3 5621 8802 HP. +[60]12 3247432 |
|
From: Victor J. <vi...@nk...> - 2005-05-04 09:12:59
|
Ken Hilliard wrote: > I found your project on the ClamAV website. What I=92d like to know is > what are the general limitations using this type of scheme for > anit-virus protection for LAN workstations behind the firewall? For > example, when using a web proxy anti-virus solution the software must > completely buffer long web file downloads before it can do virus > scanning. I don=92t see how this could be done using iptables were you > have to =93vote=94 on a packet-by-packet basis. Secondly, is the curren= t > inline snort version suitable for production use? Hi Ken, The ClamAV preprocessor in Snort is not a replacement for a HTTP Proxy Scanner or a AV Smtp Gateway. Due to the nature of the scanner, we scan only raw and incomplete data. So there is no mime decoding, unzipping, or any other preprocessing of the data. Still, i can catch (and block) viruses in Msn, Smb, Imap, Pop3, Ftp, Http. Maybe not all of then, but i see it as an extra layer of protection. Regards, Victor |
|
From: Ken H. <ke...@ac...> - 2005-05-04 11:27:09
|
Thanks, Victor for your frank info. I agree with you about layered security as well. I will install the software and do a little testing. BTW: do you have any recommendation about any open source HTTP proxy/virus scanner. I'm going to check out SquidSafe but would like to know what people in the Linux community are using. -----Original Message----- From: sno...@li... [mailto:sno...@li...] On Behalf Of Victor Julien Sent: Wednesday, May 04, 2005 4:13 PM To: Ken Hilliard Cc: sno...@li... Subject: Re: [Snort-inline-users] General anti-virus capabilities Ken Hilliard wrote: > I found your project on the ClamAV website. What I'd like to know is > what are the general limitations using this type of scheme for > anit-virus protection for LAN workstations behind the firewall? For > example, when using a web proxy anti-virus solution the software must > completely buffer long web file downloads before it can do virus > scanning. I don't see how this could be done using iptables were you > have to "vote" on a packet-by-packet basis. Secondly, is the current > inline snort version suitable for production use? Hi Ken, The ClamAV preprocessor in Snort is not a replacement for a HTTP Proxy Scanner or a AV Smtp Gateway. Due to the nature of the scanner, we scan only raw and incomplete data. So there is no mime decoding, unzipping, or any other preprocessing of the data. Still, i can catch (and block) viruses in Msn, Smb, Imap, Pop3, Ftp, Http. Maybe not all of then, but i see it as an extra layer of protection. Regards, Victor ------------------------------------------------------- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r _______________________________________________ Snort-inline-users mailing list Sno...@li... https://lists.sourceforge.net/lists/listinfo/snort-inline-users |
|
From: Victor J. <vi...@nk...> - 2005-05-04 11:37:11
|
Ken Hilliard wrote: > Thanks, Victor for your frank info. I agree with you about layered > security as well. I will install the software and do a little testing. > BTW: do you have any recommendation about any open source HTTP > proxy/virus scanner. I'm going to check out SquidSafe but would like to > know what people in the Linux community are using. I currently use: http://sourceforge.net/projects/dgav/ It is a modification of Dansgardian which adds AV scanning using ClamAV to it, but i believe it can support some other scanners as well. Regards, Victor |
|
From: Ken H. <ke...@ac...> - 2005-05-04 12:09:48
|
Victor, Dan's Guardian is only "free" for personal use. Does this DG modification have any licensing restrictions? -----Original Message----- From: Victor Julien [mailto:vi...@nk...] Sent: Wednesday, May 04, 2005 6:37 PM To: Ken Hilliard Cc: sno...@li... Subject: Re: [Snort-inline-users] General anti-virus capabilities Ken Hilliard wrote: > Thanks, Victor for your frank info. I agree with you about layered > security as well. I will install the software and do a little testing. > BTW: do you have any recommendation about any open source HTTP > proxy/virus scanner. I'm going to check out SquidSafe but would like to > know what people in the Linux community are using. I currently use: http://sourceforge.net/projects/dgav/ It is a modification of Dansgardian which adds AV scanning using ClamAV to it, but i believe it can support some other scanners as well. Regards, Victor |
|
From: Florin A. <fl...@an...> - 2005-05-29 23:02:32
|
On Wed, 2005-05-04 at 03:25 +0700, Ken Hilliard wrote: > BTW: do you have any recommendation about any open source HTTP > proxy/virus scanner. I'm going to check out SquidSafe but would like to > know what people in the Linux community are using. I do not use it, therefore I cannot recommend it, but I just saw this project and it looks interesting: http://www.server-side.de/ HAVP - HTTP AntiVirus proxy -- Florin Andrei http://florin.myip.org/ |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X