Firewall Wizards mailing list archives
Re: AntiVirus Software
From: "Patrick M. Hausen" <hausen () punkt de>
Date: Wed, 8 Sep 1999 12:38:49 +0200 (CEST)
Hi!
This question revolves more around Virus Scanning than firewalling. But since the scanner will talk directly to the firewall, I would like any input you may wish to elicit. [...] My question is does anyone have experience configuring firewalls to pass traffic to an virus scanner? It does seem to add a bit of complexity to the situation. I'm interested in hearing about possible pitfalls and traps that maybe lurking. We are looking at configuring SMTP first and then if that works, FTP and HTTP. Any comments on scanning products would be appreciated as well.
Our experiences with CVP based scannning were, well, not that great. Our setup is Gauntlet Firewall for Unix with Datafellows F-Secure for Firewalls. As I got from the gauntlet-users archive, CVP version 1.0 has got serious limitations, like not being able to specify what to scan (i.e. HTML and GIFs are scanned, too, if you want to scan HTTP transfers) and a maximum of 5 concurrent open "sessions" between the firewall and the scanning engine. This has proven a showstopper for FTP and HTTP transmissions. Users experience massive slowdowns, short downloads (i.e. half of a file is transmitted) and the like. If you want to deploy a solution based on CVP, make sure all products support CVP 2.0 which addresses some of the problems. F-Secure does, while Gauntlet doesn't. Even CVP 2.0 has got hard coded limitations, now it's 254 sessions, so in a high bandwith configuration with many users it might still fail. Generally vendors seem to prefer proxy based solutions that don't use CVP. E.g. Trendmicro. NAI announced Gauntlet 5.5 would have a built-in scanning engine for the HTTP proxy. I didn't get my hands on that yet. We're still using CVP 1.0 in the above setup to scan emails. Works flawlessly so far. Nonetheless there are standalone "SMTP proxy" based scanners for email, too. Regards, Patrick
Current thread:
- AntiVirus Software Robert Driscoll (Sep 07)
- Re: AntiVirus Software Patrick M. Hausen (Sep 08)
- RE: AntiVirus Software Joe Ippolito (Sep 09)
- Re: AntiVirus Software Josh Robb (Sep 08)
- Re: AntiVirus Software chuck (Sep 09)
- Re: AntiVirus Software Patrick M. Hausen (Sep 08)