Firewall Wizards mailing list archives
Re: Blocking email through the web services
From: John Keeton <jkeeton () nettoxin net>
Date: Thu, 23 Jan 2003 19:53:44 -0600
On Thu, Jan 23, 2003 at 09:02:46AM +0100, Mikael Olsson wrote:
"Chapman, Justin T" wrote:One type of protection that I've implemented before is the use of a virus scanning engine to scan incoming http traffic. While this doesn't block access to webmail services per se, it does make these sites one less avenue for malicious code/virii to enter a network.Virus scanning on HTTP helps, if viruses are all you worry about. I personally worry about targeted attacks too, but I see why most people can't be bothered with that :)
*Sigh*, unfortunately going through the output from the proxy logs consumes about 30% of my job. We use a proxy appliance(Cacheflow, now Bluecoat), with on box catagory filtering(smartfilter), and it gets rid of about 70% of isp's mailsites. I then kill regular expressions like "/exchange/|/mail/|/email/|/webmail" .. etc. Then every now and then I grep the logs for things like "msg?|mbox|inbox|display".. etc.. I have about 400 sites listed manually that one of 25k users have gone to. Logs are a pain though, 1.2G /day uncompressed of logs..
Just keep in mind that virus scanning HTTPS is ... um .. problematic ;)
There are products out there(I have product spew at work w/ the vendors name if anyone is interested) that will be the ssl server to the browsers, so you can then forward the http traffic to a filtering proxy, then back to it, and it will make the session to the remote ssl server. The luser never knows what happened. Costly though IIRC. Luser education doesn't work. About a year ago we got a guy in HR fired for surfing p0rn. Ironic thing was, he was the guy we sent our reports with evidence on the p0rn to get people fired.. -john _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Blocking email through the web services seadog (Jan 22)
- Re: Blocking email through the web services Paul D. Robertson (Jan 22)
- Re: Blocking email through the web services Martin Peikert (Jan 22)
- Re: Blocking email through the web services Mikael Olsson (Jan 22)
- <Possible follow-ups>
- RE: Blocking email through the web services Noonan, Wesley (Jan 22)
- RE: Blocking email through the web services Nieveler, Juergen (Jan 22)
- Re: Blocking email through the web services Martin Peikert (Jan 22)
- RE: Blocking email through the web services Skough Axel U/IT-S (Jan 22)
- RE: Blocking email through the web services Chapman, Justin T (Jan 22)
- Re: Blocking email through the web services Mikael Olsson (Jan 23)
- Re: Blocking email through the web services John Keeton (Jan 24)
- Re: Blocking email through the web services Mikael Olsson (Jan 23)
- RE: Blocking email through the web services Nieveler, Juergen (Jan 24)
- RE: Blocking email through the web services Dawes, Rogan (ZA - Johannesburg) (Jan 24)