Content scanning via CVP

[chuck yerkes <fwwiz () yerkes com>]

Hi,

Checkpoint and (I think) semantec have come out with a
"standard" (at least the API has been published) called Content
Vectoring Protocol (CVP).  The idea is that a firewall can take
some content and pass it (via CVP) to some server that looks for
viruses and what not.

Now, I've been a longtime advocate that Virus scanning should be
done on the target machine just before it's executed - that it's
possible to wrap things in such a way that it will get through.
The most obvious being an encrypted message of any kind (pgp or
rot13).

Nonetheless, this Melissa Worm thing has made many managers say
that contents should be checked at the firewall.

- Does anyone have any hard/fast information on CVP?
- Has anyone used it in a non-canned form (eg written something
  that talks to a server)?


Thoughts?  Comments?

chuck