AntiVirus Software

["Robert Driscoll" <driscoll_r () primesource com>]

Firewall Wizards,

        Hopefully this message is not an inappropriate for this list, if
so, please discard.

        This question revolves more around Virus Scanning than firewalling.
But since the scanner will talk directly to the firewall, I would like any
input you may wish to elicit.

        Our firewall is the AltaVista Firewall, running on DEC UNIX. Its a
NAT, Proxy firewall that provides hidden DNS. It also has an option called
Content Vectoring Support that allows the different proxies to pass data
to an Antivirus software. In this case it would pass the data to another
box running some antiviral software on the internal network.

        Currently we are reviewing 3 firewall scanners TrendMicros VirusWall,
Sophos, and Norton Antivirus for Firewalls. Most of the scanners I got from
the
CERT webpage run on NT so it seems thats where we will be looking. (Of
course now we're stuck with NT on Intel, not Alpha, thanks COMPAQ)

        My question is does anyone have experience configuring firewalls to
pass traffic to an virus scanner? It does seem to add a bit of complexity
to the situation. I'm interested in hearing about possible pitfalls and
traps
that maybe lurking. We are looking at configuring SMTP first and then if
that
works, FTP and HTTP.

        Any comments on scanning products would be appreciated as well.