imap and content inspection?

[ark () eltex ru]

Hi,

I am planning IMAP filtering proxy implementation. A quick look into rfc
shows the IMAP protocol appears to be designed to maximize firewall 
application layer problems ;-). I mean it requires proxy to handle full
email mime parsing, besides quite sophisticated protocol itself, thus
making proxy very complex pile of code, comparable with IMAP server itself,
which turns its security (through simplicity!) advantage questionable.
And - there are numerous ways to retreive various parts of messages without
handling message as whole; if content inspection means simple virus check
with binary result (OK/BAD) it is not really a problem, but if we employ other
content inspection types, it ruins the whole idea.

I know here are many people on the list who know implementation details in
depth, how do other vendors solve this problem? Is "best practice" now
to just handle FETCH and UID FETCH commands syntax issued by widespread email
clients and not to care if other techniques are used?

p.s. for those interested in "fwtk sequel", i expect something like "public
beta" to be finished before Samhain. ;-) i doubt i will include "real" imap4
proxy, though :(
                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards