Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: imap and content inspection?

From: ark () eltex net
Date: Fri, 10 Oct 2003 13:43:06 +0400
nuqneH,

Nope, it has no in-depth protocol knowlegde besides session initiation,
only a simple tunnel loop. :-(

On Fri, Oct 10, 2003 at 11:05:36AM +0200, Dawes, Rogan (ZA - Johannesburg) wrote:

You may want to look at www.imapproxy.org. Granted it is not exactly the
same thing, but it should provide some basic protocol handling code that
could be developed further.



-----Original Message-----
From: ark () eltex ru [mailto:ark () eltex ru] 
Sent: 09 October 2003 01:41 PM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] imap and content inspection?


Hi,

I am planning IMAP filtering proxy implementation. A quick 
look into rfc
shows the IMAP protocol appears to be designed to maximize firewall 
application layer problems ;-). I mean it requires proxy to 
handle full
email mime parsing, besides quite sophisticated protocol itself, thus
making proxy very complex pile of code, comparable with IMAP 
server itself,
which turns its security (through simplicity!) advantage questionable.
And - there are numerous ways to retreive various parts of 
messages without
handling message as whole; if content inspection means simple 
virus check
with binary result (OK/BAD) it is not really a problem, but 
if we employ other
content inspection types, it ruins the whole idea.

I know here are many people on the list who know 
implementation details in
depth, how do other vendors solve this problem? Is "best practice" now
to just handle FETCH and UID FETCH commands syntax issued by 
widespread email
clients and not to care if other techniques are used?


                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: