Firewall Wizards mailing list archives
Re: imap and content inspection?
From: ark () eltex net
Date: Fri, 10 Oct 2003 13:43:06 +0400
nuqneH, Nope, it has no in-depth protocol knowlegde besides session initiation, only a simple tunnel loop. :-( On Fri, Oct 10, 2003 at 11:05:36AM +0200, Dawes, Rogan (ZA - Johannesburg) wrote:
You may want to look at www.imapproxy.org. Granted it is not exactly the same thing, but it should provide some basic protocol handling code that could be developed further.-----Original Message----- From: ark () eltex ru [mailto:ark () eltex ru] Sent: 09 October 2003 01:41 PM To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] imap and content inspection? Hi, I am planning IMAP filtering proxy implementation. A quick look into rfc shows the IMAP protocol appears to be designed to maximize firewall application layer problems ;-). I mean it requires proxy to handle full email mime parsing, besides quite sophisticated protocol itself, thus making proxy very complex pile of code, comparable with IMAP server itself, which turns its security (through simplicity!) advantage questionable. And - there are numerous ways to retreive various parts of messages without handling message as whole; if content inspection means simple virus check with binary result (OK/BAD) it is not really a problem, but if we employ other content inspection types, it ruins the whole idea. I know here are many people on the list who know implementation details in depth, how do other vendors solve this problem? Is "best practice" now to just handle FETCH and UID FETCH commands syntax issued by widespread email clients and not to care if other techniques are used?
_ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- imap and content inspection? ark (Oct 09)
- <Possible follow-ups>
- RE: imap and content inspection? Dawes, Rogan (ZA - Johannesburg) (Oct 11)
- Re: imap and content inspection? ark (Oct 11)