Re: sircam removal

["JP" <Theblahact () hotmail com>]

Being the devil's advocate here, but some firewalls can do that. (industry
favourite = FW-1 - it is easily possible to block viruses, attachment types
etc).

Personally I think you are better off doing it with Snort...... or Hogwash
(http://hogwash.sourceforge.net/)  Has anyone got that up and running in a
serious prod env??? I have put it on the backburner for a while but looks
very interesting. I had an idea for developing an open source application
level firewall behind a normal packet filter - bridging firewall, dual
homed, inline, no IP addresses (drooling now.....). Hogwash looks perfect.
(still thinking about the redundancy aspect tho.....).

Packet filters are packet filters. Keep them simple and let them maintain
state etc for you. Do the funky application level stuff with something else.

JP

----- Original Message -----
From: "Michael Boman" <michael () ayeka dyndns org>
> >  open the email before I ever realise it's gone through. Is there a way
to
> > disable to packets containing those nasty attachments as they go through
> > the firewall?
>
> Not the firewall, but either using a SMTP mailcleaner (like AMaViS or
> procmail scripts) or enable flexresp in your snort and start hacking your
own
> snort rules.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users