[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Antivirus Scanning Gateway

To: "Don Tek" <don_tek@hotmail.com>, misc@openbsd.org
Subject: Re: Antivirus Scanning Gateway
From: "Joe Lim" <Joe.Lim@sit.edu.my>
Date: Wed, 01 Oct 2003 10:49:50 +0800
Content-description: Mail message body
Organization: Sepang Institute of Technology

The following are the open source antivirus solution: 

(a) Open Antivirus
http://www.openantivirus.org

(b) Clam AV
http://clamav.elektrapro.com

(c) Trophie
http://www.vanja.com/tools/trophie/
(based on Trend Micro Virus scanning engine library)

(d) Sophie
http://www.vanja.com/tools/sophie/
(based on Sophos SAVI AV interface)

I am having problem to get OAV and CLAMAV to work properly on my machine. 
They always die without a reason. I guessed there is multi- threading problem. 
At present stage, open source AV solution is not mature to use on the production 
server. 

NAI and TrendMicro are both highly recommended commercial solution. 

If you want to do virus-filtering at your gateway, probably you should consider one of 
those fancy cisco boxes which come with good filtering capabilities. 

If you want to do it in open source way, you may try SNORT. But it does not filter 
virus, instead, it just send an alert to you. The virus pattern must be updated 
frequently and depends on the rule writer. Frankly speaking not all virus/worms can 
be detected. 

Good luck. 

On 30 Sep 2003 at 16:42, Don Tek wrote:

> Here's the scenario:
> 
> I have a G4 mac that I want to turn into a gateway antivirus scanner using 
> OpenBSD 3.3 or 3.4.  We are a Mac shop and we have these machines sitting 
> around.  The idea is to implement this at no cost.
> 
> The antivirus scanner has to be free and it has to scan all network traffic 
> through the gateway, not just e-mail.  Automatic definition updates would be 
> nice too.  This will be positioned between our corporate firewall and the 
> private network and it will ONLY scan internet traffic for viruses.  It does 
> not need to act as a firewall and it will not have any other services 
> running on it.
> 
> Please suggest a competent way to achieve this and which antivirus scanner 
> would be best.  Our network has a single T1 and approximately 500 network 
> nodes in use at any time.
> 
> don..
> 
> _________________________________________________________________

Follow-Ups:
- Re: Antivirus Scanning Gateway
  - From: Richard Welty <rwelty@averillpark.net>
- Re: Antivirus Scanning Gateway
  - From: "Sancho2k.net Lists" <lists@sancho2k.net>
- Re: Antivirus Scanning Gateway
  - From: Lars Hansson <lars@unet.net.ph>

Prev by Date: Re: Should named be started before pf during boot?
Next by Date: OT: Getting started with MySQL
Prev by thread: Re: Should named be started before pf during boot?
Next by thread: Re: Antivirus Scanning Gateway
Index(es):
- Date
- Thread