[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: AV gateway
- From: Nick Buraglio <nick_(_at_)_buraglio_(_dot_)_com>
- Date: Tue, 18 May 2004 14:54:36 -0500
-----BEGIN PGP SIGNED MESSAGE-----
I'm looking for a solution for an opensource AV gateway. I've done
some basic searching and poking around the lists and google.
Basically what I'm trying to do is catch and block the entry and more
importantly the departure of virii, worms, and other malicious code. I
have yet to see (in my little bit of looking) anyone that is
successfully doing this. I had 3 ideas, from easiest to hardest. I
don't know how feasable the last one is. Any good ideas are welcome
and hereby solicited. I'm mainly concerned with SMTP since thats how
most get spread.
Block port 25 and 587 outgoing except to a specific box, tell all users
to use a specified SMTP server which we control that sits in the POP
and runs ClamAV. --Most intrusive and not too transparent. this is my
Try to redirect all SMTP traffic to a local copy of ClamAV which scans
and sends on. I don't yet know if this is do-able, it was just a quick
Set up snort on all gateway boxes and use snort data to temporarily
block offending / infected users for a predetermined amount of time.
This also would need to be tested.
GnuPG Key: 0x2E5B44F4
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)
-----END PGP SIGNATURE-----
Visit your host, monkey.org