[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AV gateway

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: AV gateway
From: Nick Buraglio <nick_(_at_)_buraglio_(_dot_)_com>
Date: Tue, 18 May 2004 14:54:36 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm looking for a solution for an opensource AV gateway. I've done some basic searching and poking around the lists and google. Basically what I'm trying to do is catch and block the entry and more importantly the departure of virii, worms, and other malicious code. I have yet to see (in my little bit of looking) anyone that is successfully doing this. I had 3 ideas, from easiest to hardest. I don't know how feasable the last one is. Any good ideas are welcome and hereby solicited. I'm mainly concerned with SMTP since thats how most get spread.

Block port 25 and 587 outgoing except to a specific box, tell all users to use a specified SMTP server which we control that sits in the POP and runs ClamAV. --Most intrusive and not too transparent. this is my last resort.

Try to redirect all SMTP traffic to a local copy of ClamAV which scans and sends on. I don't yet know if this is do-able, it was just a quick thought.

Set up snort on all gateway boxes and use snort data to temporarily block offending / infected users for a predetermined amount of time. This also would need to be tested.


- -------------------------------------
Nick Buraglio	
GnuPG Key: 0x2E5B44F4
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQFAqmn+FOm2Sy5bRPQRAueTAJ0cIhQMxOfVm8nOZryJcWVg5gTmAQCfXWXv
t2XBteoeFUED/xJ1KB/5Hkw=
=ThSS
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: AV gateway
  - From: Brandon Mercer
- Re: AV gateway
  - From: Jason Dixon

Prev by Date: Re: over riding a NIC's MAC address
Next by Date: Re: AV gateway
Previous by thread: Re: amd + "traditional" NIS: Unable to automount (i386)
Next by thread: Re: AV gateway
Index(es):
- Date
- Thread

Visit your host, monkey.org