[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AV gateway



I use 3.4 -stable, with postfix and Vexira MailArmor .. works flawlessly so far. The machine is a relay for all inbound and outbound mail. We have internal virus scanners, but they have not picked up a virus since the gateway went in.

FWIW.


-----Original Message-----
From: owner-misc_(_at_)_openbsd_(_dot_)_org [mailto:owner-misc_(_at_)_openbsd_(_dot_)_org]On Behalf Of
Nick Buraglio
Sent: Tuesday, May 18, 2004 3:55 PM
To: misc_(_at_)_openbsd_(_dot_)_org
Subject: AV gateway


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm looking for a solution for an opensource AV gateway.  I've done 
some basic searching and poking around the lists and google.   
Basically what I'm trying to do is catch and block the entry and more 
importantly the departure of virii, worms, and other malicious code.  I 
have yet to see (in my little bit of looking) anyone that is 
successfully doing this.  I had 3 ideas, from easiest to hardest.  I 
don't know how feasable the last one is.  Any good ideas are welcome 
and hereby solicited. I'm mainly concerned with SMTP since thats how 
most get spread.

Block port 25 and 587 outgoing except to a specific box, tell all users 
to use a specified SMTP server which we control that sits in the POP 
and runs ClamAV.  --Most intrusive and not too transparent.  this is my 
last resort.

Try to redirect all SMTP traffic to a local copy of ClamAV which scans 
and sends on.  I don't yet know if this is do-able, it was just a quick 
thought.

Set up snort on all gateway boxes and use snort data to temporarily 
block offending / infected users for a predetermined amount of time.  
This also would need to be tested.


- -------------------------------------
Nick Buraglio	
GnuPG Key: 0x2E5B44F4
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQFAqmn+FOm2Sy5bRPQRAueTAJ0cIhQMxOfVm8nOZryJcWVg5gTmAQCfXWXv
t2XBteoeFUED/xJ1KB/5Hkw=
=ThSS
-----END PGP SIGNATURE-----



Visit your host, monkey.org