[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: Virus Scanner
From:       "Jay K. Bahel" <jbahel () mcs ! net>
Date:       1997-07-26 19:50:38
[Download RAW message or body]

Has anyone used Norton's Anti-Virus product add on for CheckPoint
FireWall-1 (NT)?  Doesn't McAfee have a similar add-on?  I would think that
if you protected e-mail attachments and ftp traffic, that this would be
sufficient virus protection.  Is there any way to limit these virus add-ons
to that type of traffic only?

-Jay

----------
> From: harley@icrf.icnet.uk
> To: firewalls@GreatCircle.COM
> Subject: re: Virus Scanner
> Date: Saturday, July 26, 1997 8:30 AM
> 
> > What happens is; the users clicks on his link and gets an hour 
> > glass and then nothing more happens until
> > the scanner is completely finished scanning, which with larger 
> > files can take some time
> > and most users disconnect (or even worse tried again) before they get 
> > the menu to save.
> > 
> The advantage of virus checking at the firewall or viruswall is 
> administrative: you aren't totally reliant on the users' keeping
> their desktops properly protected. There are two large disadvantages,
> though: one is that this approach leaves several other entry points
> uncovered, so it has to be supplementary, rather than your only defence.
> The other is that effective filtering for viruses entails a lot of 
> processing. If your hardware/network isn't beefy enough to cope with
> the overhead, the latency problem is likely to outweigh the advantage.
> 
> > When I talk to Checkpoint's reseller in germany I get the feeling 
> > that we are the only
> > ones who consider internet viruses to be a problem. 
> 
> Not the only ones. But there's a question of definitions, here.
> Leaving aside the question of the Internet Virus, which most 
> people prefer to call a worm, there's some question as to what
> constitutes an internet virus. When most vendors talk about this,
> they seem to mean viruses which are transmissable over networks
> rather than Internet-specific viruses. This largely excludes PC 
> boot-sector viruses (which can be transmitted over networks as
> part of a disk image, but can't -infect- over networks in a formal
> sense -- obviously, it doesn't mean such a disk image can't be a
> transmission vector). It -can- include multipartite PC viruses
> and file infectors (irrespective of platform). File infectors can
> obviously include viruses which infect executables as well as macro
> viruses, which in a sense infect data files. In fact, many vendors
> seem to use macro virus and internet virus interchangeably, but
> the problem with infectable program files hasn't gone away: it's
> just proportionally smaller.
> 
> > My question is; has anyone else 
> > made any attempts to check for internet viruses and if so how do you do
it?
> > 
> Lots of people. Scanning at the firewall, scanning with a separate 
> viruswall, scanning servers inside the firewall, on-demand scanning
> at the desktop, realtime/on-access scanning at the desktop. [There
> are some fairly esoteric generic strategies which I'm going to 
> pass on right now.] Realtime scanning with a Windows VxD or something
> equivalent is the most effective in terms of the range of entry-points 
> protected, but it's harder to administer, because you have to keep
> every desktop scanner updated, instead of just updating server-hosted
> scanners.
> 
> > How serious a problem are viruses in internet?
> 
> Over-hyped, but serious enough. Macro viruses are well into four figures,
> now, and can be transmitted over networks or the Internet in a number of 
> ways.Infected programs and Word files aren't that often found on ftp or
> web servers, but it certainly happens. Just about anything can be
e-mailed
> as an attachment, and frequently is: file viruses, macro viruses,
trojans, 
> cheese sandwiches........ You'd be ill-advised to ignore the problem.
> 
> -- 
> David Harley                  |              alt.comp.virus FAQ
> D.Harley@icrf.icnet.uk        |           & Anti-Virus Web Page
> Support & Security Analyst    |    Folk London On-Line gig-list
> Imperial Cancer Research Fund | http://webworlds.co.uk/dharley/
> 
> 

[prev in list] [next in list] [prev in thread] [next in thread]