[prev in list] [next in list] [prev in thread] [next in thread]
List: firewalls-gc
Subject: Re: Virus Scanner
From: David Harley <harley () icrf ! icnet ! uk>
Date: 1997-07-27 11:54:58
[Download RAW message or body]
>
> The
> problem with having the firewall scanning for viruses, the scanner would
> have to do pattern matching looking at every bit as it passes and would
> require lots of overhead.
Not quite. The rational approach isn't to scan an incoming data-stream
en passant, but to download to a quarantine area, scan, and forward.
There's still an overhead, but the processing involved is considerably
reduced.
> Also, if a file was infected with a mutating
> virus, I don't believe the firewall scanner would be able to detect it.
There's no universal law which says that a scanner at the firewall
-can't- detect complex polymorphics. It certainly adds to the processing
overhead, though.
> As far as virus scanners, it would be better to incorporate the virus
> scanner into the Web Browser or the workstation OS.
>
The point of having real-time scanning at the desktop is that it monitors
web-browsing as -well- as all the other usual entry-points.
--
David Harley | alt.comp.virus FAQ
D.Harley@icrf.icnet.uk | & Anti-Virus Web Page
Support & Security Analyst | Folk London On-Line gig-list
Imperial Cancer Research Fund | http://webworlds.co.uk/dharley/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic