[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: Virus Scanner
From:       David Harley <harley () icrf ! icnet ! uk>
Date:       1997-07-27 11:54:58
[Download RAW message or body]

> 
> The
> problem with having the firewall scanning for viruses, the scanner would
> have to do pattern matching looking at every bit as it passes and would
> require lots of overhead. 

Not quite. The rational approach isn't to scan an incoming data-stream
en passant, but to download to a quarantine area, scan, and forward.
There's still an overhead, but the processing involved is considerably
reduced.

> Also, if a file was infected with a mutating
> virus, I don't believe the firewall scanner would be able to detect it. 

There's no universal law which says that a scanner at the firewall
-can't- detect complex polymorphics. It certainly adds to the processing
overhead, though.

> As far as virus scanners, it would be better to incorporate the virus
> scanner into the Web Browser or the workstation OS. 
> 
The point of having real-time scanning at the desktop is that it monitors
web-browsing as -well- as all the other usual entry-points.

-- 
David Harley                  |              alt.comp.virus FAQ
D.Harley@icrf.icnet.uk        |           & Anti-Virus Web Page
Support & Security Analyst    |    Folk London On-Line gig-list
Imperial Cancer Research Fund | http://webworlds.co.uk/dharley/

[prev in list] [next in list] [prev in thread] [next in thread]