[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: Virus Scanner
From:       JDaggan () cgsh ! com
Date:       1997-07-28 12:52:52
[Download RAW message or body]

Fyi,

Symantec has a similar product with runs on an NT server.  It's called (not 
surprisingly) "Norton Anti-Virus for Internet E-mail."  It intercepts 
inbound and outbound mail, scans it, cleans up any viruses it finds, and 
notifies the sender and the network admin of any viruses.  We downloaded a 
demo from their Web page, and were pretty pleased with it.

John Daggan
Network Manager
Certified Banyan Engineer
Cleary, Gottlieb, Steen & Hamilton
New York, NY 10006
Internet: jdaggan@cgsh.com
x400: C=US;A=INFONET;P=CGSH;G=JOHN;S=DAGGAN
-------------
Original Text
From: C=US/A=INTERNET/DDA=ID/firewalls-owner(a)GreatCircle.COM, on 7/26/97 
10:27 PM:
   Paul Ferguson <pferguso@cisco.com> wrote:
>  ...<snip>...
>This falls into the "Is it a dessert topping or a floor wax"
>category. Is it a firewall, or a virus checker? Or both?
>  ...<snip>...

and...  Richard Pouncy <prc@Noah.rtscomp.com> wrote

>  The
>problem with having the firewall scanning for viruses, the scanner would
>have to do pattern matching looking at every bit as it passes and would
>require lots of overhead. Also, if a file was infected with a mutating
>virus, I don't believe the firewall scanner would be able to detect it.
>As far as virus scanners, it would be better to incorporate the virus
>scanner into the Web Browser or the workstation OS.

  A customer of mine wants to implement virus scanning of email
attachments.  They have a non-sendmail PC mail system (CC:Mail or
MS Exchange, etc.).  After a brief search just I found an interesting
approach with the the Dr. Solomon (www.drsolomon.com) scanner.
  This appears to be mail system independent - it is an SMTP front
end - e.g. the chain is:

 (incoming SMTP connections) -> (virus checker box) -> (actual mail system)

  The system is an NT system which will be your frontend mailhost to
the Internet.  It will accept incoming mail, detect and decode
email attachments, run them through a PC virus checker, and if they
pass, send the mail on to the actual mail system.

  This approach seems to strike a reasonable balance between technology
and policy (protecting internal systems which are accidently or purposely
mis-configured (may users turn off the virus scanners for perceived
performance or robustness reasons in violation of policy).  Running the
virus scanner on a seperate box (if needed) can address the performance
concerns.

  Disclaimer:  I have not used or tested the Dr. Solomon product, the
approach just seems to be a clean one to me, albeit with one more
system to be added to the security checklist.

  - Randy    randy.witlicki@valley.net
 -




[prev in list] [next in list] [prev in thread] [next in thread]