At 09:52 AM 07/29/97 -0400, Rick Murphy wrote: > >Think about it - when you start a download of a potentially infected file, it's >diverted to the CVP server for vetting. Until the file is completely downloaded, >nothing is sent to the requester because you've got to have the whole file >in order to complete the virus scanning. The behavior you're seeing is the way >CVP is designed to work. (The only alternative would be to start feeding the >file unscanned to the browser, which would then start to show progress - but then >how do you notify them that they've just downloaded a virus??) > This is what desktop protection is for, silly boy. :-) Take for example the F-Prot virus detection/protection product. It dynamically handles the scanning of files as they are received by a POP mailer, and automagically takes the appropriate action (delete, disinfect, ask, etc.). Of course, iIt doesn't handle the case of FTP transfers while the file is in flight (in the process of being downloaded), but chances are that the file will be compressed (i.e. zipped, gzipped), and scanning while the file transaction is taking place would be a major performance hit anyway. I have no personal bias for or against F-Prot, I just happen to use it and it serves my needs quite nicely. If someone were to try to implement virus scanning on the firewall at a company that I worked for, chances are there would be a major revolt -- I don't normally take to this type of nit-wittery very well. Remember that security systems, in this case a firewall, should be as transparent to the users as possible. If it is overly intrusive, then the users themselves will become the security administrator's nightmare, since they will begin to search for ways to circumvent the intrusiveness. Cheers, - paul -- Paul Ferguson || || Consulting Engineering || || Herndon, Virginia USA |||| |||| tel: +1.703.397.5938 ..:||||||:..:||||||:.. e-mail: pferguso@cisco.com c i s c o S y s t e m s