[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: Re: Virus Scanner
From:       Paul Ferguson <pferguso () cisco ! com>
Date:       1997-07-29 10:14:24
[Download RAW message or body]

At 09:52 AM 07/29/97 -0400, Rick Murphy wrote:

>
>Think about it - when you start a download of a potentially infected file,
it's
>diverted to the CVP server for vetting. Until the file is completely
downloaded,
>nothing is sent to the requester because you've got to have the whole file
>in order to complete the virus scanning. The behavior you're seeing is the
way
>CVP is designed to work. (The only alternative would be to start feeding the
>file unscanned to the browser, which would then start to show progress -
but then
>how do you notify them that they've just downloaded a virus??)
>

This is what desktop protection is for, silly boy.  :-)

Take for example the F-Prot virus detection/protection product. It
dynamically handles the scanning of files as they are received by a POP
mailer, and automagically takes the appropriate action (delete, disinfect,
ask, etc.). Of course, iIt doesn't handle the case of FTP transfers while
the file is in flight (in the process of being downloaded), but chances are
that the file will be compressed (i.e. zipped, gzipped), and scanning while
the file transaction is taking place would be a major performance hit anyway.

I have no personal bias for or against F-Prot, I just happen to use it
and it serves my needs quite nicely. If someone were to try to implement
virus scanning on the firewall at a company that I worked for, chances
are there would be a major revolt -- I don't normally take to this type of
nit-wittery very well.

Remember that security systems, in this case a firewall, should be as
transparent to the users as possible. If it is overly intrusive, then
the users themselves will become the security administrator's nightmare,
since they will begin to search for ways to circumvent the intrusiveness.

Cheers,

- paul


--
Paul Ferguson                                           ||        ||
Consulting Engineering                                  ||        ||
Herndon, Virginia   USA                                ||||      ||||
tel: +1.703.397.5938                               ..:||||||:..:||||||:..
e-mail: pferguso@cisco.com                         c i s c o S y s t e m s

[prev in list] [next in list] [prev in thread] [next in thread]