Very Computer

OK. Pardon my stoopey question.

Short of running anti-virus software on the (end-) user machines themselves
on my home network, is there any software I could run on my firewall or
gateway machine that would scan incoming/outgoing traffic for viruses?  I am
guessing not - because it would probably need to be scanning completed items
and not packets of 'partial items'.  I could live with the delay of a
'store-and-forward' solution for network traffic but I suppose this would
interfere with things like VPN usage and end-to-end traffic.  I wouldn't
care whether this application was Linux- or Windows-based.  (Well, honestly
though, Linux is preferred but nevermind.)

My endgoal is to try and confine the anti-virus scanning activity (and its
management) to one machine.  I run a network in my household with about 4
users and don't want to have to run around to each machine to manage things
and also don't want to have to buy each machine anti-virus software.  I have
a mix of Windows and Linux-based machines in my network.  Maybe there's a
smarter solution.

And if I'm stuck with running anti-virus on each individual machine, is
there something open source for the Linux environment?

Detecting and removing viruses is not really a job for a firewall.
What might be easier would be to force the internal computers to
fetch emails from a local mail server scaning mails for viruses,
and force them to fetch files from the web through a (transparent)
proxy that scan for viruses. You could then use the firewall to
block for other http and mail connections, it should block
problematic protocols as well like incomming http connections if
you have windows machines inside.

--
Kasper Dupont

Heyho ppl! :-)

There is one tangible solution which I am aware of. Firstly, Amavis is an
excellent package for scanning e-mails. You can use amavis (www.amavis.org)
with any linux virus scanning package (check out www.hbedv.com or
www.ca.com for a couple of commercial ones. The cost of licences will make
you weep though.) Simply put, amavis sits on your sendmail process and
fires all deliverable mail through the virus scanner.

Secondly you can set up Squid to feed content through the same virus
scanning package. Check out http://viralator.loddington.com for more info
on one solution for this. Essentially, you can set up rules in Squid which
tell the proxy to look out for certain extensions, which are then to be
virus checked. The obvious ones are .exe, .com and the like (via http
download only of course - ftp won't AFAIK work with squid).

If your clients are then set up to use the proxy and you have amavis on
your mail gateway(s) you're set. All you need then is to keep an eye on
updates. I cron a simple perl script every six hours which ftp's to the AV
Solution Provider's server and uses the "mirror" command to check for a new
version of the virus definition file.

Sorry for the epic, but I remember looking for a solution for ages, and
it's nice to be able to share... :-)

Regards,
Nils.

--
"Linux is obsolete. [...] 5 years from now everyone will be running free
GNU on their 200 MIPS, 64M SPARCstation-5."
Prof. Andrew Tanenbaum on comp.os.minix, 30. January 1992.

Check out Trend Micro's Office Scan Corporate Edition for Windows.  With
Office Scan you can easily manage everything from one machine.  Auto-updates
of signature files, manual push of signature files, manual scans of anything
anywhere on the network, scheduled scans, cleaning of any file/machine on
the network, obtaining stats from past viruses on each machine... all of
this done from a single centrally managed node.  Great stuff.  Not free....!
But the best price for a program that does all of this that I found.  I
really like it.

Not sure about Linux.

-Frank

Quote:> OK. Pardon my stoopey question.

> Short of running anti-virus software on the (end-) user machines
themselves
> on my home network, is there any software I could run on my firewall or
> gateway machine that would scan incoming/outgoing traffic for viruses?  I
am
> guessing not - because it would probably need to be scanning completed
items
> and not packets of 'partial items'.  I could live with the delay of a
> 'store-and-forward' solution for network traffic but I suppose this would
> interfere with things like VPN usage and end-to-end traffic.  I wouldn't
> care whether this application was Linux- or Windows-based.  (Well,
honestly
> though, Linux is preferred but nevermind.)

> My endgoal is to try and confine the anti-virus scanning activity (and its
> management) to one machine.  I run a network in my household with about 4
> users and don't want to have to run around to each machine to manage
things
> and also don't want to have to buy each machine anti-virus software.  I
have
> a mix of Windows and Linux-based machines in my network.  Maybe there's a
> smarter solution.

> And if I'm stuck with running anti-virus on each individual machine, is
> there something open source for the Linux environment?

Quote:> My endgoal is to try and confine the anti-virus scanning activity (and its
> management) to one machine.  I run a network in my household with about 4
> users and don't want to have to run around to each machine to manage
things
> and also don't want to have to buy each machine anti-virus software.  I
have
> a mix of Windows and Linux-based machines in my network.  Maybe there's a
> smarter solution.

My suggestion is try Winproxy.  It has inbound and outbound virus scanning.
www.winproxy.com
Good Luck

The problem is how does the gateway monitor the contents of all types of
traffic?
Not only are you dealing with email and web downloads but all sorts of other
downloads (FTP, ICQ etc).

To be effective you still need a client on each machine, products like Trend
Micro are very good at this.
You can install/uninstall/update/test all clients remotely from you server
which logs and reports.

I don't think you'll find anything practical AND free.

Quote:> OK. Pardon my stoopey question.

> Short of running anti-virus software on the (end-) user machines
themselves
> on my home network, is there any software I could run on my firewall or
> gateway machine that would scan incoming/outgoing traffic for viruses?  I
am
> guessing not - because it would probably need to be scanning completed
items
> and not packets of 'partial items'.  I could live with the delay of a
> 'store-and-forward' solution for network traffic but I suppose this would
> interfere with things like VPN usage and end-to-end traffic.  I wouldn't
> care whether this application was Linux- or Windows-based.  (Well,
honestly
> though, Linux is preferred but nevermind.)

> My endgoal is to try and confine the anti-virus scanning activity (and its
> management) to one machine.  I run a network in my household with about 4
> users and don't want to have to run around to each machine to manage
things
> and also don't want to have to buy each machine anti-virus software.  I
have
> a mix of Windows and Linux-based machines in my network.  Maybe there's a
> smarter solution.

> And if I'm stuck with running anti-virus on each individual machine, is
> there something open source for the Linux environment?

Linux doesn't really suffer from virus woes like Windows does.  Although
Linux could, in theory, be infected by a virus I don't believe anyone has
made a Linux virus that propagated "in the wild".

I'm not saying that Linux doesn't have security issues, just that it
doesn't have the virus/trojan issues that Windows has.

"Of course not, it's a kernel".

Quote:> I'm not saying that Linux doesn't have security issues, just that it
> doesn't have the virus/trojan issues that Windows has.

However, you should really come out from under that rock and stop
hob-nobbing with the millipedes.

~Tim
--

In miracles much more than I can say        |http://spodzone.org.uk/
It's enough to keep me still believing      |
In drifting hearts so far away              |