> i was handed a product announcement yesterday about a symantec tool
> which does virus checking on smtp packets on the firewall. i didn't
> look very closely at it, but it raised a couple of points on which i
> would like some feedback.
I'd be interested in how it knows which MIME documents to check and
what it looks for. For example, what would it check in a GIF type
attachment for example? Does it check for the Word/Excel macro
viruses, and how would it even know the attachment if a word or excel
file? what if I send other files as type .xls or .doc?
Sounds noble, but I'm not sure how you do it in practice....
> first, is the firewall the right place to do this kind of checking?
I don't think so.... per prior messages...your firewall should be
single purpose and limited in capabilities to assue integrity.
> on
> a fairly skinny host (in my case, a sparc 2 running firewall 1),
> wouldn't the overhead of virus checking impact the flow of packets?
any additional work would affect flow if the system is at or near
capacity in moving data through. as a component fo the network the
task of the firewall is more the RIGHT data along quickly.
> and
> finally, is smtp checking enough?
Why not http, ftp, ICMP and other packets also... any can be
used to send or receive information harmful to the network and the
nodes on the network. Then again, sometimes this information has
be to used in context to know if it is bogus or not. Consider a
bogus attach on ICMP redirect for example... how do you know what
is reasonable and what is not without access to the routing tables?
Do you have a URL for the CA material being advertised?
-----------------------------------------------------------------
Internet: mshines @
purdue .
edu * Michael S. Hines, CDP, CFE
Voice: (765) 494-5845 * Sr. Information Systems Auditor
FAX: (765) 496-1814 * Purdue University
* 1065 Freehafer Hall
* West Lafayette, IN 47907-1065
|
|
