harley @
icrf .
icnet .
uk wrote:
>
> > first, is the firewall the right place to do this kind of checking? on
>
> Not if it's the -only- place you check.....
It's the WRONG place to check.
�
> There's always an overhead somewhere. You can minimize it and shift
> it to somewhere else between the gateway and the desktop, but you
> can't escape it altogether.
True, but why would you even try to do something like that?
> Generally, though, viruswalls shouldn't scan packet by packet: it's
> usually more efficient to download the file, scan it, and pass it
> on to the client PC if it checks out.
Nobody is going to use R1000 machines for that...
> Have you considered FW1 vs 3? It includes a virus-scanning
> module using Cheyenne technology.
Could you describe it? How does it handle polymorphics?
> > and
> > finally, is smtp checking enough? it seems inadequate.
>
> Depending on your environment, that may more or less cover your
> mail (bearing in mind the boundary cases like encrypted mail and
> attachments, unreadable formats etc.) re known viruses (but
> not trojan horses, necessarily).
Not at all
> Obviously it doesn't cover you
> for ftp, http etc., let alone stuff that doesn't come in via the
> firewall (boot sector viruses, e.g.).
What about multi-partite, the most common type out there? Boot images?
Paul.
References:
|
|
