Has anyone used Norton's Anti-Virus product add on for CheckPoint
FireWall-1 (NT)? Doesn't McAfee have a similar add-on? I would think that
if you protected e-mail attachments and ftp traffic, that this would be
sufficient virus protection. Is there any way to limit these virus add-ons
to that type of traffic only?
> From: harley @
> To: firewalls @
> Subject: re: Virus Scanner
> Date: Saturday, July 26, 1997 8:30 AM
> > What happens is; the users clicks on his link and gets an hour
> > glass and then nothing more happens until
> > the scanner is completely finished scanning, which with larger
> > files can take some time
> > and most users disconnect (or even worse tried again) before they get
> > the menu to save.
> The advantage of virus checking at the firewall or viruswall is
> administrative: you aren't totally reliant on the users' keeping
> their desktops properly protected. There are two large disadvantages,
> though: one is that this approach leaves several other entry points
> uncovered, so it has to be supplementary, rather than your only defence.
> The other is that effective filtering for viruses entails a lot of
> processing. If your hardware/network isn't beefy enough to cope with
> the overhead, the latency problem is likely to outweigh the advantage.
> > When I talk to Checkpoint's reseller in germany I get the feeling
> > that we are the only
> > ones who consider internet viruses to be a problem.
> Not the only ones. But there's a question of definitions, here.
> Leaving aside the question of the Internet Virus, which most
> people prefer to call a worm, there's some question as to what
> constitutes an internet virus. When most vendors talk about this,
> they seem to mean viruses which are transmissable over networks
> rather than Internet-specific viruses. This largely excludes PC
> boot-sector viruses (which can be transmitted over networks as
> part of a disk image, but can't -infect- over networks in a formal
> sense -- obviously, it doesn't mean such a disk image can't be a
> transmission vector). It -can- include multipartite PC viruses
> and file infectors (irrespective of platform). File infectors can
> obviously include viruses which infect executables as well as macro
> viruses, which in a sense infect data files. In fact, many vendors
> seem to use macro virus and internet virus interchangeably, but
> the problem with infectable program files hasn't gone away: it's
> just proportionally smaller.
> > My question is; has anyone else
> > made any attempts to check for internet viruses and if so how do you do
> Lots of people. Scanning at the firewall, scanning with a separate
> viruswall, scanning servers inside the firewall, on-demand scanning
> at the desktop, realtime/on-access scanning at the desktop. [There
> are some fairly esoteric generic strategies which I'm going to
> pass on right now.] Realtime scanning with a Windows VxD or something
> equivalent is the most effective in terms of the range of entry-points
> protected, but it's harder to administer, because you have to keep
> every desktop scanner updated, instead of just updating server-hosted
> > How serious a problem are viruses in internet?
> Over-hyped, but serious enough. Macro viruses are well into four figures,
> now, and can be transmitted over networks or the Internet in a number of
> ways.Infected programs and Word files aren't that often found on ftp or
> web servers, but it certainly happens. Just about anything can be
> as an attachment, and frequently is: file viruses, macro viruses,
> cheese sandwiches........ You'd be ill-advised to ignore the problem.
> David Harley | alt.comp.virus FAQ
> D .
uk | & Anti-Virus Web Page
> Support & Security Analyst | Folk London On-Line gig-list
> Imperial Cancer Research Fund | http://webworlds.co.uk/dharley/