> problem with having the firewall scanning for viruses, the scanner would
> have to do pattern matching looking at every bit as it passes and would
> require lots of overhead.
Not quite. The rational approach isn't to scan an incoming data-stream
en passant, but to download to a quarantine area, scan, and forward.
There's still an overhead, but the processing involved is considerably
> Also, if a file was infected with a mutating
> virus, I don't believe the firewall scanner would be able to detect it.
There's no universal law which says that a scanner at the firewall
-can't- detect complex polymorphics. It certainly adds to the processing
> As far as virus scanners, it would be better to incorporate the virus
> scanner into the Web Browser or the workstation OS.
The point of having real-time scanning at the desktop is that it monitors
web-browsing as -well- as all the other usual entry-points.
David Harley | alt.comp.virus FAQ
uk | & Anti-Virus Web Page
Support & Security Analyst | Folk London On-Line gig-list
Imperial Cancer Research Fund | http://webworlds.co.uk/dharley/