Dear Mr George,
I agree, MIMEsweeper is a very good product. But I disagree that
the Manual is rubbish, What version do you have? To go further, it is
relatively simple to force all users to use the proxy using routing, or
better still a screening router. I.E. your screening router will let
SMTP both out to the internet and into your network but only to a
specific IP address - your MAILsweeper proxy which in turn passes mail
onto your post office server (EXCHANGE, CC:Mail etc....) which your
clients use to send mail. So I don't really see what the problem is
there. When it comes to HTTP you may have a point but using the same
sort of rules you can force users to use the proxy as the screening
router will not allow connections out of the network from any host
except the proxy. Try using a bridged linux router behind of your
screening router communicating on two different networks then use
dynamic IP resolution on the screening router. Then you can allow
multiple IP's to use http at one time whilst still making sure that the
clients use the proxy. They don;t even know that they are as they can't
see it, their requests are forwarded by the linux gateway.
i.e.
ie 150.300.300.0 | 192.45.135.0 ---(dmz)-------------------------|
0.0.0.0
network+-----+linux bridge+--------+mimesweeper+----------+screening
router
(or other screening router)
Hope this helps,
Cheers,Liam.
> ----------
> From: Steve George[SMTP:stevege @
i-way .
co .
uk]
> Sent: Thursday, January 15, 1998 9:38AM
> To: firewalls @
greatcircle .
com
> Subject: Re: Content filtering
>
> Hi,
>
> I only just joined tis list so apologies if I repeat something already
> said
> earlier in the thread.
>
> MIMEsweeper is very good - it consists of two portions Mailsweeper and
> Websweeper. You provide it with a virus checker as a plugin. My only
> proviso with it has been that the manual is pretty rubbish, all
> marketing
> and little organised content. However, I have mailed their support on
> occasion and they were quick/quite helpful.
>
> From the original mail you say you can't force users to use a proxy.
> My
> understanding of this product (and in fact all content checkers) is
> that
> the client has to make the request through the proxy so that the web
> page
> content can be checked before it gets back to the client. The
> MIMEsweeper
> manual which is hidden on the site explains this, have a look at:
> http://www.mimesweeper.com/downloads/Manual/manual.htm
>
> The only other thing I can think of is putting some sort of product on
> every single client :(
>
> Good luck,
> Steve
>
> At 16:21 14/01/98, you wrote:
> >Hello James,
> >
> >I also have a pretty good reference in the industry
> >
> >MIMEsweeper
> >which is the content security tool for networks (V3.0 already)
> >It is a UK product developed about 5 years ago
> >
> >A lot of banks and government organizations in Europe are using this
> tool.
> >
> >Main functions :
> >- bidirectional (in/out)
> >- block virusses from web, e-mail and FTP
> >- manage junk e-mail
> >- block URL or webpages with certain words / sentences
> >- add legal disclaimers
> >- block java applets / scripts / cookies
> >
> >See the following site for more info
> >http://www.mimesweeper.integralis.com
> >
> >also available in the US (Integralis inc. in Washington)
> >
> >Regards,
> >
> >Marc Vael
> >Arthur Andersen
> >
> >At 02:57 PM 1/7/98 PST, James Lau wrote:
> >>Hello all,
> >>This may be a little bit off topic but please bare with me or
> >>points me to a right mailing list.
> >>
> >>I'm looking for a solution to filter the contents of web traffics,
> >>ftp files and email. I know this is not totally firewall related
> >>but there are a few firewall products can do that. (That's why I
> >>ask.) Unfortunately most (may be all) of them use proxy which
> >>require changes of configuration which we cannot force my users
> >>to do. Is there any solution out there which doesn't require
> >>changing of configuration? Or is the proxy the only solution?
> >>Any ideas?
> >>Thanks in advance.
> >>James
> >>______________________________________________________
> >>Get Your Private, Free Email at http://www.hotmail.com
> >
> >
>
|
|
