Firewalls: Re: Virus Scan on the FW

Firewalls
(January 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Virus Scan on the FW
From:	Ewout Meij <BSD02 . EMEIJ @ anaf01 . amsterdam . nl>
Date:	Tue, 28 Jan 1997 12:02:50 +0100
To:	firewalls @ GreatCircle . com
Reply-to:	BSD02 . EMEIJ @ anaf01 . amsterdam . nl

Dave said:

>> ftp/smtp/http traffic for viruses, and passes all scanned traffic on.  It is 
>> "transparent" - there are no interactions directly with the WebShield - and 
>> "cannot be bypassed" - all traffic must go through the WebShield machine.
>
>Hmmm, what if I use PGP to encrypt a program to you?  The very nature of
>PGP ensures that the message should only be decrypted by you.  How can any
>virus checker cope with this?  Deny the mail?  

this is why virus scanning 'en route' is nice, no more no less, it is
the scanning at the point of arrival that REALLY matters, where else 
would the damage be done?

So scan all you like, you'll never find PGP encrypted virii, source code
virii and the like, only then when 'ready, willing & able' you have a 
real change.

And then: 'Security policies should be consistent' on ALL points of
access

cheers, ewout

Indexed By Date	Previous:	Re: 3Com NETBuilder From: blymn @ awadi . com . au (Brett Lymn)
Indexed By Date	Next:	Re: Virus Scan.... From: harley @ icrf . icnet . uk
Indexed By Thread	Previous:	Re: Internet Agent attacks? From: osiris @ pacificnet . net
Indexed By Thread	Next:	Mobile IP and anti-spoofing From: "Ge' Weijers" <ge @ progressive-systems . com>