> first, is the firewall the right place to do this kind of checking? on
Not if it's the -only- place you check.....
> a fairly skinny host (in my case, a sparc 2 running firewall 1),
> wouldn't the overhead of virus checking impact the flow of packets?
There's always an overhead somewhere. You can minimize it and shift
it to somewhere else between the gateway and the desktop, but you
can't escape it altogether.
Generally, though, viruswalls shouldn't scan packet by packet: it's
usually more efficient to download the file, scan it, and pass it
on to the client PC if it checks out.
Have you considered FW1 vs 3? It includes a virus-scanning
module using Cheyenne technology.
> finally, is smtp checking enough? it seems inadequate.
Depending on your environment, that may more or less cover your
mail (bearing in mind the boundary cases like encrypted mail and
attachments, unreadable formats etc.) re known viruses (but
not trojan horses, necessarily). Obviously it doesn't cover you
for ftp, http etc., let alone stuff that doesn't come in via the
firewall (boot sector viruses, e.g.).
David Harley \ | / alt.comp.virus FAQ
uk \ | / & Anti-Virus Web Page
Support & Security Analyst \ | / Folk London On-Line gig-list
Imperial Cancer Research Fund ____\|/____ http://webworlds.co.uk/dharley/