-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mar Matthias Darin wrote:
>> I realize this is probably a redicules question, but what is the >> feasibility or praticality of catching viruses through a packet scanner >> (firewall or IDS) solely at the packet level? >> For example (poor one but does illustrate the concept): >> tcpdump -n -l -X | clamscan - >> I can think of a few shortcommings: >> 1. a virus will be missed if the signature splits packets. >> 2 no realistic way of notifing the end user that a packet was infected >> and destroyed, hence was their download. >> Thank you in advance. Look at http://clamav.net/3rdparty.html#other What you describe is similar to Endian Firewall, Snort-ClamAV, Snort-inline and perhaps RedWall Firewall. - -- René Berber -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (Cygwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iEYEARECAAYFAkPcBU4ACgkQL3NNweKTRgwPXACg/FJu753iMaTYevrMWslTivPs A+MAoKCgfTV7VaUqp0xnzttMkNdYonKr =F9Fk -----END PGP SIGNATURE----- _______________________________________________ http://lurker.clamav.net/list/clamav-users.html