The enharent problem with a www virus filter is SSL/HTTPS. All a virus would have to do to get past a www virus scanner is put itself on a SSL page. Then it is encryped from the webserver to the browser. That means that what ever your HTTP proxy scans might as well be random bits 'cuz the virus signatures are not going to match up.
An alternative is block downloading of .vbs .exe .com .zip files in squidguard. Or only allow the downloading of .html .txt .jpg .jpeg .gif .png .css .js .jar. Martin Craig Falconer wrote: > Theres sweet fuck-all you can do with regard to web-based email. > > I suggest you use squidguard to block all web-based email, then run your own > local mail server. I inherited a network of NT workstations and an Exchange > server, and we have to run an AV product like Nortons AV at $77 NZ per > machine annually. I disallow students permission to run any .exe except for > the approved ones (winword.exe, arcinfo.exe, etc) by using NT system > policies. I have removed about half the floppy drives from the school, so > that theres no way for local virus infections (happens more often than you'd > expect (bloody NAV doesn't even raise a dialogue box on a workstation when > an infection is found (I want to scare the b'jeesus out of the user))) > > Look at an imap server and a http front-end on apache running on a linux > box. I can't help with specifics, though mister Google should be a good > start. > > I did however tell squidguard to block "readme.eml" using an expressionlist. > > >>---------- >>From: radical[SMTP:[EMAIL PROTECTED]] >>Sent: Friday, September 28, 2001 6:31 AM >>To: [EMAIL PROTECTED] >>Subject: Anti-virus? >> >>I am usin squidGuard on our school server(internet gateway). >>Recently we have been a LOT of problems cos of viruses.. like nimbda.. >>etc. >>How can i use some anti-virus.. (like avp or mcafee or something).. with >>squidGuard? I have seen viralator, but it works with squirm. Will it work >>with squidGuard? if yes then how do i get it working? >>If it won work.. then wat can i use with squidGuard to scan incomin >>traffic for viruses.. ? >>I cant use some mail-server virus-scanner, as all users use web-based >>services like hotmail.com or yahoo.com . >> >>Please help, this is VERI urgent.. >> >>-anks >> >>
