AW: [squid-users] Defending against new attacks from Docktor, Sebastian on 2001-09-26 (squid-users)

From: Docktor, Sebastian <SDocktor@dont-contact.us>
Date: Wed, 26 Sep 2001 18:41:55 +0200

Can anybody tell my his experience about Trend Micro Anti Virus?

        I'm useing AVP Keeper Virus Scanner. It's only scan mails and
files but
        2h after the nimda virus was posted to www.heise.de , you could
download the daily
        update from the kaspersky Homepage with included the antivirus
files for nimda.

I want to know with is the better the Trend Micro Anti Virus
Scanner or the
Kaspersky AVP Keeper ?

Sebasitan Docktor

-----Ursprüngliche Nachricht-----
Von: Emrah Tuerker [mailto:emtue@web.de]
Gesendet am: Mittwoch, 26. September 2001 15:45
An: Brian M Dial; squid-users@squid-cache.org
Betreff: Re: [squid-users] Defending against new attacks

hi,
we had the same problem here und after a long brainstorm we decided to
use a gateway antivirus
scanner in order to scan the whole HTTP, FTP (and SMTP) traffic.
It looks like:

Client -> Squid -> Antivirusscanner -> Webserver

so ALL the traffic is scanned and theres no problem with Virusses,
malicious ActiveX or JAVA applets.
So maybe thats an idea ? only thing is that a good gateway
antivirusscanner will cost you lots of $$$.
Ahh, well our Antivirusgateway ist Trend Viruswall
(www.trendmicro.com).....give it a try :-)

greets
Emrah Tuerker

At 25.09.01 14:33:00, you wrote:
>With the nimda virus semi-behind now, I'm looking at a way of
protecting
>from something like this in the future. The only thought I've had so
>far is a way of filtering out executables from being downloaded from
the
>web.
>
>I've looked at some threads similar to this in the logs but I have some

>questions. Is there any better way then using a url pattern match to
>handle this? I know I can use url_regex \.eml or \.exe or any
>executable but is this the right way to be doing it? I've noticed that

>since I used it to filter .exe, I've had a few problem with people
>browsing sites that use .exe for their cgi extension and squid will
deny
>the client even though it's not trying to download it.
>
>Is using url_regex based acl's really the best way to be doing this?
>
>Thanks for any input,
>
>-Brian
>
>--
>Brian M Dial
>UNIX Systems Administrator
>Rummel, Klepper & Kahl, LLP
>Phone: 410.728.2900 x1329
>Cell: 410.598.0742
>http://www.rkkengineers.com
>
>
Received on Wed Sep 26 2001 - 10:50:47 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:30 MST