Hi all
Can you tell me of some proxy servers or patches for those to check the traffic that passes through them for viruses . I have heard of something like this for squid but I wanrt to gather more opinions.

what os?
what kinda enviroment u planning to use it...
give us some input...

Infact it's a Slack 7.1 with 2.4.2 kernel I on P III with 256. I am running game servers, Apache and Mysql - but I don't think that is any help for the issue, except for that I want to get some performance too :) . I have a LAN of about 30 PCs with Wins which wil use Internet throug the Slack . So I want to do something about the viruses in the LAN.

http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=60&PID=10702965&EID=0

As far as I see this product can be used with Windows and Solaris, but I am talking here about linux. Also I am not keen fan of products starting with enterprise ;)
I came accross on two products the httpf - which has no caching and a open an OpenAntivirus patch for the squid. If anybody has used any of the above or has a better idea - opinions are welcomed :).
Cheers!

First off, when running the services you are do you have IPtables or IPchains running?

Secondly, at my work I was the main researcher for an AntiVirus Product, we went with a less well known AntiVirus, Sophos. www.sophos.com They full support as400, Unix, Linux, Linux Based SMTP mail, Novell, OS/2, DOS, Windows 9x, Windows NT4.0+, etc.. Their software is very impressive. You can purchase their software, the cd comes with a linux install. It is very easy to setup. I run Sophos AntiVirus on my Linux Firewall (to be firewall, not there yet) and my client pc's on my ethernet network.

-Hope It Helped...
Jason

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=219209#post457073) by yasho
As far as I see this product can be used with Windows and Solaris, but I am talking here about linux. Also I am not keen fan of products starting with enterprise ;)
I came accross on two products the httpf - which has no caching and a open an OpenAntivirus patch for the squid. If anybody has used any of the above or has a better idea - opinions are welcomed :).
Cheers!

It seems like you are doing quite a hard work already with your "proxy machine" and if you want to have better performance should I recomend you to put up a second machine as content scanner with AV. But if your performance is good enough try one of the solutions you mentioned and see what works best for you. I don't know any open-source content scanner but I'll look into it and see what I can find out.


Originally posted by jason-mis
we went with a less well known AntiVirus, Sophos. www.sophos.com They full support as400, Unix, Linux, Linux Based SMTP mail, Novell, OS/2, DOS, Windows 9x, Windows NT4.0+, etc.. Their software is very impressive.

I agree Sophos is a good product but I have not run it on Linux yet but I'll give it a try since I'm building a similiar solution to the one yasho are building :).

Hi all
Thanks for the ideas I saw that sophos thing :) It's looking good but I haven't seen anything in their site about making the antivirus program check the http traffic through the machine. I do not want to use the tools I found (httpf or the squid pathc of Open antivirus) because they are using java forgive my pessimism but I don't think I can get speed using this shit :). So I am thinking maybe I have to patch the squid so I will pipe the traffic throug some AV software, but guys I need something fast - I am thinking of F-Prot - nut I need some info if anybody can tell me which is the fastest thing in the business.
Cheers!