Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: http/ftp virus scanner

  1. #1
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325

    http/ftp virus scanner

    source

    Trend Micro Offers HTTP Virus-Scanning Tool

    September 8, 2003
    By Dennis Fisher

    Trend Micro Inc. on Monday announced a new gateway anti-virus product designed specifically to stop viruses coming in through Web traffic. InterScan Web Security Suite inspects HTTP and FTP traffic and is meant for the high-end enterprise market, where speed and performance are major considerations.
    The new offering from Trend Micro is aimed at eliminating the threat posed by Web-based e-mail services. Many corporations have banned employee use of such services because there's no real way to control what information is sent out of the corporate environment, nor what types of viruses, Trojans or other malware are coming in. Free Web mail services are favorite targets of spammers, who often lace their messages with spyware or other undesirable software.

    Typical anti-virus gateways inspect and clean mail messages coming in over the SMTP protocol, which is used by most of the major enterprise mail solutions. Desktop anti-virus is also focused on SMTP traffic, and most AV clients have no ability to inspect e-mails that corporate employees send using services such as Hotmail and Yahoo Mail, which are both Web-based and use HTTP.

    One of the only other security vendors to offer an HTTP virus-scanning solution is Blue Coat Systems Inc., which uses Trend Micro's software in its Proxy SG appliances.

    InterScan Web Security Suite also integrates with the other components of Trend's Enterprise Protection Strategy. The new offering is only available on Windows and Solaris right now, although officials at Trend, based in Cupertino, Calif., said a Linux version would be ready in late 2004. Pricing for the Windows and Solaris versions starts at $16 per user.

    Also on Monday, Trend released a new version of its Spam Prevention Service, which now includes more customization options and an updated white-list feature.
    How is this different from how current active vius scanners? It rejects/catches the virus in transit, rather than inspecting it after it has reached the HD? What are the benefits of this? I know my virus scanners check my temporary internet files and have caught viruses after they were downloaded to the cache and then quarantined it.

    Would this really be a worth while product?

  2. #2
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,021
    It looks like it will be exploiting peoples paranioa - I can imagine the sell-o-babble:

    "Conventional scanners detect the virus only after it has been downloaded onto a hard drive, where new vunerabilities can be exploited to run the virus before the scanner can remove it. New Improved Interscum comes complete with the 'whiter than white' (tm) and 'best ever brilliance' (tm) in transit data scanner ...."

    I've really got to lay off the coffee before I find myself appling for a job with the marketroids.

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    All realtime virus engines work off of this basic model:

    Hook traffic and examine data before it is loaded into memory or written to disk. I can't see how they would approach it differently.

    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391

    A JOKE IS IN ORDER

    IN THE KNOW
    ----------------------
    During a trial taking place in a small town, a prosecuting attorney calls his first witness, an elderly woman, to the stand.
    "Mrs Jones, do you know me?" is his first question.
    She responds, "Why, yes, i do know you, Mr Williams. I've known you since you were a young boy and frankly, you've been a big dissapointment to me. You Lie, you cheat on your wife, you manipulate people talk about them behind there backs. You think you're a big shot when you haven't got the brains to realise you will never amount to anything more than a two-bit paper pusher.
    Yes I Know You."
    The Lawyer is stunned. Not knowing what else to do, he points across the room and asks, "Mrs Jones, do you know the defence attorney?"
    She again replies, "Why, yes, i do.
    I've known Mr Bradley since he was a youngster, too. He's lazy, bigoted, and he has a drinking problem. He can't build a normal relationship with anyone and his law practice is one of the worst in the entire State. Not to mention that he cheated on his wife with three different women. Yes, I know him."
    The defence attorney almost dies of embarrassment!
    At this point, the judge brings the courtroom to silence, calls both counsellors to the bench, and, in a very quiet voice, says, "If either of you bastards asks her if she knows me, you'll be jailed for contempt!"
    ---------------------------------------------
    Posted on my website-------------
    cheers all sorry i couldn't find the right section to post this so i hope that no-one minds
    --------------------------

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    i like things just the way they are now. there's nothing but a security threat in allowing users ftp access or even http downloads of exes and certain other files. so basically this great new feature they speak of is like **** on a boar
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    t34b4g5: How in the hell does your post have to do with http/ftp virus scanners?!

    Hook traffic and examine data before it is loaded into memory or written to disk. I can't see how they would approach it differently.
    It rejects/catches the virus in transit, rather than inspecting it after it has reached the HD?
    Thats what I figured. I just wanted someone to confirm it. It would still have to be loaded to memory though... as I don't see any way that it can be inspected without being in memory. It'd just have to run in a protected memory area that is controlled by the virus scanner. Unless you had this loaded on your proxy/gateway. Then it'd never get past the gateway and the users connection would be terminated. Even so, it'd still have to be loaded to memory on some box for inspection. (I think*)

    I could see this useful for something like streaming media that is modified to exploit a vulnerabilty in a media player to execute code on a victims pc.

    Example: Winamp 2.91 lets code execution through MIDI files

  7. #7
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    t34b4g5, your post belongs in the "Tech Humor" section, easily seen in the discussion boards section of the site.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  8. #8
    Senior Member
    Join Date
    May 2003
    Posts
    472
    well just after reading the title of the post i thought something different than what i have got....
    as for this is concerned...i think it will make a difference....

    If you are able to identify that the incoming data is a virus...then the best part is reject the stream....but still there are some issues....
    1. For how amny viruses it is possible to detect them just by partial contents that u have recieved...
    2. Who doesnt know of false alarms...it is possible that i may have to reject a genuine stream just becoz the scaner thinks its a virus....and the partial contents will give rise to more flase triggers.....
    3. Anybody talked abt its effect on the net connection speed...though it may not matter in western/european countries...speed/bandwidth is still a big issue in asia...
    4.How abt the viruses that use other network streams except HTTP/FTP ie network shares, M$BLASTER,Nachi etc.
    5. If a virus is able to defeat this machanism of protection...i think the level of danger to which i would be exposed wud be greater.....

    Now abt the thought that struck me after reading the title of the post...does there exists any antivirus/scanner package that can be installed like a website...and can scan the systems from the site itself...something like the free online scanners....i want to install it on local LAN...that wud help...becoz if a person is infected...installing the AV after infection on the infected system is not a good idea et all.....or if the AV was already there then it had been compromised already by the virus.......under these circumstances....the local online virus scanner would be a great idea...

    What u think guys...and if anyone is aware of any such package pls do tell me.
    guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;

  9. #9
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Now abt the thought that struck me after reading the title of the post...does there exists any antivirus/scanner package that can be installed like a website...and can scan the systems from the site itself...something like the free online scanners....i want to install it on local LAN...that wud help...becoz if a person is infected...installing the AV after infection on the infected system is not a good idea et all.....or if the AV was already there then it had been compromised already by the virus.......under these circumstances....the local online virus scanner would be a great idea...

    What u think guys...and if anyone is aware of any such package pls do tell me.
    You can always take a machine that you are sure is not infected. Then map drives and do a remote scan. You can do that with most virus scanners. (I think*)

    As that is the way I used to scan my linux box. NAV would pick up linux viruses as well, so it was just easier to map to the root drive, full scan it and then disable that share after I was complete.

    If you are using a product like NAV corp server it pushes out the updates to all the clients, so you really don't have to worry about viruses. You just keep an eye on the logs and make sure all the clients are recieving updates. I have been saved time and time again from people bringing in floppies from their home PC when they were working at home.

    Though a product like trend micro would be very cool for an inhouse server. Possibly more of a pain then the NAV corp server would be... but it'd be good for a backup. Just in case.

  10. #10
    Senior Member
    Join Date
    May 2003
    Posts
    472
    phishphreek80 that this there for sure.....
    but for 98 sharing every drive on the LAN...would not always be a gud idea...and moreover for removing the viruses...u need to give write access also....
    guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •