From owner-freebsd-hackers Mon May 19 10:02:40 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id KAA03804 for hackers-outgoing; Mon, 19 May 1997 10:02:40 -0700 (PDT) Received: from Kitten.mcs.com (Kitten.mcs.com [192.160.127.90]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA03796 for ; Mon, 19 May 1997 10:02:36 -0700 (PDT) Received: from Jupiter.Mcs.Net (ljo@Jupiter.mcs.net [192.160.127.88]) by Kitten.mcs.com (8.8.5/8.8.2) with ESMTP id MAA20642; Mon, 19 May 1997 12:02:33 -0500 (CDT) Received: (from ljo@localhost) by Jupiter.Mcs.Net (8.8.5/8.8.2) id MAA14701; Mon, 19 May 1997 12:02:33 -0500 (CDT) From: Lars Jonas Olsson Message-Id: <199705191702.MAA14701@Jupiter.Mcs.Net> Subject: VirusWall on FreeBSD? To: hackers@freebsd.org Date: Mon, 19 May 1997 12:02:32 -0500 (CDT) Cc: ljo@mcs.net X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I've got a FreeBSD machine that provides WWW and email services for a small company (60 people is this office). I'd like to detect MSDOS/Windows viruses sent via email and WWW on this machine. The configuration for email is sendmail for sending and popper for reading. For this side I could perhaps use a modified mail.local that unpacks and runs McAffe virus scan on emails that are MIME, binhex, or uuencode encoded. It could then send a virus warning message instead of infected files if infected files are detected. For WWW access I use squid. I think squid uses a separate program for FTP'ing (most likely source of virus?). This program could use pretty much the same mechanism as mail.local described above. Perhaps theree is also some other file downloading mechanisms that should be checked. I guess it could also check for bad Java, ActiveX, etc but I don't worry to much about that right now. Is there anything like this available for FreeBSD? Any other strategies for filtering viruses? Jonas