Date: Fri, 12 Nov 2004 13:22:20 -0500 From: Bart Silverstrim <bsilver@chrononomicon.com> To: TM4526@aol.com Cc: questions@freebsd.org Subject: Re: Squid+Privoxy or Snort? Message-ID: <CA60166A-34D7-11D9-A4E4-000D9338770A@chrononomicon.com> In-Reply-To: <ff.65de15a.2ec6516f@aol.com>
index | next in thread | previous in thread | raw e-mail
On Nov 12, 2004, at 12:48 PM, TM4526@aol.com wrote: > In a message dated 11/12/04 9:38:59 AM Eastern Standard Time, > bsilver@chrononomicon.com writes: > > I'm trying to investigate some potential solutions to escape from > > different microsoft specific malware (like gator's software). > > The two mentioned in subject were found after some Google search. > > Wonder what are you guys using for this sort of problems. > > Thanks. > > >Squid can be used if you redirect all web traffic through the squid > >proxy; we have used squid with SquidGuard to block access to some > >gator-esque sites. If they get infected, they at least can't phone > >home and we can see what IP's are trying to phone home so we can > clean > >them up if it's a problem. > > The issue with proxies is that they are a drag on your network; using > squid as a firewall only isnt very smart. If you are already using it > fine. But on a large network you are better off using a firewall or > some > sort of bandwidth management like the stuff on etinc.com. I thought his issue was more on finding internal systems having problems and blocking the specific sites from getting hit. The proxy should speed up access if the same sites are being hit, as well as provide a simple log file to grep through for hits to specific sites. In US public schools, you're required to proxy things now (filter websites), and you're right, it should not be used as a firewall; it would only affect web traffic. Most of the spyware gunk generates that kind of traffic, though, and known sites can be easily blocked by adding the domain to SquidGuard's list. This only affects web malware, of course. For viruses, he'd be well off to use a virus scanner at the head to act as a pre-mail filter on incoming mail. We use a system that runs clamav and scans all incoming mail, preventing users from getting the "click me!" type viruses in the first place before it touches our internal mail server.help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA60166A-34D7-11D9-A4E4-000D9338770A>