Date: Tue, 25 Aug 2009 08:42:11 -0700 From: Chris <eagletree@hughes.net> To: FreeBSD-Questions Questions <freebsd-questions@freebsd.org> Subject: Re: antivirus gateway Message-ID: <2D97D25F-E7BF-47C3-AB1A-AAF424C68993@hughes.net> In-Reply-To: <93C9B58D98FD4F82B3174902B2BCA140@desktop2002> References: <93C9B58D98FD4F82B3174902B2BCA140@desktop2002>
next in thread | previous in thread | raw e-mail | index | archive | help
On Aug 23, 2009, at 1:47 PM, Yavuz Ma=C5=9Flak wrote: > Hello > > I wish to use freebsd7.2 as an antivirus gateway. > > is there any document about that? > Could you give an advice ? > snort_inline with if_bridge provides a bit of this functionality. You drop all incoming off at a socket which you have snort listening on. It's then logged and reinserted if it passes the rules that snort.org provides. You can decide if you want to drop the traffic or not, by default it's just logged. I don't use it to catch viruses so I don't watch how effective it is. For me it's a filtering mechanism to match custom rules. There is a document that can be googled on the net concerning this. It shows most of the config but says you can't use it with if_bridge which you can. I don't have a 7.2 instance but it works well on 7.0. Even with horrendous amounts of traffic it seems to remain reliable. =46rom memory (may be inaccurate), if you want to filter bi-directionally, you have to run two instances on different sockets with two different IPFW rules, one for each interface. I only have experience using this with IPFW. > Thanks > Bu elektronik posta ve varsa ekleri tamamen gizli ve g=C3=B6nderilen =20= > ki=C5=9Filer listesine =C3=B6zeldir. E=C4=9Fer ad=C4=B1n=C4=B1z = g=C3=B6nderilen ki=C5=9Filer =20 > listesinde yer alm=C4=B1yorsa, l=C3=BCtfen derhal g=C3=B6nderen = ki=C5=9Fiyi =20 > bilgilendiriniz ve i=C3=A7eri=C4=9Fini herhangi ba=C5=9Fka bir ki=C5=9Fi= ye =20 > iletmeyiniz, herhangi bir ama=C3=A7 i=C3=A7in kullanmay=C4=B1n=C4=B1z, = say=C4=B1sal ve =20 > bas=C4=B1l=C4=B1 ortamlar dahil olmak =C3=BCzere saklamay=C4=B1n=C4=B1z = ve =20 > kopyalamay=C4=B1n=C4=B1z. > > > This e-mail and attachments, if any, may contain confidential and/or =20= > proprietary information. Please be advised that the unauthorized use =20= > or disclosure of the information is strictly prohibited. If you are =20= > not the intended recipient, please notify the sender immediately by =20= > reply e-mail and delete all copies of this message and attachments. =20= > Thank you. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org=20 > " >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2D97D25F-E7BF-47C3-AB1A-AAF424C68993>