From owner-freebsd-questions@FreeBSD.ORG Tue Aug 25 15:42:31 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 695F2106568D for ; Tue, 25 Aug 2009 15:42:31 +0000 (UTC) (envelope-from eagletree@hughes.net) Received: from smtprelay.b.hostedemail.com (smtprelay0014.b.hostedemail.com [64.98.42.14]) by mx1.freebsd.org (Postfix) with ESMTP id 07F168FC15 for ; Tue, 25 Aug 2009 15:42:30 +0000 (UTC) Received: from filter.hostedemail.com (b-bigip1 [10.5.19.254]) by smtprelay02.b.hostedemail.com (Postfix) with SMTP id D3EA2BAE5A6 for ; Tue, 25 Aug 2009 15:42:29 +0000 (UTC) X-Spam-Summary: 2, 0, 0, 5bedda6936c1bba8, 944facfeb153b4f0, eagletree@hughes.net, freebsd-questions@freebsd.org, RULES_HIT:152:355:379:541:543:564:599:601:945:966:967:973:980:988:989:1260:1261:1277:1311:1313:1314:1345:1359:1437:1513:1515:1516:1518:1521:1534:1542:1593:1594:1676:1711:1730:1747:1766:1792:2196:2199:2376:2378:2393:2525:2553:2559:2563:2682:2685:2827:2857:2859:2892:2913:2933:2937:2939:2942:2945:2947:2951:2954:3022:3027:3354:3743:3865:3866:3867:3868:3869:3870:3871:3872:3873:3874:3876:3877:3934:3936:3938:3941:3944:3947:3950:3953:3956:3959:4250:4385:4860:5007:6114:6248:7652:7679:7903:8501:9010:9025:9038:9388, 0, RBL:none, CacheIP:none, Bayesian:0.5, 0.5, 0.5, Netcheck:none, DomainCache:0, MSF:not bulk, SPF:, MSBL:none, DNSBL:none X-Session-Marker: 6561676C6574726565406875676865732E6E6574 X-Filterd-Recvd-Size: 3211 Received: from [192.168.0.3] (dpc6682103093.direcpc.com [66.82.103.93]) (Authenticated sender: eagletree@hughes.net) by omf12.b.hostedemail.com (Postfix) with ESMTP for ; Tue, 25 Aug 2009 15:42:25 +0000 (UTC) Message-Id: <2D97D25F-E7BF-47C3-AB1A-AAF424C68993@hughes.net> From: Chris To: FreeBSD-Questions Questions In-Reply-To: <93C9B58D98FD4F82B3174902B2BCA140@desktop2002> Content-Type: text/plain; charset=UTF-8; format=flowed; delsp=yes Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Apple Message framework v936) X-Priority: 3 Date: Tue, 25 Aug 2009 08:42:11 -0700 References: <93C9B58D98FD4F82B3174902B2BCA140@desktop2002> X-Mailer: Apple Mail (2.936) Subject: Re: antivirus gateway X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Aug 2009 15:42:31 -0000 On Aug 23, 2009, at 1:47 PM, Yavuz Ma=C5=9Flak wrote: > Hello > > I wish to use freebsd7.2 as an antivirus gateway. > > is there any document about that? > Could you give an advice ? > snort_inline with if_bridge provides a bit of this functionality. You drop all incoming off at a socket which you have snort listening on. It's then logged and reinserted if it passes the rules that snort.org provides. You can decide if you want to drop the traffic or not, by default it's just logged. I don't use it to catch viruses so I don't watch how effective it is. For me it's a filtering mechanism to match custom rules. There is a document that can be googled on the net concerning this. It shows most of the config but says you can't use it with if_bridge which you can. I don't have a 7.2 instance but it works well on 7.0. Even with horrendous amounts of traffic it seems to remain reliable. =46rom memory (may be inaccurate), if you want to filter bi-directionally, you have to run two instances on different sockets with two different IPFW rules, one for each interface. I only have experience using this with IPFW. > Thanks > Bu elektronik posta ve varsa ekleri tamamen gizli ve g=C3=B6nderilen =20= > ki=C5=9Filer listesine =C3=B6zeldir. E=C4=9Fer ad=C4=B1n=C4=B1z = g=C3=B6nderilen ki=C5=9Filer =20 > listesinde yer alm=C4=B1yorsa, l=C3=BCtfen derhal g=C3=B6nderen = ki=C5=9Fiyi =20 > bilgilendiriniz ve i=C3=A7eri=C4=9Fini herhangi ba=C5=9Fka bir ki=C5=9Fi= ye =20 > iletmeyiniz, herhangi bir ama=C3=A7 i=C3=A7in kullanmay=C4=B1n=C4=B1z, = say=C4=B1sal ve =20 > bas=C4=B1l=C4=B1 ortamlar dahil olmak =C3=BCzere saklamay=C4=B1n=C4=B1z = ve =20 > kopyalamay=C4=B1n=C4=B1z. > > > This e-mail and attachments, if any, may contain confidential and/or =20= > proprietary information. Please be advised that the unauthorized use =20= > or disclosure of the information is strictly prohibited. If you are =20= > not the intended recipient, please notify the sender immediately by =20= > reply e-mail and delete all copies of this message and attachments. =20= > Thank you. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org=20 > " >