GW1 is a linux system. thanks for the info, any other ideeas ?
On Wed, 16 Feb 2005 15:53:59 -0600, René Berber <[EMAIL PROTECTED]> wrote: > vaida bogdan wrote: > > > Hy, I use postfix+mailscanner on my mail server to block a lot of > > virii comming from my internal network. I would like to implement a > > solution to block virii traffic on the internal gateway. The network > > looks like this: > > > > WIN- > > WIN- ----GW1----- -----MAIL SERVER----- -----GW2---- > > WIN- > > > > One WIN is infected but I don't know which of the 30 computers on the > > network. I receive virused attachments on the MAIL SERVER from the > > GW1's ip. WIN are on the internal network. > > > > My first ideea would be to extract mail traffic passing through the > > gateway in mbox format and scan it with clamav. I'm looking for better > > ideeas/implementations. Also, please tell me which tool should I use > > to sniff mail on GW1 or if there is a better solution. > > Easiest thing to do: use netstat on GW1 and see who has a lot of > connections with your gateway. > > This only works if GW1 has a netstat or similar functionality. You > didn't specify what is GW1, a PC, a router, something else. Many > routers have the functionality required, sometimes as NAT or NAPT mappings. > > Hope this helps. > -- > René Berber > > _______________________________________________ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users