Steve Harman wrote:
Hi!
Could someone update me on where things are (if anywhere!) with AV or
AS provision inside pfSense please?
Gary answered on antispam.
On antivirus, there is no work currently being done. Even the commercial
options are a joke far more than most people realize. They don't scan
all traffic, they proxy a very few protocols like HTTP, SMTP, POP3 and
IMAP generally. They can't scan encrypted traffic so the encrypted
version of each of those protocols is wide open. The gateway isn't a
good place for antivirus regardless of what the marketing department of
your favorite vendor tells you about their "ultimately secure deep
packet inspection signature-less anomaly detection and blocking with
layer 7 state tracking" device (blatantly stolen from Marcus Ranum).
Plus antivirus just isn't up to par for today's fast spreading and fast
changing malware. It's not like the email viruses of years past where
they're all virtually the same and one definition knocks them all out,
these can change very very quickly since the attackers control the sites
that distribute them and they don't have to self-replicate.
If you can't trust your users not to download viruses from the Internet,
you need to prevent them from downloading any executable content, not
let them have at and hope the latest "you have a greeting card from a
worshipper!" email they click on 300 times links to a file that your AV
has a signature for already. I've checked a number of the files from
those "greeting card" messages on virustotal and jotti, and even many
hours after I received them, AV detection was horrible (10-20% at best,
and which 10-20% varied widely between different files, it's not like
one vendor is getting them and the others aren't). Just one recent,
major example.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
