On Thu, Dec 10, 2020 at 09:08 Snakebite <[email protected]> wrote: > Hi all, > is there a recommended or even included way to have all files transferred > back and forth through the virtual drive inspected by an AV engine? > > In the setup I consider, people would use mostly RDP from GC to the remote > system. >
I don't know of a way off the top of my head to do this on the system running guacd. I can't remember exactly, but I don't think that the drive redirection mechanism on Guacamole drops the file temporarily anywhere - it just facilitates the connection of the channel between the browser and the RDP server. So, you'd really have to run the AV software on the remote server. It might be possible at some point in the future to put good into guacd that would allow the data to be inspected by AV software (or even DLP), but I would imagine that implementing that is non-trivial, and also likely depends heavily on the AV software in use and how it functions in order to actually implement it. I'm not sure how feasible it would be to create a generic interface for that. > If there is nothing at present, would it work e.g. to terminate TLS at a > load balancer and expect network / firewall solutions to pick up and > inspect > the files? Any experiences with such a setup? > Yes, you could certainly do this. I think the biggest thing you'd have to deal with in this scenario is making sure the proper certificate trust is in place so that the firewall can inspect the data. I've not personally implemented this type of deep packet inspection, but I've worked at places that do it. -Nick
