vaida bogdan wrote:
Hy, I use postfix+mailscanner on my mail server to block a lot of virii comming from my internal network. I would like to implement a solution to block virii traffic on the internal gateway. The network looks like this:
WIN- WIN- ----GW1----- -----MAIL SERVER----- -----GW2---- WIN-
One WIN is infected but I don't know which of the 30 computers on the network. I receive virused attachments on the MAIL SERVER from the GW1's ip. WIN are on the internal network.
My first ideea would be to extract mail traffic passing through the gateway in mbox format and scan it with clamav. I'm looking for better ideeas/implementations. Also, please tell me which tool should I use to sniff mail on GW1 or if there is a better solution.
Easiest thing to do: use netstat on GW1 and see who has a lot of connections with your gateway.
This only works if GW1 has a netstat or similar functionality. You didn't specify what is GW1, a PC, a router, something else. Many routers have the functionality required, sometimes as NAT or NAPT mappings.
Hope this helps. -- René Berber
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
