Jason Haar wrote:
> However, I think you'll be out of luck. The only "network virus
> scanners" I know of are big beasts - because they effectively have to
> inline translate packets back to specific protocols (such as
> SMB/CIFS), pull the data content out, then run real AV over the fully
> formed files (or at least some largish data window). How they do that
> inline and manage to drop the session (i.e. killing the virus
> download) is a bit beyond me - I guess they rely on a RSET on the
> last packet being enough to cause the entire transfer to fail?
RSET should be enough. Unless the user is really committed to infecting
themselves, and astoundingly resourceful.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
