Eric Scopinho wrote:
But if I do that, some side effects could happen like:
- I'll need free space to store the file.
- The infected packets may get in while I store the next packets to scan.
- I have to download the whole file before send it to the end-user.
I'm trying to develop some sort of firewall+anti-virus using an embedded
Linux with solid-state board, so space would be a problem.
I saw one solution like that from Sonicwall's guys, but I don't know how
they do that. I've hearded that Fortinet has it's own network-based
anti-virus solution too (as an appliance).
I was wondering how this guys handle the "zip" problem, since their
hardware just have 128 of RAM and 16 of ROM. :-(
I have a sonicwall pro 4060 which indeed does malware detection. I was
curious how it could do this considering the data is passing through
packet by packet. According to sonicwall, they have signatures
developed which match viruses and malware on a packet level. Now this
doesnt really make any sense to me because if a virus spans 20 packets
or so, how can the device know this? Maybe the sonicwall tech support
guy was talking out his ass..i dunno. But yes, there are devices that
do this sort of thing. They cost $3,000+ though and i have no idea how
they work.
-Jim
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
