Look at http://clamav.net/3rdparty.html#otherWhat you describe is similar to Endian Firewall, Snort-ClamAV, Snort-inline and perhaps RedWall Firewall.
I have looked at them and their source code before. These do not answer the questions of feasibility and practicality of a packet level virus scanner. My interest is not weather it can be done... but rather weather the time and technical merit in doing so will produce an acceptable catch catch percentile. If this methodology catches 80% of viruses, then it is indeed worth the investment, if it catches only 20%, is the approach still worth the time and resources to develop, refine, and maintain it. A good example of this is the U.S. gov't spend $8 million a year to study cow burps and $13 million to research fly farts.... WHY? Where is the practicality of this and to what ends will this "research" be used other then simply to waste money? It is this line of thinking that I am interested in, is virus scanning single packets worth the cost of production..... Not weather it can be done or rude and inconsiderate comments from individuals that obviously missed the intent of the question. Thank you in advance.
pgphkFr1lblS0.pgp
Description: PGP signature
_______________________________________________ http://lurker.clamav.net/list/clamav-users.html
