On Nov 12, 2004, at 12:48 PM, [EMAIL PROTECTED] wrote:
In a message dated 11/12/04 9:38:59 AM Eastern Standard Time, [EMAIL PROTECTED] writes:
> I'm trying to investigate some potential solutions to escape from
> different microsoft specific malware (like gator's software).
> The two mentioned in subject were found after some Google search.
> Wonder what are you guys using for this sort of problems.
> Thanks.
>Squid can be used if you redirect all web traffic through the squid
>proxy; we have used squid with SquidGuard to block access to some
>gator-esque sites. If they get infected, they at least can't phone
>home and we can see what IP's are trying to phone home so we can clean
>them up if it's a problem.
The issue with proxies is that they are a drag on your network; using
squid as a firewall only isnt very smart. If you are already using it
fine. But on a large network you are better off using a firewall or some
sort of bandwidth management like the stuff on etinc.com.
I thought his issue was more on finding internal systems having problems and blocking the specific sites from getting hit.
The proxy should speed up access if the same sites are being hit, as well as provide a simple log file to grep through for hits to specific sites. In US public schools, you're required to proxy things now (filter websites), and you're right, it should not be used as a firewall; it would only affect web traffic. Most of the spyware gunk generates that kind of traffic, though, and known sites can be easily blocked by adding the domain to SquidGuard's list.
This only affects web malware, of course. For viruses, he'd be well off to use a virus scanner at the head to act as a pre-mail filter on incoming mail. We use a system that runs clamav and scans all incoming mail, preventing users from getting the "click me!" type viruses in the first place before it touches our internal mail server.
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
