Protocol Six Consulting wrote: > Hi, > > I was wondering if anyone here knows how to integrate the PF firewall > with ClamAV. > > I am planning on putting into production an OpenBSD firewall and would > like to do virus scanning at the network perimeter. > I am definitely interested in scanning email traffic, but also possibly > Web and IRC (and any other traffic types that makes sense) for a group > of 25 people.
For email, I used to run Postfix on my firewall. Postfix would scan the mail using amavisd-new (which scanned the mail with SpamAssassin and ClamAV) and would pass the clean mail to our internal Exchange server. Here is a good guide on how to configure this sort of relay. http://flakshack.com/anti-spam/wiki/index.php > Unfortunately I've not seen any real discussion or howtos for this type > of integration. > I've also looked in the PF FAQ pages and in the archives of Openbsd-misc > or Openbsd-PF. > Finally, the BookOfPF (which I like a lot!!) doesn't seem to touch on > this topic either. > > I suspect my mental picture of how PF and ClamAV work together may be > flawed or incomplete. > I guess I'm assuming there is a way to have PF pass information directly > to ClamAV, but perhaps some middle-ware glue is necessary. You would need some sort of proxy to reassemble the files to scan with ClamAV. PF can transparently pass traffic to squid, which I believe can use ClamAV for scanning. I found this email on to configure PF to pass the traffic to squid. http://marc.info/?l=squid-users&m=120938897115089&w=2 Tim Donahue
