Rob MacGregor wrote:
On 1/30/06, Rajkumar S <[EMAIL PROTECTED]> wrote:
Just wondering how far a signature can go? Does the scanner needs to go back
and forth in
a file for scanning or can it scan a stream as it passes by? How far does it
needs to go
if it has to go backwards? What about zip
Mar Matthias Darin wrote:
Hello,
Rajkumar S writes:
How short can this buffer go? Does this file needs to be seekable?
Ideally, I would say 16K would be as small as you want to go. If the
buffer is to small, the transfer speed will suffer.
That's a nice number. I am pretty encouraged by th
Rob MacGregor wrote:
On 1/30/06, Rajkumar S <[EMAIL PROTECTED]> wrote:
The idea is to have a small packet queue where last n packets are
stored, scanned and then transmitted in a cyclic fashion. ie first
n-1 packets will just gets queued, when the nth packet arrives, the
queue is scanned, and 1s
Hello,
Rajkumar S writes:
Mar Matthias Darin wrote:
I have done some research on this already... If you store the file in a
disk buffer (say max 100K at a shot using tmpfs for speed), then scan the
buffer, it does indeed work.
How short can this buffer go? Does this file needs to be seeka
On 1/30/06, Rajkumar S <[EMAIL PROTECTED]> wrote:
> Just wondering how far a signature can go? Does the scanner needs to go back
> and forth in
> a file for scanning or can it scan a stream as it passes by? How far does it
> needs to go
> if it has to go backwards? What about zip files? Do they
On Monday 30 January 2006 02:10, Rajkumar S wrote:
> > Where your problem is going to occur, as with havp, is in notifing the
> > user that their file was trashed unless the P2P software incorporates
> > the antivirus scanning inline with the downloading. In such a manner,
> > the P2P can notify t
Mar Matthias Darin wrote:
I have done some research on this already... If you store the file in a
disk buffer (say max 100K at a shot using tmpfs for speed), then scan
the buffer, it does indeed work.
How short can this buffer go? Does this file needs to be seekable?
Where your problem is go
Hello,
Rajkumar S writes:
Rob MacGregor wrote:
1) You'd need to decode the packet contents on the fly
2) Anything running over 1 packet would never be spotted
Just wondering how far a signature can go? Does the scanner needs to go
back and forth in a file for scanning or can it scan a st
Rob MacGregor wrote:
1) You'd need to decode the packet contents on the fly
2) Anything running over 1 packet would never be spotted
Just wondering how far a signature can go? Does the scanner needs to go back and forth in
a file for scanning or can it scan a stream as it passes by? How far
On 1/29/06, Mar Matthias Darin <[EMAIL PROTECTED]> wrote:
>
> If this methodology catches 80% of viruses, then it is indeed worth the
> investment, if it catches only 20%, is the approach still worth the time and
> resources to develop, refine, and maintain it.
At the proxy level it should work re
Hello,
Look at http://clamav.net/3rdparty.html#other
What you describe is similar to Endian Firewall, Snort-ClamAV, Snort-inline and
perhaps RedWall Firewall.
I have looked at them and their source code before. These do not answer the
questions of feasibility and practicality of a packet l
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mar Matthias Darin wrote:
>> I realize this is probably a redicules question, but what is the
>> feasibility or praticality of catching viruses through a packet scanner
>> (firewall or IDS) solely at the packet level?
>> For example (poor one but does
12 matches
Mail list logo
