antivirus gateway

Chris eagletree at hughes.net
Tue Aug 25 15:42:31 UTC 2009


On Aug 23, 2009, at 1:47 PM, Yavuz Maşlak wrote:

> Hello
>
> I wish to use freebsd7.2 as an antivirus gateway.
>
> is there any document about that?
> Could you give an advice ?
>

snort_inline with if_bridge provides a bit of this functionality.
You drop all incoming off at a socket which you have snort
listening on. It's then logged and reinserted if it passes the
rules that snort.org provides. You can decide if you want
to drop the traffic or not, by default it's just logged. I don't
use it to catch viruses so I don't watch how effective it is.
For me it's a filtering mechanism to match custom rules.

There is a document that can be googled on the net
concerning this. It shows most of the config but says you
can't use it with if_bridge which you can. I don't have a 7.2
instance but it works well on 7.0. Even with horrendous
amounts of traffic it seems to remain reliable.

 From memory (may be inaccurate), if you want to filter
bi-directionally, you have to run two instances on different
sockets with two different IPFW rules, one for each interface.

I only have experience using this with IPFW.

> Thanks
> Bu elektronik posta ve varsa ekleri tamamen gizli ve gönderilen  
> kişiler listesine özeldir. Eğer adınız gönderilen kişiler  
> listesinde yer almıyorsa, lütfen derhal gönderen kişiyi  
> bilgilendiriniz ve içeriğini herhangi başka bir kişiye  
> iletmeyiniz, herhangi bir amaç için kullanmayınız, sayısal ve  
> basılı ortamlar dahil olmak üzere saklamayınız ve  
> kopyalamayınız.
>
>
> This e-mail and attachments, if any, may contain confidential and/or  
> proprietary information. Please be advised that the unauthorized use  
> or disclosure of the information is strictly prohibited. If you are  
> not the intended recipient, please notify the sender immediately by  
> reply e-mail and delete all copies of this message and attachments.  
> Thank you.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org 
> "
>



More information about the freebsd-questions mailing list