Virus scanner for linux router

We've recently installed a linux box as a router for a small business
customer.

They have an ADSL modem which has the firewall, so the linux box is just
performing a routing function.

We've been searching for a very simple concept - a virus scanner that we can
install on the linux box which will scan connections that go through it.

Such a solution means not having to install a separate virus scanner on each
Windows PC.

Our search has been in vain - no such product seems to exist!

Does anyone know of a product that achieves this (obvious) aim?

tia,
RR

On Sun, 11 Jul 2004 06:21:06 GMT
"RR" <(E-Mail Removed)> wrote:

> We've recently installed a linux box as a router for a small business
> customer.
>
> They have an ADSL modem which has the firewall, so the linux box is just
> performing a routing function.
>
> We've been searching for a very simple concept - a virus scanner that we can
> install on the linux box which will scan connections that go through it.
>
> Such a solution means not having to install a separate virus scanner on each
> Windows PC.
>
> Our search has been in vain - no such product seems to exist!
>
> Does anyone know of a product that achieves this (obvious) aim?

Actually, there is nothing I know that works the way you want. You
will have to install proxyy-servers on your router for every service
you want to filter. Say like Squid for Webaccess and a mailforwarder
for EMail. There you can scan the Mails and Contents with any
Virus-Filter you like. But you cannot filter the pure IP-Packets.

Greets
Chris

RR <(E-Mail Removed)> wrote:
> We've recently installed a linux box as a router for a small business
> customer.
>
> They have an ADSL modem which has the firewall, so the linux box is just
> performing a routing function.
>
> We've been searching for a very simple concept - a virus scanner that we can
> install on the linux box which will scan connections that go through it.

A typical virus scanner is designed to scan files and running processes,
neither of which exist in a readily scannable form on the network.

What you probably should look at, though, is an intrusion detection system,
such as snort (http://www.snort.org/). It monitors network traffic for matches
against a database of signatures of known "bad" traffic. The database is a
simple collection of text rules matching known behavior of both hacking
attempts and virus traffic, where you can either write your own rules if you're
ambitious, or simply download new rules as they come out.

--
Frank Sweetser fs at wpi.edu
WPI Network Engineer
GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC

I had been using amavis for quite long, you might try that from
http://www.amavis.org/.

--
raqueeb hassan
kinshasa, drc

On 17 Jul 2004 10:54:20 -0700, (E-Mail Removed) (Raqueeb Hassan)
wrote:

>I had been using amavis for quite long, you might try that from
>http://www.amavis.org/.

Amavis isn't a virus scanner, although you can use amavis to call a
virus scanner. I have amavis calling spamassassin, f-Prot and clam
(the latter 2 are virus scanners).

Mike-

--
If you're not confused, you're not trying hard enough.
--
Please note - Due to the intense volume of spam, we have installed
site-wide spam filters at catherders.com. If email from you bounces,
try non-HTML, non-encoded, non-attachments,

You are right. Well, it's like how you see the thing, it also depend
on your perspective and who you ask. I just tried to point him with
the link to see little further.

Thanks for the pointer.

--
raqueeb hassan
kinshasa, drc