how can a firewall box handle virus? - Firewalls

This is a discussion on how can a firewall box handle virus? - Firewalls ; On Nov 14, 9:49 pm, Leythos wrote: > In article , > v...@spamcop.net says... > > > It is kind of ridiculous how to try > > No, what's ridiculous is how you think that you control the group and ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 28 of 28

Thread: how can a firewall box handle virus?

  1. Re: how can a firewall box handle virus?

    On Nov 14, 9:49 pm, Leythos wrote:
    > In article <1195044140.235352.135...@s15g2000prm.googlegroups. com>,
    > v...@spamcop.net says...
    >
    > > It is kind of ridiculous how to try

    >
    > No, what's ridiculous is how you think that you control the group and
    > have any right to determine what is/is not OT. A question was asked, a


    So you are saying that a firewall like the sonicwall which scans for
    viruses does this by filtering out e-mail attachments by mime type?
    That's basically your contribution to this thread. And this also
    requires that you run your own e-mail server because a firewall is not
    able to filter the traffic between the server and the client? And that
    explains how it works and answers the questions in the OP?

    Well, go figure, you are wrong. It scans network traffic like any
    other virus scanner and it does not answer the questions even for the
    pop3 example part in the OP.

    But well, you wrote, "I believed that the OP mentioned POP in his
    question, I addressed that
    part." You did not address the question which was about the example
    using POP but only addressed the word "POP". Sorry. How ignorant from
    me not to see that if someone writes "POP" obviously any topic on
    "POP" is on topic even if it does not answer any of the questions
    asked. Maybe we should start to discuss pops songs of the 80s. I would
    still address the "POP" part...

    Gerald


  2. Re: how can a firewall box handle virus?

    In article <1195047351.278788.131920@t8g2000prg.googlegroups.c om>,
    vogt@spamcop.net says...
    > So you are saying


    My statement was clear and not OT. You continue to troll and believe
    that you can moderate the group - you can't.

    --

    Leythos
    - Igitur qui desiderat pacem, praeparet bellum.
    - Calling an illegal alien an "undocumented worker" is like calling a
    drug dealer an "unlicensed pharmacist"
    spam999free@rrohio.com (remove 999 for proper email address)

  3. Re: how can a firewall box handle virus?

    On Nov 14, 11:03 pm, Leythos wrote:
    > In article <1195047351.278788.131...@t8g2000prg.googlegroups.c om>,
    > v...@spamcop.net says...
    >
    > > So you are saying

    >
    > My statement was clear and not OT. You continue to troll and believe
    > that you can moderate the group - you can't.


    Just explain how the firewall works (which was the question in the
    OP)! How it scans for viruses! Once you have explained that shouldn't
    it become clear how your statement "That's why yo use your own email
    server and then block attachments by mime type - and then you block
    anything that could be malicious by file type (mime type). " is
    applicable and relevant to those questions and thus to this thread?

    Gerald


  4. Re: how can a firewall box handle virus?

    In article <1195050674.144272.198730@q5g2000prf.googlegroups.c om>,
    vogt@spamcop.net says...
    > On Nov 14, 11:03 pm, Leythos wrote:
    > > In article <1195047351.278788.131...@t8g2000prg.googlegroups.c om>,
    > > v...@spamcop.net says...
    > >
    > > > So you are saying

    > >
    > > My statement was clear and not OT. You continue to troll and believe
    > > that you can moderate the group - you can't.

    >
    > Just explain how the firewall works (which was the question in the
    > OP)! How it scans for viruses! Once you have explained that shouldn't
    > it become clear how your statement "That's why yo use your own email
    > server and then block attachments by mime type - and then you block
    > anything that could be malicious by file type (mime type). " is
    > applicable and relevant to those questions and thus to this thread?


    Based on your rude attitude and your playing a troll, I'm not answering
    anything for you. If you can't understand, well, sorry for you.

    --

    Leythos
    - Igitur qui desiderat pacem, praeparet bellum.
    - Calling an illegal alien an "undocumented worker" is like calling a
    drug dealer an "unlicensed pharmacist"
    spam999free@rrohio.com (remove 999 for proper email address)

  5. Re: how can a firewall box handle virus?

    On Nov 14, 11:03 pm, Leythos wrote:
    > In article <1195047351.278788.131...@t8g2000prg.googlegroups.c om>,
    > v...@spamcop.net says...
    >
    > > So you are saying

    >
    > My statement was clear and not OT. You continue to troll and believe
    > that you can moderate the group - you can't.


    Why do you bother so much thinking about what I might think or
    believe?

    Or statement clear. Your statement was "That's why yo use your own
    email server and then block attachments by mime type - and then you
    block anything that could be malicious by file
    type (mime type).".

    That statement does nowhere explain how a firewall works which scans
    for malware (which was the OP question). It does not explain how it
    scans and filters malware even if it is only for e-mails. You may
    configure the firewall to certain block mime types. But that has
    nothing to do with the recognition of malware in network traffic. And
    it does still not answer how the firewall does the virus scanning.

    Strange enough, you refuse again and again to answer those questions
    in the OP. Wouldn't it be easier to simply answer them clearly?
    Shouldn't the relevance of your single statement which you have made
    so far become clear then if you think that that statement was so fully
    and completely on-topic and absolutely relevant to the questions asked
    in the OP?

    But obviously, you won't answer them because it would take a lot of
    tweaking to make it fit. Or should I even believe you don't know how
    it works and you are not able to answer the questions?

    Gerald


  6. Re: how can a firewall box handle virus?

    peter wrote:

    >
    > If that is the case, the firewall may let half an email pass through, detect
    > a virus, and cut off the rest of the email?
    >
    > I guessed I wasn't clear. What I want to know is, if one of the email I'm
    > downloading via pop3 has a virus and is detected by such firewall, what does
    > it do? Delete one ethernet frame? Delete the rest of the session? Delete
    > from the start of the signature till the end of the virus (assuming its
    > virus database has length info)?
    >
    > What if the virus' signature pattern happens to cross an ethernet packet
    > boundary, would it still be detected? The firewall would have to be able to
    > remove low and higher level network headers in order to piece multiple
    > packets into one data stream to scan for virus. But if it is smart enough to
    > do this, why not store, scan, and forward attachment if no virus is found?
    >
    > Similarly, if a spyware is detected by such firewall while I'm downloading
    > an activeX control, what does it do? Delete the data until the end of the
    > activeX control data stream (assuming it can tell where the activeX ends)?


    i can't believe these guys keep going at it, meanwhile nobody answers *this* questions

    M

  7. Re: how can a firewall box handle virus?

    In article <1195053591.487084@nntpcache01.si.eunet.at>, mak@nospam.com
    says...
    > i can't believe these guys keep going at it, meanwhile nobody answers *this* questions


    And I wonder why the OP or you have not contacted ANY of the firewall
    vendors that offer UTM and asked them how their products work.

    Every single firewall vendor has a sales department and they can direct
    you to a technical source in their chain that will answer questions that
    the sales people can't answer - and it will be specific to their
    product.

    Some vendors manage those functions differently than others - you don't
    know how the product you want to use does it unless you ask the specific
    vendor.

    --

    Leythos
    - Igitur qui desiderat pacem, praeparet bellum.
    - Calling an illegal alien an "undocumented worker" is like calling a
    drug dealer an "unlicensed pharmacist"
    spam999free@rrohio.com (remove 999 for proper email address)

  8. Re: how can a firewall box handle virus?

    peter wrote:
    > "Gerald Vogt" wrote:
    >> No. It just inspects it while it is downloading just like any other
    >> antivirus software does. They start at the beginning and end at the
    >> end. You only need a small buffer for that.

    >
    > If that is the case, the firewall may let half an email pass through,
    > detect a virus, and cut off the rest of the email?
    >
    > I guessed I wasn't clear. What I want to know is, if one of the email
    > I'm downloading via pop3 has a virus and is detected by such firewall,
    > what does it do? Delete one ethernet frame? Delete the rest of the
    > session? Delete from the start of the signature till the end of the
    > virus (assuming its virus database has length info)?
    >
    > What if the virus' signature pattern happens to cross an ethernet
    > packet boundary, would it still be detected?


    Well, hopefully the firewall doesn't scan on layer 2, but layer 3 and
    above. Because layer 2 doesn't know anything about POP3, or sessions, or
    streams. Like, at all.

    > The firewall would have to be able to remove low and higher level
    > network headers in order to piece multiple packets into one data
    > stream to scan for virus. But if it is smart enough to do this, why
    > not store, scan, and forward attachment if no virus is found?
    >
    > Similarly, if a spyware is detected by such firewall while I'm
    > downloading an activeX control, what does it do? Delete the data until
    > the end of the activeX control data stream (assuming it can tell where
    > the activeX ends)?


    It all depends on how the firewall actually works. Does it inspect
    packets on layer 2? Layer 3? Layer 4+? Does it reassemble packets to
    reconstruct data streams? Does it proxy connections?

    Normally I would assume that the firewall will proxy the connection, so
    that the mail (in case of POP3) or web page (in case of HTTP) is
    downloaded by the firewall, scanned and then either discarded or
    forwarded to the user originally requesting the mail/web page.

    However, like I already said, it all depends on what the firewall
    actually does, i.e. how it was implemented by the manufacturer.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2