how can a firewall box handle virus?

Some new firewall boxes advertised DPI and virus protection (e.g. sonicwall
tz180). Sounds attractive. But how does it work?

Let's say I'm downloading a pop3 email. Does the firewall stores the entire
email and attachment, scan it for virus, then forward it on if it's clean?
And if the attachment has a virus, can it strip out the attachment only and
forward the rest of the email? This sounds too good to be true. And wouldn't
this require a hard drive for the firewall?

Similar question for how it handles spyware, trojans, etc.

On Nov 13, 6:17 am, "peter" <nos...@nospam.com> wrote:[color=blue]
> Some new firewall boxes advertised DPI and virus protection (e.g. sonicwall
> tz180). Sounds attractive. But how does it work?
>
> Let's say I'm downloading a pop3 email. Does the firewall stores the entire
> email and attachment, scan it for virus, then forward it on if it's clean?[/color]

No. It just inspects it while it is downloading just like any other
antivirus software does. They start at the beginning and end at the
end. You only need a small buffer for that.

But it also does not work miracles. It does not forward anything "if
it's clean". It only recognizes for what it has signatures. It won't
recognize the newest malware until the signatures have it. It won't
recognize very rare malware. It will also recognize things which are
not bad. It will also recognize malware which is actually not
dangerous on your computer because your computer is not vulnerable.

So basically, it may find a few things but it is still and always you
who has to decide what's clean or not.

Gerald

In article <1194908645.449043.110110@s15g2000prm.googlegroups.com>,
[email]vogt@spamcop.net[/email] says...[color=blue]
> So basically, it may find a few things but it is still and always you
> who has to decide what's clean or not.[/color]

That's why yo use your own email server and then block attachments by
mime type - and then you block anything that could be malicious by file
type (mime type).

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
[email]spam999free@rrohio.com[/email] (remove 999 for proper email address)

On Nov 13, 10:55 am, Leythos <v...@nowhere.lan> wrote:[color=blue]
> In article <1194908645.449043.110...@s15g2000prm.googlegroups.com>,
> v...@spamcop.net says...
>[color=green]
> > So basically, it may find a few things but it is still and always you
> > who has to decide what's clean or not.[/color]
>
> That's why yo use your own email server and then block attachments by
> mime type - and then you block anything that could be malicious by file
> type (mime type).[/color]

So you are saying that viruses only come through e-mail? Or how is
this comment exactly related with the firewall box which scans the
network traffic for viruses?

Gerald

In article <1194921534.894182.9880@y27g2000pre.googlegroups.com>,
[email]vogt@spamcop.net[/email] says...[color=blue]
> On Nov 13, 10:55 am, Leythos <v...@nowhere.lan> wrote:[color=green]
> > In article <1194908645.449043.110...@s15g2000prm.googlegroups.com>,
> > v...@spamcop.net says...
> >[color=darkred]
> > > So basically, it may find a few things but it is still and always you
> > > who has to decide what's clean or not.[/color]
> >
> > That's why yo use your own email server and then block attachments by
> > mime type - and then you block anything that could be malicious by file
> > type (mime type).[/color]
>
> So you are saying that viruses only come through e-mail? Or how is
> this comment exactly related with the firewall box which scans the
> network traffic for viruses?[/color]

I believed that the OP mentioned POP in his question, I addressed that
part. How could you miss that?

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
[email]spam999free@rrohio.com[/email] (remove 999 for proper email address)

On Nov 13, 11:52 am, Leythos <v...@nowhere.lan> wrote:[color=blue]
> In article <1194921534.894182.9...@y27g2000pre.googlegroups.com>,
> v...@spamcop.net says...
>[color=green]
> > On Nov 13, 10:55 am, Leythos <v...@nowhere.lan> wrote:[color=darkred]
> > > In article <1194908645.449043.110...@s15g2000prm.googlegroups.com>,
> > > v...@spamcop.net says...[/color][/color]
>[color=green][color=darkred]
> > > > So basically, it may find a few things but it is still and always you
> > > > who has to decide what's clean or not.[/color][/color]
>[color=green][color=darkred]
> > > That's why yo use your own email server and then block attachments by
> > > mime type - and then you block anything that could be malicious by file
> > > type (mime type).[/color][/color]
>[color=green]
> > So you are saying that viruses only come through e-mail? Or how is
> > this comment exactly related with the firewall box which scans the
> > network traffic for viruses?[/color]
>
> I believed that the OP mentioned POP in his question, I addressed that
> part. How could you miss that?[/color]

The OP mentioned Trojan. Do we discuss Trojans now?

How did you miss that it is about a firewall box (see subject)? POP
was an example to illustrate that he does not know how the firewall
filters the network traffic for malware. Isn't the "Let's say..." in
the OP clear enough? Thus you are dragging this off-topic by
discussing email servers as that does not explain "how the firewall
box handles virus".

Gerald

Leythos <void@nowhere.lan> wrote:
[color=blue]
> That's why yo use your own email server and then block attachments by
> mime type - and then you block anything that could be malicious by file
> type (mime type).[/color]

While this sorts out 99% of the crap, there's enough worms out there
that send themselves as ZIP (encrypted, even...).

Virus scanners on mailservers usually try to unpack the archive files
and remove those files from the content that still look dangerous. But
even that is growing more and more difficult - the latest bugs in
Acrobat mean that every PDF could be a problem :-(

Juergen Nieveler
--
A man is only a man, but a good bicycle is a ride.

"Gerald Vogt" <vogt@spamcop.net> wrote in message
news:1194908645.449043.110110@s15g2000prm.googlegroups.com...[color=blue]
>
> No. It just inspects it while it is downloading just like any other
> antivirus software does. They start at the beginning and end at the
> end. You only need a small buffer for that.[/color]

If that is the case, the firewall may let half an email pass through, detect
a virus, and cut off the rest of the email?

I guessed I wasn't clear. What I want to know is, if one of the email I'm
downloading via pop3 has a virus and is detected by such firewall, what does
it do? Delete one ethernet frame? Delete the rest of the session? Delete
from the start of the signature till the end of the virus (assuming its
virus database has length info)?

What if the virus' signature pattern happens to cross an ethernet packet
boundary, would it still be detected? The firewall would have to be able to
remove low and higher level network headers in order to piece multiple
packets into one data stream to scan for virus. But if it is smart enough to
do this, why not store, scan, and forward attachment if no virus is found?

Similarly, if a spyware is detected by such firewall while I'm downloading
an activeX control, what does it do? Delete the data until the end of the
activeX control data stream (assuming it can tell where the activeX ends)?

In article <1194943388.102607.279770@v29g2000prd.googlegroups.com>,
[email]vogt@spamcop.net[/email] says...[color=blue]
> On Nov 13, 11:52 am, Leythos <v...@nowhere.lan> wrote:[color=green]
> > In article <1194921534.894182.9...@y27g2000pre.googlegroups.com>,
> > v...@spamcop.net says...
> >[color=darkred]
> > > On Nov 13, 10:55 am, Leythos <v...@nowhere.lan> wrote:
> > > > In article <1194908645.449043.110...@s15g2000prm.googlegroups.com>,
> > > > v...@spamcop.net says...[/color]
> >[color=darkred]
> > > > > So basically, it may find a few things but it is still and always you
> > > > > who has to decide what's clean or not.[/color]
> >[color=darkred]
> > > > That's why yo use your own email server and then block attachments by
> > > > mime type - and then you block anything that could be malicious by file
> > > > type (mime type).[/color]
> >[color=darkred]
> > > So you are saying that viruses only come through e-mail? Or how is
> > > this comment exactly related with the firewall box which scans the
> > > network traffic for viruses?[/color]
> >
> > I believed that the OP mentioned POP in his question, I addressed that
> > part. How could you miss that?[/color]
>
> The OP mentioned Trojan. Do we discuss Trojans now?
>
> How did you miss that it is about a firewall box (see subject)? POP
> was an example to illustrate that he does not know how the firewall
> filters the network traffic for malware. Isn't the "Let's say..." in
> the OP clear enough? Thus you are dragging this off-topic by
> discussing email servers as that does not explain "how the firewall
> box handles virus".[/color]

Gerald - don't request Follow-Up by email, this is Usenet and that's
where the thread should stay.

I don't know what your problem is, but the op mentioned POP and that's
the part I replied to, specifically, get over yourself. My explanation
discussed how a firewall can be used to remove malware from email, which
was something the OP should be aware of as part of an overall
email/malware discussion.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
[email]spam999free@rrohio.com[/email] (remove 999 for proper email address)

In article <Xns99E75E29D6FD7juergennieveler@nieveler.org>,
[email]juergen.nieveler.nospam@arcor.de[/email] says...[color=blue]
> Leythos <void@nowhere.lan> wrote:
>[color=green]
> > That's why yo use your own email server and then block attachments by
> > mime type - and then you block anything that could be malicious by file
> > type (mime type).[/color]
>
> While this sorts out 99% of the crap, there's enough worms out there
> that send themselves as ZIP (encrypted, even...).
>
> Virus scanners on mailservers usually try to unpack the archive files
> and remove those files from the content that still look dangerous. But
> even that is growing more and more difficult - the latest bugs in
> Acrobat mean that every PDF could be a problem :-([/color]

Yep, we actually block Zip files except from a specific user account
that only admins can reach. In addition to blocking at the firewall
based on mime type we also use SMTP aware scanners that scan before the
email/attachment reaches the mail server itself. Nothing is perfect,
but we've never had a compromised client in more than 20 years.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
[email]spam999free@rrohio.com[/email] (remove 999 for proper email address)

Juergen Nieveler wrote:[color=blue]
> But
> even that is growing more and more difficult - the latest bugs in
> Acrobat mean that every PDF could be a problem :-(
>[/color]

yeah I have been seeing these spammails with pdf atachments,what's the bug/exploit ?

any hints appreciated

M

Leythos wrote:[color=blue]
> Gerald - don't request Follow-Up by email, this is Usenet and that's
> where the thread should stay.[/color]

The thread is off-topic because it has nothing to do with what the OP
asked. That's why it is fup poster.
[color=blue]
> I don't know what your problem is, but the op mentioned POP and that's
> the part I replied to, specifically, get over yourself. My explanation
> discussed how a firewall can be used to remove malware from email, which[/color]

?? Where exactly is the firewall in your explanation:

"That's why yo use your own email server and then block attachments by
mime type - and then you block anything that could be malicious by file
type (mime type)."

I don't think that "email server" is generally considered the same as
"firewall".
[color=blue]
> was something the OP should be aware of as part of an overall
> email/malware discussion.[/color]

It still won't help to understand how the firewall box scans for viruses.

Unless you have anything to say which is relevant to the original
question how a firewall box filters for viruses, this is off-topic, fup
poster, and EOD.

Gerald

mak <mak@nospam.com> wrote:[color=blue]
> Juergen Nieveler wrote:[color=green]
>> But even that is growing more and more difficult - the latest bugs in
>> Acrobat mean that every PDF could be a problem :-([/color]
>
> yeah I have been seeing these spammails with pdf atachments,[/color]

FTR: those usually don't contain exploits but use PDF merely to evade
keyword or pattern detection of spam filters. However, since there have
been exploitable vulnerabilities in various PDF readers, PDF can't be
considered a "safe" attachment. In fact there are no inherently "safe"
attachments.

If the program handling the attached file has an exploitable bug, then
an exploit contained in the attached file may lead to compromisation of
your system once you open the attachment. Meaning that for every type of
attachment there's a nonzero chance that it may contain malware at some
point.
[color=blue]
> what's the bug/exploit ?[/color]

google://acrobat+vuln

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

In article <4739b7d2$0$337$44c9b20d@news3.asahi-net.or.jp>,
[email]vogt@spamcop.net[/email] says...[color=blue]
> Leythos wrote:[color=green]
> > Gerald - don't request Follow-Up by email, this is Usenet and that's
> > where the thread should stay.[/color]
>
> The thread is off-topic because it has nothing to do with what the OP
> asked. That's why it is fup poster.[/color]

And since you don't own or moderate the group, it's not your place to
declare something off-topic, and when you don't understand something,
and when you can't comprehend, it doesn't make it OT.
[color=blue][color=green]
> > I don't know what your problem is, but the op mentioned POP and that's
> > the part I replied to, specifically, get over yourself. My explanation
> > discussed how a firewall can be used to remove malware from email, which[/color]
>
> ?? Where exactly is the firewall in your explanation:[/color]

Read it again, asince this was a firewall discussion, it would make
sense that a firewall might protect an email server. Yea, I didn't spell
it out, but then I didn't expect to have some asshole jump into it and
try to moderate the thread.
[color=blue]
> "That's why yo use your own email server and then block attachments by
> mime type - and then you block anything that could be malicious by file
> type (mime type)."
>
> I don't think that "email server" is generally considered the same as
> "firewall".[/color]

That would be the first thing you've got right today.
[color=blue][color=green]
> > was something the OP should be aware of as part of an overall
> > email/malware discussion.[/color]
>
> It still won't help to understand how the firewall box scans for viruses.
>
> Unless you have anything to say which is relevant to the original
> question how a firewall box filters for viruses, this is off-topic, fup
> poster, and EOD.[/color]

INTERNET >> FW >> NETWORK >> EMAIL SERVER & Workstations

So, by implementing a firewall with SMTP Proxy service you can remove
attachment types (based on mime types) and eliminate most of the
threats, and since most people would also have SMTP aware AV software,
the PDF's and Zip files would also be checked as definitions become
available.

So, get off your high-horse, quit acting like an asshole, and realize
that there are a lot of people that know a lot more than you.


--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
[email]spam999free@rrohio.com[/email] (remove 999 for proper email address)

Leythos wrote:[color=blue]
> In article <4739b7d2$0$337$44c9b20d@news3.asahi-net.or.jp>,
> [email]vogt@spamcop.net[/email] says...[color=green]
>> Leythos wrote:[color=darkred]
>>> Gerald - don't request Follow-Up by email, this is Usenet and that's
>>> where the thread should stay.[/color]
>> The thread is off-topic because it has nothing to do with what the OP
>> asked. That's why it is fup poster.[/color]
>
> And since you don't own or moderate the group, it's not your place to
> declare something off-topic, and when you don't understand something,
> and when you can't comprehend, it doesn't make it OT.[/color]

This paragraph has nothing to do with the question in the OP:

"Some new firewall boxes advertised DPI and virus protection (e.g.
sonicwall tz180). Sounds attractive. But how does it work?"
[color=blue][color=green][color=darkred]
>>> I don't know what your problem is, but the op mentioned POP and that's
>>> the part I replied to, specifically, get over yourself. My explanation
>>> discussed how a firewall can be used to remove malware from email, which[/color]
>> ?? Where exactly is the firewall in your explanation:[/color]
>
> Read it again, asince this was a firewall discussion, it would make
> sense that a firewall might protect an email server. Yea, I didn't spell
> it out, but then I didn't expect to have some asshole jump into it and
> try to moderate the thread.[/color]

This paragraph has nothing to do with the question in the OP:

"Some new firewall boxes advertised DPI and virus protection (e.g.
sonicwall tz180). Sounds attractive. But how does it work?"
[color=blue][color=green]
>> "That's why yo use your own email server and then block attachments by
>> mime type - and then you block anything that could be malicious by file
>> type (mime type)."
>>
>> I don't think that "email server" is generally considered the same as
>> "firewall".[/color]
>
> That would be the first thing you've got right today.[/color]

This paragraph has nothing to do with the question in the OP:

"Some new firewall boxes advertised DPI and virus protection (e.g.
sonicwall tz180). Sounds attractive. But how does it work?"
[color=blue][color=green][color=darkred]
>>> was something the OP should be aware of as part of an overall
>>> email/malware discussion.[/color]
>> It still won't help to understand how the firewall box scans for viruses.
>>
>> Unless you have anything to say which is relevant to the original
>> question how a firewall box filters for viruses, this is off-topic, fup
>> poster, and EOD.[/color]
>
> INTERNET >> FW >> NETWORK >> EMAIL SERVER & Workstations
>
> So, by implementing a firewall with SMTP Proxy service you can remove
> attachment types (based on mime types) and eliminate most of the
> threats, and since most people would also have SMTP aware AV software,
> the PDF's and Zip files would also be checked as definitions become
> available.[/color]

This paragraph has nothing to do with the question in the OP:

"Some new firewall boxes advertised DPI and virus protection (e.g.
sonicwall tz180). Sounds attractive. But how does it work?"
[color=blue]
> So, get off your high-horse, quit acting like an asshole, and realize
> that there are a lot of people that know a lot more than you.[/color]

This paragraph has nothing to do with the question in the OP:

"Some new firewall boxes advertised DPI and virus protection (e.g.
sonicwall tz180). Sounds attractive. But how does it work?"

I don't know your definition of 'off-topic'. But can you be any more
off-topic from the OP? Anything you write about is what you brought
up but which is unrelated to the OP. Why do you think a generic
firewall discussion about something is applicable only because the
subject contains "firewall" or the group has "firewall" in the name?

But all you write has nothing to do with the question of the OP. Even
your strange requirement that you should use your email server to
firewall is odd, because you can still use the same firewall to filter
the traffic from any external email server to your computer via POP or
IMAP.

Thus, maybe you could write something on-topic and explain how the
firewall does it exactly? "How can a firewall box handle virus?"
Setting
up your own e-mail server has nothing to do with that nor is a
requirement to make some use of a virus filtering firewall box...

Gerald

In article <1195013707.989281.127620@i38g2000prf.googlegroups.com>,
[email]vogt@spamcop.net[/email] says...[color=blue]
> Leythos wrote:[color=green]
> > In article <4739b7d2$0$337$44c9b20d@news3.asahi-net.or.jp>,
> > [email]vogt@spamcop.net[/email] says...[color=darkred]
> >> Leythos wrote:
> >>> Gerald - don't request Follow-Up by email, this is Usenet and that's
> >>> where the thread should stay.
> >> The thread is off-topic because it has nothing to do with what the OP
> >> asked. That's why it is fup poster.[/color]
> >
> > And since you don't own or moderate the group, it's not your place to
> > declare something off-topic, and when you don't understand something,
> > and when you can't comprehend, it doesn't make it OT.[/color]
>
> This paragraph has nothing to do with the question in the OP:
>
> "Some new firewall boxes advertised DPI and virus protection (e.g.
> sonicwall tz180). Sounds attractive. But how does it work?"[/color]

Nice selective snipping on your trolling part.

Now, maybe if you had been just a little smarter you might have been
able to read the rest of his post and see this part:

"
Let's say I'm downloading a pop3 email. Does the firewall stores the
entire email and attachment, scan it for virus, then forward it on if
it's clean?
"

Notice the OP asking about POP3 now?

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
[email]spam999free@rrohio.com[/email] (remove 999 for proper email address)

Leythos wrote:
In article <1195013707.989281.127620@i38g2000prf.googlegroups.com>,[color=blue]
> [email]vogt@spamcop.net[/email] says...[color=green]
>> Leythos wrote:[color=darkred]
>>> In article <4739b7d2$0$337$44c9b20d@news3.asahi-net.or.jp>,
>>> [email]vogt@spamcop.net[/email] says...
>>>> Leythos wrote:
>>>>> Gerald - don't request Follow-Up by email, this is Usenet and that's
>>>>> where the thread should stay.
>>>> The thread is off-topic because it has nothing to do with what the OP
>>>> asked. That's why it is fup poster.
>>> And since you don't own or moderate the group, it's not your place to
>>> declare something off-topic, and when you don't understand something,
>>> and when you can't comprehend, it doesn't make it OT.[/color]
>> This paragraph has nothing to do with the question in the OP:
>>
>> "Some new firewall boxes advertised DPI and virus protection (e.g.
>> sonicwall tz180). Sounds attractive. But how does it work?"[/color]
>
> Nice selective snipping on your trolling part.
>
> Now, maybe if you had been just a little smarter you might have been
> able to read the rest of his post and see this part:
>
> "
> Let's say I'm downloading a pop3 email. Does the firewall stores the
> entire email and attachment, scan it for virus, then forward it on if
> it's clean?
> "
>
> Notice the OP asking about POP3 now?[/color]

Notice the "Let's say" which clearly indicates that this is an example
to explain which kind of problem the OP has. POP3 is only one example.
The question covers all protocols. POP3 was just picked as example. All
you wrote won't explain how the firewall will scan HTTP, FTP, or IM
traffic for malware, or may filter Java applets, etc.

The question is broader then the example. It is useless to poke on the
e-mail server as it does not cover HTTP, FTP, IM or any other network
protocol which may be scanned for malware.

And everything you wrote still does not explain how the firewall works
in regard to the question related to the e-mail scanning: "Does the
firewall stores the entire email and attachment, scan it for virus, then
forward it on if it's clean?"

But you don't answer this question either. You don't explain how the
firewall would scan e-mails for malware. Filtering certain mime types is
obviously something different than scanning for viruses. Your comment
could be simply extended to "block all e-mail traffic". This way the
firewall would also effectively stop all incoming malware through
e-mails. But still, the firewall would not scan the e-mails for malware.
It would just filter a port...

So, why don't you simply answer the question how the firewall works? You
know the example but even there you don't explain how it works. How does
a virus scanner on a network firewall work? How does it scan network
traffic like smtp, imap, pop3, http, ftp, any IM protocol, etc. for
malware? To repeat rephrase the example in the OP: "Let's say I'm
downloading a 100MB file via ftp. Does the firewall store the entire
download, scan it for virus, then forward it on if it's clean?"

But I guess it is futile to ask for answers from you. You would only
poke around some details in the FTP protocol and would say that you
would filter certain file extensions from downloading... Still does not
explain the question but you have you buzzword "FTP" thus it is time for
you to elaborate on FTP...

Gerald

P.S.: still off-topic thus fup poster.

In article <473addc5$0$337$44c9b20d@news3.asahi-net.or.jp>,
[email]vogt@spamcop.net[/email] says...[color=blue]
> Leythos wrote:
> In article <1195013707.989281.127620@i38g2000prf.googlegroups.com>,[color=green]
> > [email]vogt@spamcop.net[/email] says...[color=darkred]
> >> Leythos wrote:
> >>> In article <4739b7d2$0$337$44c9b20d@news3.asahi-net.or.jp>,
> >>> [email]vogt@spamcop.net[/email] says...
> >>>> Leythos wrote:
> >>>>> Gerald - don't request Follow-Up by email, this is Usenet and that's
> >>>>> where the thread should stay.
> >>>> The thread is off-topic because it has nothing to do with what the OP
> >>>> asked. That's why it is fup poster.
> >>> And since you don't own or moderate the group, it's not your place to
> >>> declare something off-topic, and when you don't understand something,
> >>> and when you can't comprehend, it doesn't make it OT.
> >> This paragraph has nothing to do with the question in the OP:
> >>
> >> "Some new firewall boxes advertised DPI and virus protection (e.g.
> >> sonicwall tz180). Sounds attractive. But how does it work?"[/color]
> >
> > Nice selective snipping on your trolling part.
> >
> > Now, maybe if you had been just a little smarter you might have been
> > able to read the rest of his post and see this part:
> >
> > "
> > Let's say I'm downloading a pop3 email. Does the firewall stores the
> > entire email and attachment, scan it for virus, then forward it on if
> > it's clean?
> > "
> >
> > Notice the OP asking about POP3 now?[/color]
>
> Notice the "Let's say" which clearly indicates that this is an example
> to explain which kind of problem the OP has. POP3 is only one example.
> The question covers all protocols. POP3 was just picked as example. All
> you wrote won't explain how the firewall will scan HTTP, FTP, or IM
> traffic for malware, or may filter Java applets, etc.[/color]

I addressed the example he posted - get over your pompous self.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
[email]spam999free@rrohio.com[/email] (remove 999 for proper email address)

On Nov 14, 8:42 pm, Leythos <v...@nowhere.lan> wrote:[color=blue][color=green]
> > Notice the "Let's say" which clearly indicates that this is an example
> > to explain which kind of problem the OP has. POP3 is only one example.
> > The question covers all protocols. POP3 was just picked as example. All
> > you wrote won't explain how the firewall will scan HTTP, FTP, or IM
> > traffic for malware, or may filter Java applets, etc.[/color]
>
> I addressed the example he posted - get over your pompous self.[/color]

Why don't you simply answer the questions?

The "example" he posted was:

"Let's say I'm downloading a pop3 email. Does the firewall stores the
entire
email and attachment, scan it for virus, then forward it on if it's
clean?
And if the attachment has a virus, can it strip out the attachment
only and
forward the rest of the email? This sounds too good to be true. And
wouldn't
this require a hard drive for the firewall? "

You did nowhere address these questions.

So far, you were not really on topic to the questions asked.

This is still off-topic, thus fup poster. You'll probably keep poking
about other things and post them instead but I guess that won't need
any further comments. It is kind of ridiculous how to try to avoid to
answer some questions clearly asked which would be definitively on-
topic. EOD.

Gerald

In article <1195044140.235352.135080@s15g2000prm.googlegroups.com>,
[email]vogt@spamcop.net[/email] says...[color=blue]
> It is kind of ridiculous how to try[/color]

No, what's ridiculous is how you think that you control the group and
have any right to determine what is/is not OT. A question was asked, a
example was posted by the Op, I addressed that example as part of his
question. You don't like the answer, TFB. Your complaining about my post
is completely OT (based on your criteria) and does not provide any
information to the OP about his question. Keep trolling.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
[email]spam999free@rrohio.com[/email] (remove 999 for proper email address)