how can a firewall box handle virus? - Firewalls

This is a discussion on how can a firewall box handle virus? - Firewalls ; Some new firewall boxes advertised DPI and virus protection (e.g. sonicwall tz180). Sounds attractive. But how does it work? Let's say I'm downloading a pop3 email. Does the firewall stores the entire email and attachment, scan it for virus, then ...

+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 28

Thread: how can a firewall box handle virus?

  1. how can a firewall box handle virus?

    Some new firewall boxes advertised DPI and virus protection (e.g. sonicwall
    tz180). Sounds attractive. But how does it work?

    Let's say I'm downloading a pop3 email. Does the firewall stores the entire
    email and attachment, scan it for virus, then forward it on if it's clean?
    And if the attachment has a virus, can it strip out the attachment only and
    forward the rest of the email? This sounds too good to be true. And wouldn't
    this require a hard drive for the firewall?

    Similar question for how it handles spyware, trojans, etc.



  2. Re: how can a firewall box handle virus?

    On Nov 13, 6:17 am, "peter" wrote:
    > Some new firewall boxes advertised DPI and virus protection (e.g. sonicwall
    > tz180). Sounds attractive. But how does it work?
    >
    > Let's say I'm downloading a pop3 email. Does the firewall stores the entire
    > email and attachment, scan it for virus, then forward it on if it's clean?


    No. It just inspects it while it is downloading just like any other
    antivirus software does. They start at the beginning and end at the
    end. You only need a small buffer for that.

    But it also does not work miracles. It does not forward anything "if
    it's clean". It only recognizes for what it has signatures. It won't
    recognize the newest malware until the signatures have it. It won't
    recognize very rare malware. It will also recognize things which are
    not bad. It will also recognize malware which is actually not
    dangerous on your computer because your computer is not vulnerable.

    So basically, it may find a few things but it is still and always you
    who has to decide what's clean or not.

    Gerald


  3. Re: how can a firewall box handle virus?

    In article <1194908645.449043.110110@s15g2000prm.googlegroups. com>,
    vogt@spamcop.net says...
    > So basically, it may find a few things but it is still and always you
    > who has to decide what's clean or not.


    That's why yo use your own email server and then block attachments by
    mime type - and then you block anything that could be malicious by file
    type (mime type).

    --

    Leythos
    - Igitur qui desiderat pacem, praeparet bellum.
    - Calling an illegal alien an "undocumented worker" is like calling a
    drug dealer an "unlicensed pharmacist"
    spam999free@rrohio.com (remove 999 for proper email address)

  4. Re: how can a firewall box handle virus?

    On Nov 13, 10:55 am, Leythos wrote:
    > In article <1194908645.449043.110...@s15g2000prm.googlegroups. com>,
    > v...@spamcop.net says...
    >
    > > So basically, it may find a few things but it is still and always you
    > > who has to decide what's clean or not.

    >
    > That's why yo use your own email server and then block attachments by
    > mime type - and then you block anything that could be malicious by file
    > type (mime type).


    So you are saying that viruses only come through e-mail? Or how is
    this comment exactly related with the firewall box which scans the
    network traffic for viruses?

    Gerald


  5. Re: how can a firewall box handle virus?

    In article <1194921534.894182.9880@y27g2000pre.googlegroups.co m>,
    vogt@spamcop.net says...
    > On Nov 13, 10:55 am, Leythos wrote:
    > > In article <1194908645.449043.110...@s15g2000prm.googlegroups. com>,
    > > v...@spamcop.net says...
    > >
    > > > So basically, it may find a few things but it is still and always you
    > > > who has to decide what's clean or not.

    > >
    > > That's why yo use your own email server and then block attachments by
    > > mime type - and then you block anything that could be malicious by file
    > > type (mime type).

    >
    > So you are saying that viruses only come through e-mail? Or how is
    > this comment exactly related with the firewall box which scans the
    > network traffic for viruses?


    I believed that the OP mentioned POP in his question, I addressed that
    part. How could you miss that?

    --

    Leythos
    - Igitur qui desiderat pacem, praeparet bellum.
    - Calling an illegal alien an "undocumented worker" is like calling a
    drug dealer an "unlicensed pharmacist"
    spam999free@rrohio.com (remove 999 for proper email address)

  6. Re: how can a firewall box handle virus?

    On Nov 13, 11:52 am, Leythos wrote:
    > In article <1194921534.894182.9...@y27g2000pre.googlegroups.co m>,
    > v...@spamcop.net says...
    >
    > > On Nov 13, 10:55 am, Leythos wrote:
    > > > In article <1194908645.449043.110...@s15g2000prm.googlegroups. com>,
    > > > v...@spamcop.net says...

    >
    > > > > So basically, it may find a few things but it is still and always you
    > > > > who has to decide what's clean or not.

    >
    > > > That's why yo use your own email server and then block attachments by
    > > > mime type - and then you block anything that could be malicious by file
    > > > type (mime type).

    >
    > > So you are saying that viruses only come through e-mail? Or how is
    > > this comment exactly related with the firewall box which scans the
    > > network traffic for viruses?

    >
    > I believed that the OP mentioned POP in his question, I addressed that
    > part. How could you miss that?


    The OP mentioned Trojan. Do we discuss Trojans now?

    How did you miss that it is about a firewall box (see subject)? POP
    was an example to illustrate that he does not know how the firewall
    filters the network traffic for malware. Isn't the "Let's say..." in
    the OP clear enough? Thus you are dragging this off-topic by
    discussing email servers as that does not explain "how the firewall
    box handles virus".

    Gerald


  7. Re: how can a firewall box handle virus?

    Leythos wrote:

    > That's why yo use your own email server and then block attachments by
    > mime type - and then you block anything that could be malicious by file
    > type (mime type).


    While this sorts out 99% of the crap, there's enough worms out there
    that send themselves as ZIP (encrypted, even...).

    Virus scanners on mailservers usually try to unpack the archive files
    and remove those files from the content that still look dangerous. But
    even that is growing more and more difficult - the latest bugs in
    Acrobat mean that every PDF could be a problem :-(

    Juergen Nieveler
    --
    A man is only a man, but a good bicycle is a ride.

  8. Re: how can a firewall box handle virus?

    "Gerald Vogt" wrote in message
    news:1194908645.449043.110110@s15g2000prm.googlegr oups.com...
    >
    > No. It just inspects it while it is downloading just like any other
    > antivirus software does. They start at the beginning and end at the
    > end. You only need a small buffer for that.


    If that is the case, the firewall may let half an email pass through, detect
    a virus, and cut off the rest of the email?

    I guessed I wasn't clear. What I want to know is, if one of the email I'm
    downloading via pop3 has a virus and is detected by such firewall, what does
    it do? Delete one ethernet frame? Delete the rest of the session? Delete
    from the start of the signature till the end of the virus (assuming its
    virus database has length info)?

    What if the virus' signature pattern happens to cross an ethernet packet
    boundary, would it still be detected? The firewall would have to be able to
    remove low and higher level network headers in order to piece multiple
    packets into one data stream to scan for virus. But if it is smart enough to
    do this, why not store, scan, and forward attachment if no virus is found?

    Similarly, if a spyware is detected by such firewall while I'm downloading
    an activeX control, what does it do? Delete the data until the end of the
    activeX control data stream (assuming it can tell where the activeX ends)?



  9. Re: how can a firewall box handle virus?

    In article <1194943388.102607.279770@v29g2000prd.googlegroups. com>,
    vogt@spamcop.net says...
    > On Nov 13, 11:52 am, Leythos wrote:
    > > In article <1194921534.894182.9...@y27g2000pre.googlegroups.co m>,
    > > v...@spamcop.net says...
    > >
    > > > On Nov 13, 10:55 am, Leythos wrote:
    > > > > In article <1194908645.449043.110...@s15g2000prm.googlegroups. com>,
    > > > > v...@spamcop.net says...

    > >
    > > > > > So basically, it may find a few things but it is still and always you
    > > > > > who has to decide what's clean or not.

    > >
    > > > > That's why yo use your own email server and then block attachments by
    > > > > mime type - and then you block anything that could be malicious by file
    > > > > type (mime type).

    > >
    > > > So you are saying that viruses only come through e-mail? Or how is
    > > > this comment exactly related with the firewall box which scans the
    > > > network traffic for viruses?

    > >
    > > I believed that the OP mentioned POP in his question, I addressed that
    > > part. How could you miss that?

    >
    > The OP mentioned Trojan. Do we discuss Trojans now?
    >
    > How did you miss that it is about a firewall box (see subject)? POP
    > was an example to illustrate that he does not know how the firewall
    > filters the network traffic for malware. Isn't the "Let's say..." in
    > the OP clear enough? Thus you are dragging this off-topic by
    > discussing email servers as that does not explain "how the firewall
    > box handles virus".


    Gerald - don't request Follow-Up by email, this is Usenet and that's
    where the thread should stay.

    I don't know what your problem is, but the op mentioned POP and that's
    the part I replied to, specifically, get over yourself. My explanation
    discussed how a firewall can be used to remove malware from email, which
    was something the OP should be aware of as part of an overall
    email/malware discussion.

    --

    Leythos
    - Igitur qui desiderat pacem, praeparet bellum.
    - Calling an illegal alien an "undocumented worker" is like calling a
    drug dealer an "unlicensed pharmacist"
    spam999free@rrohio.com (remove 999 for proper email address)

  10. Re: how can a firewall box handle virus?

    In article ,
    juergen.nieveler.nospam@arcor.de says...
    > Leythos wrote:
    >
    > > That's why yo use your own email server and then block attachments by
    > > mime type - and then you block anything that could be malicious by file
    > > type (mime type).

    >
    > While this sorts out 99% of the crap, there's enough worms out there
    > that send themselves as ZIP (encrypted, even...).
    >
    > Virus scanners on mailservers usually try to unpack the archive files
    > and remove those files from the content that still look dangerous. But
    > even that is growing more and more difficult - the latest bugs in
    > Acrobat mean that every PDF could be a problem :-(


    Yep, we actually block Zip files except from a specific user account
    that only admins can reach. In addition to blocking at the firewall
    based on mime type we also use SMTP aware scanners that scan before the
    email/attachment reaches the mail server itself. Nothing is perfect,
    but we've never had a compromised client in more than 20 years.

    --

    Leythos
    - Igitur qui desiderat pacem, praeparet bellum.
    - Calling an illegal alien an "undocumented worker" is like calling a
    drug dealer an "unlicensed pharmacist"
    spam999free@rrohio.com (remove 999 for proper email address)

  11. Re: how can a firewall box handle virus?

    Juergen Nieveler wrote:
    > But
    > even that is growing more and more difficult - the latest bugs in
    > Acrobat mean that every PDF could be a problem :-(
    >


    yeah I have been seeing these spammails with pdf atachments,what's the bug/exploit ?

    any hints appreciated

    M



  12. Re: how can a firewall box handle virus?

    Leythos wrote:
    > Gerald - don't request Follow-Up by email, this is Usenet and that's
    > where the thread should stay.


    The thread is off-topic because it has nothing to do with what the OP
    asked. That's why it is fup poster.

    > I don't know what your problem is, but the op mentioned POP and that's
    > the part I replied to, specifically, get over yourself. My explanation
    > discussed how a firewall can be used to remove malware from email, which


    ?? Where exactly is the firewall in your explanation:

    "That's why yo use your own email server and then block attachments by
    mime type - and then you block anything that could be malicious by file
    type (mime type)."

    I don't think that "email server" is generally considered the same as
    "firewall".

    > was something the OP should be aware of as part of an overall
    > email/malware discussion.


    It still won't help to understand how the firewall box scans for viruses.

    Unless you have anything to say which is relevant to the original
    question how a firewall box filters for viruses, this is off-topic, fup
    poster, and EOD.

    Gerald

  13. Re: how can a firewall box handle virus?

    mak wrote:
    > Juergen Nieveler wrote:
    >> But even that is growing more and more difficult - the latest bugs in
    >> Acrobat mean that every PDF could be a problem :-(

    >
    > yeah I have been seeing these spammails with pdf atachments,


    FTR: those usually don't contain exploits but use PDF merely to evade
    keyword or pattern detection of spam filters. However, since there have
    been exploitable vulnerabilities in various PDF readers, PDF can't be
    considered a "safe" attachment. In fact there are no inherently "safe"
    attachments.

    If the program handling the attached file has an exploitable bug, then
    an exploit contained in the attached file may lead to compromisation of
    your system once you open the attachment. Meaning that for every type of
    attachment there's a nonzero chance that it may contain malware at some
    point.

    > what's the bug/exploit ?


    google://acrobat+vuln

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  14. Re: how can a firewall box handle virus?

    In article <4739b7d2$0$337$44c9b20d@news3.asahi-net.or.jp>,
    vogt@spamcop.net says...
    > Leythos wrote:
    > > Gerald - don't request Follow-Up by email, this is Usenet and that's
    > > where the thread should stay.

    >
    > The thread is off-topic because it has nothing to do with what the OP
    > asked. That's why it is fup poster.


    And since you don't own or moderate the group, it's not your place to
    declare something off-topic, and when you don't understand something,
    and when you can't comprehend, it doesn't make it OT.

    > > I don't know what your problem is, but the op mentioned POP and that's
    > > the part I replied to, specifically, get over yourself. My explanation
    > > discussed how a firewall can be used to remove malware from email, which

    >
    > ?? Where exactly is the firewall in your explanation:


    Read it again, asince this was a firewall discussion, it would make
    sense that a firewall might protect an email server. Yea, I didn't spell
    it out, but then I didn't expect to have some asshole jump into it and
    try to moderate the thread.

    > "That's why yo use your own email server and then block attachments by
    > mime type - and then you block anything that could be malicious by file
    > type (mime type)."
    >
    > I don't think that "email server" is generally considered the same as
    > "firewall".


    That would be the first thing you've got right today.

    > > was something the OP should be aware of as part of an overall
    > > email/malware discussion.

    >
    > It still won't help to understand how the firewall box scans for viruses.
    >
    > Unless you have anything to say which is relevant to the original
    > question how a firewall box filters for viruses, this is off-topic, fup
    > poster, and EOD.


    INTERNET >> FW >> NETWORK >> EMAIL SERVER & Workstations

    So, by implementing a firewall with SMTP Proxy service you can remove
    attachment types (based on mime types) and eliminate most of the
    threats, and since most people would also have SMTP aware AV software,
    the PDF's and Zip files would also be checked as definitions become
    available.

    So, get off your high-horse, quit acting like an asshole, and realize
    that there are a lot of people that know a lot more than you.


    --

    Leythos
    - Igitur qui desiderat pacem, praeparet bellum.
    - Calling an illegal alien an "undocumented worker" is like calling a
    drug dealer an "unlicensed pharmacist"
    spam999free@rrohio.com (remove 999 for proper email address)

  15. Re: how can a firewall box handle virus?

    Leythos wrote:
    > In article <4739b7d2$0$337$44c9b20d@news3.asahi-net.or.jp>,
    > vogt@spamcop.net says...
    >> Leythos wrote:
    >>> Gerald - don't request Follow-Up by email, this is Usenet and that's
    >>> where the thread should stay.

    >> The thread is off-topic because it has nothing to do with what the OP
    >> asked. That's why it is fup poster.

    >
    > And since you don't own or moderate the group, it's not your place to
    > declare something off-topic, and when you don't understand something,
    > and when you can't comprehend, it doesn't make it OT.


    This paragraph has nothing to do with the question in the OP:

    "Some new firewall boxes advertised DPI and virus protection (e.g.
    sonicwall tz180). Sounds attractive. But how does it work?"

    >>> I don't know what your problem is, but the op mentioned POP and that's
    >>> the part I replied to, specifically, get over yourself. My explanation
    >>> discussed how a firewall can be used to remove malware from email, which

    >> ?? Where exactly is the firewall in your explanation:

    >
    > Read it again, asince this was a firewall discussion, it would make
    > sense that a firewall might protect an email server. Yea, I didn't spell
    > it out, but then I didn't expect to have some asshole jump into it and
    > try to moderate the thread.


    This paragraph has nothing to do with the question in the OP:

    "Some new firewall boxes advertised DPI and virus protection (e.g.
    sonicwall tz180). Sounds attractive. But how does it work?"

    >> "That's why yo use your own email server and then block attachments by
    >> mime type - and then you block anything that could be malicious by file
    >> type (mime type)."
    >>
    >> I don't think that "email server" is generally considered the same as
    >> "firewall".

    >
    > That would be the first thing you've got right today.


    This paragraph has nothing to do with the question in the OP:

    "Some new firewall boxes advertised DPI and virus protection (e.g.
    sonicwall tz180). Sounds attractive. But how does it work?"

    >>> was something the OP should be aware of as part of an overall
    >>> email/malware discussion.

    >> It still won't help to understand how the firewall box scans for viruses.
    >>
    >> Unless you have anything to say which is relevant to the original
    >> question how a firewall box filters for viruses, this is off-topic, fup
    >> poster, and EOD.

    >
    > INTERNET >> FW >> NETWORK >> EMAIL SERVER & Workstations
    >
    > So, by implementing a firewall with SMTP Proxy service you can remove
    > attachment types (based on mime types) and eliminate most of the
    > threats, and since most people would also have SMTP aware AV software,
    > the PDF's and Zip files would also be checked as definitions become
    > available.


    This paragraph has nothing to do with the question in the OP:

    "Some new firewall boxes advertised DPI and virus protection (e.g.
    sonicwall tz180). Sounds attractive. But how does it work?"

    > So, get off your high-horse, quit acting like an asshole, and realize
    > that there are a lot of people that know a lot more than you.


    This paragraph has nothing to do with the question in the OP:

    "Some new firewall boxes advertised DPI and virus protection (e.g.
    sonicwall tz180). Sounds attractive. But how does it work?"

    I don't know your definition of 'off-topic'. But can you be any more
    off-topic from the OP? Anything you write about is what you brought
    up but which is unrelated to the OP. Why do you think a generic
    firewall discussion about something is applicable only because the
    subject contains "firewall" or the group has "firewall" in the name?

    But all you write has nothing to do with the question of the OP. Even
    your strange requirement that you should use your email server to
    firewall is odd, because you can still use the same firewall to filter
    the traffic from any external email server to your computer via POP or
    IMAP.

    Thus, maybe you could write something on-topic and explain how the
    firewall does it exactly? "How can a firewall box handle virus?"
    Setting
    up your own e-mail server has nothing to do with that nor is a
    requirement to make some use of a virus filtering firewall box...

    Gerald


  16. Re: how can a firewall box handle virus?

    In article <1195013707.989281.127620@i38g2000prf.googlegroups. com>,
    vogt@spamcop.net says...
    > Leythos wrote:
    > > In article <4739b7d2$0$337$44c9b20d@news3.asahi-net.or.jp>,
    > > vogt@spamcop.net says...
    > >> Leythos wrote:
    > >>> Gerald - don't request Follow-Up by email, this is Usenet and that's
    > >>> where the thread should stay.
    > >> The thread is off-topic because it has nothing to do with what the OP
    > >> asked. That's why it is fup poster.

    > >
    > > And since you don't own or moderate the group, it's not your place to
    > > declare something off-topic, and when you don't understand something,
    > > and when you can't comprehend, it doesn't make it OT.

    >
    > This paragraph has nothing to do with the question in the OP:
    >
    > "Some new firewall boxes advertised DPI and virus protection (e.g.
    > sonicwall tz180). Sounds attractive. But how does it work?"


    Nice selective snipping on your trolling part.

    Now, maybe if you had been just a little smarter you might have been
    able to read the rest of his post and see this part:

    "
    Let's say I'm downloading a pop3 email. Does the firewall stores the
    entire email and attachment, scan it for virus, then forward it on if
    it's clean?
    "

    Notice the OP asking about POP3 now?

    --

    Leythos
    - Igitur qui desiderat pacem, praeparet bellum.
    - Calling an illegal alien an "undocumented worker" is like calling a
    drug dealer an "unlicensed pharmacist"
    spam999free@rrohio.com (remove 999 for proper email address)

  17. Re: how can a firewall box handle virus?

    Leythos wrote:
    In article <1195013707.989281.127620@i38g2000prf.googlegroups. com>,
    > vogt@spamcop.net says...
    >> Leythos wrote:
    >>> In article <4739b7d2$0$337$44c9b20d@news3.asahi-net.or.jp>,
    >>> vogt@spamcop.net says...
    >>>> Leythos wrote:
    >>>>> Gerald - don't request Follow-Up by email, this is Usenet and that's
    >>>>> where the thread should stay.
    >>>> The thread is off-topic because it has nothing to do with what the OP
    >>>> asked. That's why it is fup poster.
    >>> And since you don't own or moderate the group, it's not your place to
    >>> declare something off-topic, and when you don't understand something,
    >>> and when you can't comprehend, it doesn't make it OT.

    >> This paragraph has nothing to do with the question in the OP:
    >>
    >> "Some new firewall boxes advertised DPI and virus protection (e.g.
    >> sonicwall tz180). Sounds attractive. But how does it work?"

    >
    > Nice selective snipping on your trolling part.
    >
    > Now, maybe if you had been just a little smarter you might have been
    > able to read the rest of his post and see this part:
    >
    > "
    > Let's say I'm downloading a pop3 email. Does the firewall stores the
    > entire email and attachment, scan it for virus, then forward it on if
    > it's clean?
    > "
    >
    > Notice the OP asking about POP3 now?


    Notice the "Let's say" which clearly indicates that this is an example
    to explain which kind of problem the OP has. POP3 is only one example.
    The question covers all protocols. POP3 was just picked as example. All
    you wrote won't explain how the firewall will scan HTTP, FTP, or IM
    traffic for malware, or may filter Java applets, etc.

    The question is broader then the example. It is useless to poke on the
    e-mail server as it does not cover HTTP, FTP, IM or any other network
    protocol which may be scanned for malware.

    And everything you wrote still does not explain how the firewall works
    in regard to the question related to the e-mail scanning: "Does the
    firewall stores the entire email and attachment, scan it for virus, then
    forward it on if it's clean?"

    But you don't answer this question either. You don't explain how the
    firewall would scan e-mails for malware. Filtering certain mime types is
    obviously something different than scanning for viruses. Your comment
    could be simply extended to "block all e-mail traffic". This way the
    firewall would also effectively stop all incoming malware through
    e-mails. But still, the firewall would not scan the e-mails for malware.
    It would just filter a port...

    So, why don't you simply answer the question how the firewall works? You
    know the example but even there you don't explain how it works. How does
    a virus scanner on a network firewall work? How does it scan network
    traffic like smtp, imap, pop3, http, ftp, any IM protocol, etc. for
    malware? To repeat rephrase the example in the OP: "Let's say I'm
    downloading a 100MB file via ftp. Does the firewall store the entire
    download, scan it for virus, then forward it on if it's clean?"

    But I guess it is futile to ask for answers from you. You would only
    poke around some details in the FTP protocol and would say that you
    would filter certain file extensions from downloading... Still does not
    explain the question but you have you buzzword "FTP" thus it is time for
    you to elaborate on FTP...

    Gerald

    P.S.: still off-topic thus fup poster.

  18. Re: how can a firewall box handle virus?

    In article <473addc5$0$337$44c9b20d@news3.asahi-net.or.jp>,
    vogt@spamcop.net says...
    > Leythos wrote:
    > In article <1195013707.989281.127620@i38g2000prf.googlegroups. com>,
    > > vogt@spamcop.net says...
    > >> Leythos wrote:
    > >>> In article <4739b7d2$0$337$44c9b20d@news3.asahi-net.or.jp>,
    > >>> vogt@spamcop.net says...
    > >>>> Leythos wrote:
    > >>>>> Gerald - don't request Follow-Up by email, this is Usenet and that's
    > >>>>> where the thread should stay.
    > >>>> The thread is off-topic because it has nothing to do with what the OP
    > >>>> asked. That's why it is fup poster.
    > >>> And since you don't own or moderate the group, it's not your place to
    > >>> declare something off-topic, and when you don't understand something,
    > >>> and when you can't comprehend, it doesn't make it OT.
    > >> This paragraph has nothing to do with the question in the OP:
    > >>
    > >> "Some new firewall boxes advertised DPI and virus protection (e.g.
    > >> sonicwall tz180). Sounds attractive. But how does it work?"

    > >
    > > Nice selective snipping on your trolling part.
    > >
    > > Now, maybe if you had been just a little smarter you might have been
    > > able to read the rest of his post and see this part:
    > >
    > > "
    > > Let's say I'm downloading a pop3 email. Does the firewall stores the
    > > entire email and attachment, scan it for virus, then forward it on if
    > > it's clean?
    > > "
    > >
    > > Notice the OP asking about POP3 now?

    >
    > Notice the "Let's say" which clearly indicates that this is an example
    > to explain which kind of problem the OP has. POP3 is only one example.
    > The question covers all protocols. POP3 was just picked as example. All
    > you wrote won't explain how the firewall will scan HTTP, FTP, or IM
    > traffic for malware, or may filter Java applets, etc.


    I addressed the example he posted - get over your pompous self.

    --

    Leythos
    - Igitur qui desiderat pacem, praeparet bellum.
    - Calling an illegal alien an "undocumented worker" is like calling a
    drug dealer an "unlicensed pharmacist"
    spam999free@rrohio.com (remove 999 for proper email address)

  19. Re: how can a firewall box handle virus?

    On Nov 14, 8:42 pm, Leythos wrote:
    > > Notice the "Let's say" which clearly indicates that this is an example
    > > to explain which kind of problem the OP has. POP3 is only one example.
    > > The question covers all protocols. POP3 was just picked as example. All
    > > you wrote won't explain how the firewall will scan HTTP, FTP, or IM
    > > traffic for malware, or may filter Java applets, etc.

    >
    > I addressed the example he posted - get over your pompous self.


    Why don't you simply answer the questions?

    The "example" he posted was:

    "Let's say I'm downloading a pop3 email. Does the firewall stores the
    entire
    email and attachment, scan it for virus, then forward it on if it's
    clean?
    And if the attachment has a virus, can it strip out the attachment
    only and
    forward the rest of the email? This sounds too good to be true. And
    wouldn't
    this require a hard drive for the firewall? "

    You did nowhere address these questions.

    So far, you were not really on topic to the questions asked.

    This is still off-topic, thus fup poster. You'll probably keep poking
    about other things and post them instead but I guess that won't need
    any further comments. It is kind of ridiculous how to try to avoid to
    answer some questions clearly asked which would be definitively on-
    topic. EOD.

    Gerald


  20. Re: how can a firewall box handle virus?

    In article <1195044140.235352.135080@s15g2000prm.googlegroups. com>,
    vogt@spamcop.net says...
    > It is kind of ridiculous how to try


    No, what's ridiculous is how you think that you control the group and
    have any right to determine what is/is not OT. A question was asked, a
    example was posted by the Op, I addressed that example as part of his
    question. You don't like the answer, TFB. Your complaining about my post
    is completely OT (based on your criteria) and does not provide any
    information to the OP about his question. Keep trolling.

    --

    Leythos
    - Igitur qui desiderat pacem, praeparet bellum.
    - Calling an illegal alien an "undocumented worker" is like calling a
    drug dealer an "unlicensed pharmacist"
    spam999free@rrohio.com (remove 999 for proper email address)

+ Reply to Thread
Page 1 of 2 1 2 LastLast