antivirus with ipchains

Stephen Pinto stephen.pinto@paladion.net
Sat, 13 Oct 2001 13:53:33 +0530 

Hi,
Thanxs for the reply.
I checked google & i could find AVP integrating with sendmail/postfix/
qmail. I was searching for a feature similar to the one supported by
checkpoint a third party opsec compliance with checkpoint.
Scenario, I am managing mail servers for different depts. I install an opsec
compliant antivirus with checkpoint. Any mail message passing through
checkpoint will be directed to this antivirus program which will scan the
mail & then forward back to checkpoint. The virus free mail is forwarded by
checkpoint to the respective mail server.

Here i want to replace checkpoint with IPTABLES/ipchains & looking for a
solution to satify the above scenario. I could not get more info. on AVP
whether it would satisfy my above requirements.

Chao
Stephen

-----Original Message-----
From: Robert Sandilands [mailto:robert.sandilands@secureworx.com]
Sent: Friday, October 12, 2001 9:01 PM
To: 'stephen.pinto@paladion.net'; netfilter@lists.samba.org
Subject: RE: antivirus with ipchains


ipchains handles network traffic. Your-favourite-brand anti-virus handles
files. There must be something in-between that makes the network traffic
understandable for the anti-virus. For that you normally have mail/proxy
servers with which your anti-virus integrates to which you can redirect your
traffic. Some anti-virus products already incorporate a mail/proxy server
some don't. It also depends on which version of their product you have.

So first a question: Do you have a proxy/mail server with anti-virus
integrated? If not, do this first. Then continue with the rest.

If you have done this you have to configure rules in your firewall
redirecting traffic through these mail/proxy servers. This will depend on
your configuration. With RedHat 6.2 you will most likely have to integrate
McAfee into sendmail and squid. Under squid look for "transparent proxy".
You will find some information on this in the netfilter FAQ's. With sendmail
there are several programs that integrate between it and the anti-virus. You
helpful McAfee techie or a search on freshmeat.net may help you there.

Hope it helps.

Robert Sandilands

> -----Original Message-----
> From: Stephen Pinto [mailto:stephen.pinto@paladion.net]
> Sent: 12 October 2001 05:09
> To: netfilter@lists.samba.org
> Subject: antivirus with ipchains
>
>
> Hi,
>
> Can anyone help me in integarting Mcafee with ipchains or Mcafee with
> IPchains or any antivirus with IPcahins/ iptables. I am looking for a
> solution. We have currently Mcafee installed in our
> environment. I am trying
> to integrate on my RedHat 6.2 with ipchains.
>
> Chao
> Stephen
>