[LARTC] viruses

[LARTC] viruses

[Yemi Fowe]

Hello aal,
Pls i want to know how i can make my Linux firewall
can block viruses from entering my network.
Thank
--Fowe

__________________________________
Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster
http://search.yahoo.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] viruses

[Daniel Chemko]

What "viruses" are you trying to block? With network filtering, you
should only be allowing in services that you really use, like inbound
www and mail. If you are letting in all traffic from the internet or you
don't know what I'm talking about, see www.netfilter.org documentation
on how to build a real firewall.

If you are talking about application layer viruses like through email:

Kazaa, etc worms cannot be blocked since nobody's written filters for
them.
Email can be blocked by running a virus scanner on your email server.
Search for antivirus products that support your mail server. ClamAV is
my personal choice for Sendmail servers.

Beyond that, you need to be more specific about your problem before
anyone can help.


Yemi Fowe wrote:
> Hello aal,
> Pls i want to know how i can make my Linux firewall
> can block viruses from entering my network.
> Thank
> --Fowe
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! Search - Find what you're looking for faster
> http://search.yahoo.com
> _______________________________________________ LARTC mailing list /
> LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc
> HOWTO: http://lartc.org/   
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] viruses

[Jason A. Pattie]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yemi Fowe wrote:
| Hello aal,
| Pls i want to know how i can make my Linux firewall
| can block viruses from entering my network.
| Thank

I don't know how much you can use LARTC for this particular end, but you
can setup a deny-by-default firewall that will help already infected
machines from getting out to the rest of the world.

You might look at securing your apps on a more specific level, such as
scanning/filtering your e-mail and web downloads.  This is accomplished
with mail/spam scanning software that has an antivirus engine integrated
with the mail server to detect spam and virii, along with web proxy
caching software that also has an antivirus engine integrated to scan
all incoming content.  You might also add an Intrusion Detection System
to your firewall.  Note, the more you add, the better machine you will
need to have (processor and RAM, especially).

The company I work for has worked on integrating antivirus support into
DansGuardian in order to allow for scanning all incoming web content for
virii.  We also use MailScanner/SpamAssassin.

You can check them out at http://www.pcxperience.org.

- --
Jason A. Pattie
pattieja@xperienceinc.com
Xperience, Inc. (http://www.xperienceinc.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFASP+wuYsUrHkpYtARAjEAAJ9CTZA7ppzKks4fpNZveYLhWKFfkgCfWH7q
Xpz10yorLJJY5Wa5m8S+P9Q=qZkG
-----END PGP SIGNATURE-----


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] viruses

[Jason A. Pattie]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Daniel Chemko wrote:
| If you are talking about application layer viruses like through email:
|
| Kazaa, etc worms cannot be blocked since nobody's written filters for
| them.

I have seen "solutions" that help the Kazaa problem.  One was something
like P2PWall, I think.  There are even extensions that have been
integrated with the IPCop firewall distro to block Kazaa (couldn't get
them to work, but that's a different story).

- --
Jason A. Pattie
pattieja@xperienceinc.com
Xperience, Inc. (http://www.xperienceinc.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFASQA0uYsUrHkpYtARAq6UAJ43dgLXoBcmQfbx7LcjXC8JOdgU8ACggnwn
NoyntAbwbF+xur8tUQh5caw=Q4Wi
-----END PGP SIGNATURE-----


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] viruses

[Nathan Littlepage]

Use Snort, http://snort.org , in an inline fashion. You can set up the
firewall to QUEUE the packets and run them through snort to allow or
drop them.

> -----Original Message-----
> From: lartc-admin@mailman.ds9a.nl 
> [mailto:lartc-admin@mailman.ds9a.nl] On Behalf Of Yemi Fowe
> Sent: Friday, March 05, 2004 4:10 PM
> To: lartc@mailman.ds9a.nl
> Subject: [LARTC] viruses
> 
> 
> Hello aal,
> Pls i want to know how i can make my Linux firewall
> can block viruses from entering my network.
> Thank
> --Fowe
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! Search - Find what you're looking for faster
> http://search.yahoo.com
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] viruses

[Nathan Littlepage]

Correction, that's http://www.snort.org

> -----Original Message-----
> From: lartc-admin@mailman.ds9a.nl 
> [mailto:lartc-admin@mailman.ds9a.nl] On Behalf Of Nathan Littlepage
> Sent: Friday, March 05, 2004 4:42 PM
> To: lartc@mailman.ds9a.nl
> Subject: RE: [LARTC] viruses
> 
> 
> Use Snort, http://snort.org , in an inline fashion. You can set up the
> firewall to QUEUE the packets and run them through snort to allow or
> drop them.
> 
> > -----Original Message-----
> > From: lartc-admin@mailman.ds9a.nl 
> > [mailto:lartc-admin@mailman.ds9a.nl] On Behalf Of Yemi Fowe
> > Sent: Friday, March 05, 2004 4:10 PM
> > To: lartc@mailman.ds9a.nl
> > Subject: [LARTC] viruses
> > 
> > 
> > Hello aal,
> > Pls i want to know how i can make my Linux firewall
> > can block viruses from entering my network.
> > Thank
> > --Fowe
> > 
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! Search - Find what you're looking for faster
> > http://search.yahoo.com
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: 
http://lartc.org/
> 

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/