On Mon, 2005-11-14 at 13:34 +0800, Lin, Zihui wrote:
Hi there,
I'm working on my graduate paper which is on enabling AAA in Linux box using the netfilter framework. So I'm very interested in Zorp's virus filtering. As I'm taking a look at the patch tree (which is from the official unofficial site), I'm wondering if I can write my own virus filtering module. Did any of you guys tried to do this before? I am curious in the performance when we 'trickle' the application protocols.
Yes, we tried. The commercial version of Zorp includes a virus scanning proxy, and the upcoming 3.1 version also contains a separate virus scanning framework. We also use data trickling, however we do not trickle the application protocol itself, only the data part. I think trickling the application layer protocol part of the stream would confuse the client or server. -- Bazsi