[zorp] About Virus Filtering Module

Balazs Scheidler bazsi at balabit.hu
Mon Nov 14 09:42:21 CET 2005

On Mon, 2005-11-14 at 13:34 +0800, Lin, Zihui wrote:
> Hi there,
> I'm working on my graduate paper which is on enabling AAA in Linux box
> using the netfilter framework. So I'm very interested in Zorp's virus
> filtering. As I'm taking a look at the patch tree (which is from the
> official unofficial site), I'm wondering if I can write my own virus
> filtering module. Did any of you guys tried to do this before? I am
> curious in the performance when we 'trickle' the application
> protocols. 

Yes, we tried. The commercial version of Zorp includes a virus scanning
proxy, and the upcoming 3.1 version also contains a separate virus
scanning framework.

We also use data trickling, however we do not trickle the application
protocol itself, only the data part. I think trickling the application
layer protocol part of the stream would confuse the client or server.


More information about the zorp mailing list