[zorp] About Virus Filtering Module
Balazs Scheidler
bazsi at balabit.hu
Mon Nov 14 09:42:21 CET 2005
On Mon, 2005-11-14 at 13:34 +0800, Lin, Zihui wrote:
> Hi there,
>
> I'm working on my graduate paper which is on enabling AAA in Linux box
> using the netfilter framework. So I'm very interested in Zorp's virus
> filtering. As I'm taking a look at the patch tree (which is from the
> official unofficial site), I'm wondering if I can write my own virus
> filtering module. Did any of you guys tried to do this before? I am
> curious in the performance when we 'trickle' the application
> protocols.
Yes, we tried. The commercial version of Zorp includes a virus scanning
proxy, and the upcoming 3.1 version also contains a separate virus
scanning framework.
We also use data trickling, however we do not trickle the application
protocol itself, only the data part. I think trickling the application
layer protocol part of the stream would confuse the client or server.
--
Bazsi
More information about the zorp
mailing list