Khanh Tran wrote: > Is any using a virus scanning application with iptables? I'd like to > know if it's possible for me to detect viruses that go across my > iptables firewalls. There isn't currently a tool to perform Virus scanning of iptables data. The closest match would be snort-inline which can locate some virus signatures. Inline scanning of anything can have averse effects on the transmission. You'll quickly find that detailed scans require a lot of CPU usage. Just for monitoring network thoughtput with ntop, I'd max out my P4 CPU when backups kicked off. The better approach would be to implement transparent proxies of pertinent services like SMTP and use virus scanning addons. for them. You may also look at the 'l7-filter' project or the 'string' extension to see if their implementation suits your needs.
