Poll: With regard to antivirus/antimalware on my web filter...

+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 32
Internet Related/Filtering/Firewall Thread, Gateway antivirus in Technical; Hello my educationally minded friends! I'm looking for a bit of feedback, if you don't mind. Gateway antivirus - particularly ...
  1. #1


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,448
    Thank Post
    865
    Thanked 839 Times in 662 Posts
    Rep Power
    194

    Gateway antivirus

    Hello my educationally minded friends!

    I'm looking for a bit of feedback, if you don't mind.

    Gateway antivirus - particularly AV of incoming web traffic. Interested to know your thoughts in general, preferably here, in-thread, but if you have specific in-depth thinkings, I would love to hear them by PM, email or phone.

    Is it worth having?
    Does your current vendor provide it?
    What does/should it cost?
    What are the issues you find?
    What do you think of these "new generation" behavioural AV engines?

    Also on the menu: AV for outgoing HTTP. AV for SMTP. AV for IM. AV for FTP. Any ramblings on those subjects also deemed extremely valuable
    Last edited by tom_newton; 16th February 2010 at 10:32 AM.

  2. #2


    Join Date
    Oct 2006
    Posts
    3,387
    Thank Post
    183
    Thanked 350 Times in 279 Posts
    Rep Power
    147
    Ive ran clamAV on my "smoothy then endian" box for 4-5 years now, just doing http AVing. Its great for what it is but you've got to balence performance against the added security it provides. Viruses dont tend to be embedded in websites so much no more, or not the ones i visit. They tend more to be trogens, and as such can get past the AV due to the large file size on the host app - striking a balence between silly processing time on large files against just passing the file unchecked.
    Last edited by j17sparky; 16th February 2010 at 12:26 PM.

  3. #3

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,714
    Thank Post
    269
    Thanked 1,116 Times in 1,012 Posts
    Rep Power
    345
    i think ours is done by our lea(atomwide), but i am not sure, its def not done here we just have a proxy that forwards onto there proxy

  4. #4

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,390
    Thank Post
    797
    Thanked 1,588 Times in 1,391 Posts
    Blog Entries
    10
    Rep Power
    427
    We do it using our Sonciwall Firewall. I am trying to get it onto Smoothwall Express but not much luck.

    Z

  5. #5

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    Viruses are less of a problem these days. It's websites containing Spyware, Malware and Rootkits which are more problematic, but you're just as well to block these sites altogether.

    I believe scanning all incoming traffic with AV Software will inevitably slow down browsing as can web filtering. Workstations should be running AV software anyway as that can catch viruses through the internet and removable media, such as USB sticks.

  6. #6
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,414
    Thank Post
    193
    Thanked 247 Times in 120 Posts
    Rep Power
    61
    Another vote for Sonicwall here (4000 UTM) can't fault it as it does catch some rubbish.

  7. #7


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,534
    Thank Post
    271
    Thanked 752 Times in 590 Posts
    Rep Power
    218
    I have it enabled on SW because I like defense in depth. However, the frequency of false positives for "broken executable" detections needs reducing (yeah, a clamav problem). We recently had an issue where an automated update process pulled about 600GB of traffic over a weekend because SW was flagging a 2MB patch as broken when it was perfectly fine and the app kept retrying. Nagios started paging me mid-weekend because the wierdness threshold was tripped.

    I'd also like much better detection of fake av - it's slipping through SW and hitting desktop av a bit too often for my liking.
    Last edited by pete; 16th February 2010 at 02:52 PM.

  8. #8

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    I'd also like much better detection of fake av
    This is my point exactly. Malware or fake AV as you phrase it is a lot more of a nuisance. Even Edugeek themselves were experiencing problems recently through one of their ad campaigns (it appears).
    We're professionals, we can tell the differences between real and fake, but the not so experienced user can very easily be fooled they're infected.

  9. #9
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,185
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Just had a look on our SWG-708 and it says 'Web anti-virus engine' : Stopped. I don't think it's ever been enabled. That wasn't a decision we made so it's either not included in this version or it's turned off by default.

  10. #10


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,448
    Thank Post
    865
    Thanked 839 Times in 662 Posts
    Rep Power
    194
    @pete, @Michael - would you consider a worthy addition to your security arsenal gateway AV which detected more malware, fakeav etc. and did not pick up "broken executable" - what I am saying really, is, if SmoothWall offered a top quality AV/AM engine on HTTP traffic - would that be considered beneficial?

  11. #11

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    if SmoothWall offered a top quality AV/AM engine on HTTP traffic - would that be considered beneficial?
    Yes I'd say that would be more beneficial.

  12. #12


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,448
    Thank Post
    865
    Thanked 839 Times in 662 Posts
    Rep Power
    194
    Thanks to those who have replied/voted so far. Very interesting. Personally, I think gateway av/anti-malware is an important component - so I will be using your feedback to directly influence development. Would welcome any particular tales of AV woe/entertainment still

  13. #13


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,534
    Thank Post
    271
    Thanked 752 Times in 590 Posts
    Rep Power
    218
    Quote Originally Posted by tom_newton View Post
    , if SmoothWall offered a top quality AV/AM engine on HTTP traffic - would that be considered beneficial?
    Yes.

    (my message is too short)

  14. #14


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,448
    Thank Post
    865
    Thanked 839 Times in 662 Posts
    Rep Power
    194
    Turns out FTP AV looks relatively doable
    Any of you folks tried the FTP proxy? (I know Zerohour has) and of those, who would like to see AV added?

  15. #15
    ezzauk's Avatar
    Join Date
    Jul 2007
    Location
    Redditch
    Posts
    109
    Thank Post
    18
    Thanked 9 Times in 9 Posts
    Rep Power
    16
    We are using UTM-1000 (firewall only) + 2 x NG08 (content filter) and do not run the clamAV on our smoothwall systems. The reason for this is performance as we can have a 1000 users browsing the internet at any given time.

    Eric

SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. Which antivirus?
    By marvin in forum Windows
    Replies: 20
    Last Post: 11th November 2009, 07:31 AM
  2. Antivirus what does it cost
    By speckytecky in forum Network and Classroom Management
    Replies: 9
    Last Post: 3rd March 2009, 05:03 PM
  3. Antivirus - your recommendations...
    By gshaw in forum Windows
    Replies: 34
    Last Post: 29th April 2008, 03:41 PM
  4. Kaspersky AntiVirus
    By deano in forum Network and Classroom Management
    Replies: 0
    Last Post: 10th January 2008, 12:36 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •