Ubiquiti USG-PRO-4
-
@scottalanmiller said:
@Dashrender said:
@coliver said:
@scottalanmiller said:
@coliver said:
I'm not sure about AV protection. You will catch most of that with a Squid Proxy/content filter, not sure how you would go about it without impacting the speed of traffic.
That's why UTMs can't really do it. You need incredibly CPU horsepower and enough RAM to never have to go to storage. Generally you need a lot of threads, fast CPU speeds and many GB of RAM. Most UTM are like 1GB, but realistically you need more like 4GB - 8GB.
Are there in-line virus scanners? Something you route traffic through and it does the work? I've never seen one outside of a UTM.
A proxy device would be this, I would assume. you can make it transparent by setting it as the default gateway for your network, and it is set to simply forward on all good things to the real edge device.
Do you know of any that do AV, though?
I just did a quick Google search and found http://louwrentius.com/setting-up-a-squid-proxy-with-clamav-anti-virus-using-c-icap.html
It talks about using Squid and Clam AV.
-
I had been looking for something like that but had not managed to find it.
-
@scottalanmiller said:
I had been looking for something like that but had not managed to find it.
LOL - yeah typing in random stuff to google sometimes gives better results..
I typed squid AV scanning and that was the first or second link.
-
@scottalanmiller said:
I had been looking for something like that but had not managed to find it.
So had I. This is actually a pretty well done how-to as well. I may run through that this weekend at some point.
-
http://squidclamav.darold.net/
Looks pretty interesting.
-
@scottalanmiller said:
http://squidclamav.darold.net/
Looks pretty interesting.
Now you need to build in a HTTPS proxy to really have it be meaningful long term.
-
Or do what I do and just have good AV on the desktop Steaming scanning is a nice extra, but I'd like to see some numbers on it being beneficial. It's purely scanning that happens twice, other than there being two different scanners hitting the same data, it feels like a lot of effort for no gain.
-
I've never understood how viruii got around AV products on machines running them. It's my understanding this is somehow possible because of other unpatched flaws in the OS, even though the AV knows about the virus, the virus can still get in through the OS flaw, then using that flaw disable the AV, and pwn the machine.
Do I understand that incorrectly?
-
@Dashrender said:
I've never understood how viruii got around AV products on machines running them. It's my understanding this is somehow possible because of other unpatched flaws in the OS, even though the AV knows about the virus, the virus can still get in through the OS flaw, then using that flaw disable the AV, and pwn the machine.
Do I understand that incorrectly?
It's normally through another piece of software than the OS today actually. Microsoft finally got most of the holes in their swiss cheese plugged. Ironically, the programming code that many AV use also creates a hole for malware to enter through. Wish I had a few minutes to find those articles that hit recently.
-
@travisdh1 said:
@Dashrender said:
I've never understood how viruii got around AV products on machines running them. It's my understanding this is somehow possible because of other unpatched flaws in the OS, even though the AV knows about the virus, the virus can still get in through the OS flaw, then using that flaw disable the AV, and pwn the machine.
Do I understand that incorrectly?
It's normally through another piece of software than the OS today actually. Microsoft finally got most of the holes in their swiss cheese plugged. Ironically, the programming code that many AV use also creates a hole for malware to enter through. Wish I had a few minutes to find those articles that hit recently.
yeah I read those too - darn AV companies!