Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Fortinet IDS

from [Jason] Network Security [Permanent Link]
Subject: Re: Fortinet IDS
Date: Mon, 18 Oct 2004 18:59:17 -0400
I am not sure how fortinet does it however I know snort-inline now has a clamav preprocessor that will scan for viruses in the traffic and block it if discovered. There is no proxy involved and all traffic is scanned based on a configuration you define. It is a recent development and sure to require beefy hardware but might be worth exploring for the edge points that require virus scanning. X-posting to snort-inline if they want to chime in.

https://sourceforge.net/tracker/index.php?func=detail&aid=1012679&group_id=78497&atid=553469



Ian Gallagher wrote:

I'm almost certain that their products scan transparently.


On 14 Oct 2004 13:30:38 -0000, Don Draper <don@draperconsulting.com>
wrote:

In-Reply-To: <200407270109.i6R19ZZr041277@mx-out.daemonmail.net>

Does anyone know if Fortinet on-board virus scanning uses an SMTP
proxy server? Or is it able to accomplish this transparently by
simply inspecting the packets as most the IDS/IPS do.

We just purchased a new Proventia M10 from ISS and have discovered
that we cannot use it for Anti-Virus (email) or Anti-Spam due the
ffact that it uses an on-board SMTP proxy server that does not
support SMTP authentication among other issues. The IPS module does
not need the proxy and works fine.  Having on-board virus scanning
at the network edge would be very helpful and Fortinet docs would
make you think it is ALL done with packet inspection and without
any nasty proxies in the middle. Does anyone know how this works?

TIA,

Don

--------------------------------------------------------------------------
 Test Your IDS

Is your IDS deployed correctly? Find out quickly and easily by
testing it with real-world attacks from CORE IMPACT. Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more. --------------------------------------------------------------------------








--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE 
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  new intrusion detection system, Tomas Pluskal
Next by Date:  Re: Fortinet IDS, Ian Gallagher
Previous by Thread:  Re: Fortinet IDS, Ian Gallagher
Next by Thread:  Re: Fortinet IDS, Ryan Whalen
Indexes:  [Date] [Thread] [Top] [All Lists]