1. Home
  2. Networking Firewalls
  3. how can a firewall box handle virus?
  4. Page 2

how can a firewall box handle virus?

Why don't you simply answer the questions?

The "example" he posted was:

"Let's say I'm downloading a pop3 email. Does the firewall stores the entire email and attachment, scan it for virus, then forward it on if it's clean? And if the attachment has a virus, can it strip out the attachment only and forward the rest of the email? This sounds too good to be true. And wouldn't this require a hard drive for the firewall? "

You did nowhere address these questions.

So far, you were not really on topic to the questions asked.

This is still off-topic, thus fup poster. You'll probably keep poking about other things and post them instead but I guess that won't need any further comments. It is kind of ridiculous how to try to avoid to answer some questions clearly asked which would be definitively on- topic. EOD.

Gerald

Reply to
Gerald Vogt
Loading thread data ...

No, what's ridiculous is how you think that you control the group and have any right to determine what is/is not OT. A question was asked, a example was posted by the Op, I addressed that example as part of his question. You don't like the answer, TFB. Your complaining about my post is completely OT (based on your criteria) and does not provide any information to the OP about his question. Keep trolling.

Reply to
Leythos

So you are saying that a firewall like the sonicwall which scans for viruses does this by filtering out e-mail attachments by mime type? That's basically your contribution to this thread. And this also requires that you run your own e-mail server because a firewall is not able to filter the traffic between the server and the client? And that explains how it works and answers the questions in the OP?

Well, go figure, you are wrong. It scans network traffic like any other virus scanner and it does not answer the questions even for the pop3 example part in the OP.

But well, you wrote, "I believed that the OP mentioned POP in his question, I addressed that part." You did not address the question which was about the example using POP but only addressed the word "POP". Sorry. How ignorant from me not to see that if someone writes "POP" obviously any topic on "POP" is on topic even if it does not answer any of the questions asked. Maybe we should start to discuss pops songs of the 80s. I would still address the "POP" part...

Gerald

Reply to
Gerald Vogt

My statement was clear and not OT. You continue to troll and believe that you can moderate the group - you can't.

Reply to
Leythos

Just explain how the firewall works (which was the question in the OP)! How it scans for viruses! Once you have explained that shouldn't it become clear how your statement "That's why yo use your own email server and then block attachments by mime type - and then you block anything that could be malicious by file type (mime type). " is applicable and relevant to those questions and thus to this thread?

Gerald

Reply to
Gerald Vogt

Based on your rude attitude and your playing a troll, I'm not answering anything for you. If you can't understand, well, sorry for you.

Reply to
Leythos

Why do you bother so much thinking about what I might think or believe?

Or statement clear. Your statement was "That's why yo use your own email server and then block attachments by mime type - and then you block anything that could be malicious by file type (mime type).".

That statement does nowhere explain how a firewall works which scans for malware (which was the OP question). It does not explain how it scans and filters malware even if it is only for e-mails. You may configure the firewall to certain block mime types. But that has nothing to do with the recognition of malware in network traffic. And it does still not answer how the firewall does the virus scanning.

Strange enough, you refuse again and again to answer those questions in the OP. Wouldn't it be easier to simply answer them clearly? Shouldn't the relevance of your single statement which you have made so far become clear then if you think that that statement was so fully and completely on-topic and absolutely relevant to the questions asked in the OP?

But obviously, you won't answer them because it would take a lot of tweaking to make it fit. Or should I even believe you don't know how it works and you are not able to answer the questions?

Gerald

Reply to
Gerald Vogt

i can't believe these guys keep going at it, meanwhile nobody answers *this* questions

M
Reply to
mak

And I wonder why the OP or you have not contacted ANY of the firewall vendors that offer UTM and asked them how their products work.

Every single firewall vendor has a sales department and they can direct you to a technical source in their chain that will answer questions that the sales people can't answer - and it will be specific to their product.

Some vendors manage those functions differently than others - you don't know how the product you want to use does it unless you ask the specific vendor.

Reply to
Leythos

Well, hopefully the firewall doesn't scan on layer 2, but layer 3 and above. Because layer 2 doesn't know anything about POP3, or sessions, or streams. Like, at all.

It all depends on how the firewall actually works. Does it inspect packets on layer 2? Layer 3? Layer 4+? Does it reassemble packets to reconstruct data streams? Does it proxy connections?

Normally I would assume that the firewall will proxy the connection, so that the mail (in case of POP3) or web page (in case of HTTP) is downloaded by the firewall, scanned and then either discarded or forwarded to the user originally requesting the mail/web page.

However, like I already said, it all depends on what the firewall actually does, i.e. how it was implemented by the manufacturer.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.