3APA3A wrote:
I know this problem it not eSafe specific. In fact, I don't know antiviral engine capable to catch signature in the stream of data immediately after signature is arrived in the stream. All antiviral engines I tested (KAV, ClamAV and others) are file-oriented. It makes it impossible to code good antiviral protection for proxy server with this engines.
Hm. What about option of sending one byte of data to the client every minute (with configurable limit that not more than xx% of file can be transffered before scanning, just in case you stummble accross site that is actually that slow ;-) ), instead of just feeding him up to 80% of the file in advance of file being scanned? For those that prefer a bit more security over interactivity. This would prevent client from timing out, 99.99% (number from the back of my head) of files would take less than a minute to download (and therefore would be scanned even before first byte is transferred to the client). For normal HTML pages, client wouldn't see any significant latency (nothing he couldn't live with, anyhow), because those are small and AV proxy should be able to fetch them in second or two. The problem would be very large files over slow links (CD images, for example), but than when downloading something that large, nobody expects interactivity (and if you know there's AV somewhere in between, you just learn to live with progress bar that stays at 0%, and than jumps to 100%). Or you just implement status page on AV proxy where client could check actual status of his downloads...
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7