<<< Date Index >>>     <<< Thread Index >>>

Re: Aladdin response regarding eSafe



3APA3A wrote:
I  know  this  problem  it  not  eSafe  specific.  In fact, I don't know
antiviral  engine  capable  to  catch  signature  in  the stream of data
immediately  after  signature  is  arrived  in the stream. All antiviral
engines I tested (KAV, ClamAV and others) are file-oriented. It makes it
impossible  to code good antiviral protection for proxy server with this
engines.

Hm. What about option of sending one byte of data to the client every minute (with configurable limit that not more than xx% of file can be transffered before scanning, just in case you stummble accross site that is actually that slow ;-) ), instead of just feeding him up to 80% of the file in advance of file being scanned? For those that prefer a bit more security over interactivity. This would prevent client from timing out, 99.99% (number from the back of my head) of files would take less than a minute to download (and therefore would be scanned even before first byte is transferred to the client). For normal HTML pages, client wouldn't see any significant latency (nothing he couldn't live with, anyhow), because those are small and AV proxy should be able to fetch them in second or two. The problem would be very large files over slow links (CD images, for example), but than when downloading something that large, nobody expects interactivity (and if you know there's AV somewhere in between, you just learn to live with progress bar that stays at 0%, and than jumps to 100%). Or you just implement status page on AV proxy where client could check actual status of his downloads...

--
Aleksandar Milivojevic <amilivojevic@xxxxxx>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7