Re: Aladdin response regarding eSafe

[Aleksandar Milivojevic <amilivojevic () pbl ca>]

3APA3A wrote:
> I  know  this  problem  it  not  eSafe  specific.  In fact, I don't know
> antiviral  engine  capable  to  catch  signature  in  the stream of data
> immediately  after  signature  is  arrived  in the stream. All antiviral
> engines I tested (KAV, ClamAV and others) are file-oriented. It makes it
> impossible  to code good antiviral protection for proxy server with this
> engines.

Hm.  What about option of sending one byte of data to the client every 
minute (with configurable limit that not more than xx% of file can be 
transffered before scanning, just in case you stummble accross site that 
is actually that slow ;-) ), instead of just feeding him up to 80% of 
the file in advance of file being scanned?  For those that prefer a bit 
more security over interactivity.  This would prevent client from timing 
out, 99.99% (number from the back of my head) of files would take less 
than a minute to download (and therefore would be scanned even before 
first byte is transferred to the client).  For normal HTML pages, client 
wouldn't see any significant latency (nothing he couldn't live with, 
anyhow), because those are small and AV proxy should be able to fetch 
them in second or two.  The problem would be very large files over slow 
links (CD images, for example), but than when downloading something that 
large, nobody expects interactivity (and if you know there's AV 
somewhere in between, you just learn to live with progress bar that 
stays at 0%, and than jumps to 100%).  Or you just implement status page 
on AV proxy where client could check actual status of his downloads...

--
Aleksandar Milivojevic <amilivojevic () pbl ca>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7