IDS mailing list archives
RE: Fortinet IDS
From: "Michael Allgeier" <Michael.Allgeier () lcra org>
Date: Thu, 21 Oct 2004 15:20:50 -0500
Yes to some degree. You'll find in the Anti-virus section and they call it "Grayware". Their list of spyware and adware is limited, but they do hit many of the more common ones. Better than nothing and more than most network based anti-spyware. I use these in transparent mode across our network in key locations. Their 2.8 code is a great improvement from 2.5, night and day. Mike
"David Puckett" <dpuckett () cityoforange org> 10/21/2004 12:15:50 PM >>>
Will this also prevent spyware/malware/crapware? Thanks, David -----Original Message----- From: Ryan Whalen [mailto:whalenryan () hotmail com] Sent: Tuesday, October 19, 2004 1:28 PM To: Jason; Ian Gallagher Cc: Don Draper; focus-ids () securityfocus com Subject: Re: Fortinet IDS I am using a Fortigate firewall. It inspects all traffic transparently for IDS/Virus events. I believe they used Snort for their IDS. Fortinet provides signature updates for the IDS system several times a week. We are very happy with this solution. Ryan ----- Original Message ----- From: "Jason" <security () brvenik com> To: "Ian Gallagher" <cdine.org () gmail com> Cc: "Don Draper" <don () draperconsulting com>; <focus-ids () securityfocus com> Sent: Monday, October 18, 2004 6:59 PM Subject: Re: Fortinet IDS
I am not sure how fortinet does it however I know snort-inline now has a clamav preprocessor that will scan for viruses in the traffic and block it
if discovered. There is no proxy involved and all traffic is scanned based
on a configuration you define. It is a recent development and sure to require beefy hardware but might be worth exploring for the edge points that require virus scanning. X-posting to snort-inline if they want to chime in.
https://sourceforge.net/tracker/index.php?func=detail&aid=1012679&group_id=78497&atid=553469
Ian Gallagher wrote:I'm almost certain that their products scan transparently. On 14 Oct 2004 13:30:38 -0000, Don Draper <don () draperconsulting com> wrote:In-Reply-To: <200407270109.i6R19ZZr041277 () mx-out daemonmail net> Does anyone know if Fortinet on-board virus scanning uses an SMTP proxy server? Or is it able to accomplish this transparently by simply inspecting the packets as most the IDS/IPS do. We just purchased a new Proventia M10 from ISS and have discovered that we cannot use it for Anti-Virus (email) or Anti-Spam due the ffact that it uses an on-board SMTP proxy server that does not support SMTP authentication among other issues. The IPS module does not need the proxy and works fine. Having on-board virus scanning at the network edge would be very helpful and Fortinet docs would make you think it is ALL done with packet inspection and without any nasty proxies in the middle. Does anyone know how this works? TIA, Don
--------------------------------------------------------------------------
Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
--------------------------------------------------------------------------
Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Re: Fortinet IDS Don Draper (Oct 15)
- Re: Fortinet IDS Mark Teicher (Oct 18)
- Re: Fortinet IDS Ian Gallagher (Oct 18)
- Re: Fortinet IDS Jason (Oct 19)
- Re: Fortinet IDS Ryan Whalen (Oct 21)
- Re: Fortinet IDS Ron Gula (Oct 21)
- Re: Fortinet IDS Jason (Oct 19)
- Message not available
- Re: Fortinet IDS Ian Gallagher (Oct 21)
- <Possible follow-ups>
- RE: Fortinet IDS Tom Neclerio (Oct 19)
- RE: Fortinet IDS David Puckett (Oct 21)
- snort-inline capabilities ( WAS: Re: Fortinet IDS ) Jason (Oct 21)
- RE: Fortinet IDS Michael Allgeier (Oct 21)