clamav and snat

• Previous message: spamcontact_at_vicman.net: "Autoreply: Re: approved file ... 4383114699"
• Next in thread: Ion-Mihai Tetcu: "Re: clamav and snat"
• Reply: Ion-Mihai Tetcu: "Re: clamav and snat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Fri, 18 Feb 2005 18:19:39 +0200
To: freebsd-isp@freebsd.org

Hy, I use postfix+mailscanner on my mail server to block a lot of
virii comming from my internal network. I would like to implement a
solution to block virii traffic on the internal gateway. The network
looks like this:

WIN-
WIN- ----GW1----- -----MAIL SERVER----- -----GW2----
WIN-

GW1 does snat:

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- intip/24 anywhere to:extip

One (or more) WIN is infected but I don't know which of the 30
computers on the network. I receive virused attachments on the MAIL
SERVER from the GW1's ip. WIN are on the internal network.

An ideea would be to extract mail traffic passing through GW1 in mbox
format and scan it with clamav (but it would still have the snatted
ext ip). I'm looking for better ideeas/implementations. Also, please
tell me which tool should I use to sniff mail on GW1 or if there is a
better solution.

Thanks,
  Vaida Bogdan
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

• Previous message: spamcontact_at_vicman.net: "Autoreply: Re: approved file ... 4383114699"
• Next in thread: Ion-Mihai Tetcu: "Re: clamav and snat"
• Reply: Ion-Mihai Tetcu: "Re: clamav and snat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]