How do AV plugins work, was RE: Would AV plugin stop VPN infections

• From: "Mark Hippenstiel" <M.Hippenstiel@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 20 Aug 2003 22:24:07 +0200

Hi Tom,

I wasn't thinking in the line of VPN connections, I tried to raise a
more general question as I lack some experience here. 

It might seem logical but I'd like to know that more precisely. I
suppose the currently available av plugins scan traffic just with the
same or similar mechanism as the file based products employ.  How about
fragmentation? And what about viruses contained in compressed files?

Any input greatly welcome.

Thanks
Mark


> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
> Posted At: Wednesday, August 20, 2003 3:22 AM
> Posted To: www.isaserver.org
> Conversation: [isalist] RE: Would AV plugin stop VPN infections?
> Subject: [isalist] RE: Would AV plugin stop VPN infections?
> 
> 
> http://www.ISAserver.org
> 
> 
> Hi Mark,
> 
> Any AV plug in will have no effect on VPN connections because 
> the firewall doesn't evaluate them.
> 
> HTH,
> Tom
> 
> Thomas W Shinder 
> www.isaserver.org/shinder 
> ISA Server and Beyond: http://tinyurl.com/1jq1 
> Configuring ISA Server: http://tinyurl.com/1llp 
> 
> 
> 
> -----Original Message-----
> From: Mark Hippenstiel [mailto:M.Hippenstiel@xxxxxxxxxxxx] 
> Sent: Tuesday, August 19, 2003 2:39 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Would AV plugin stop VPN infections?
> 
> 
> http://www.ISAserver.org
> 
> 
> Hi Greg,
> 
> Thanks for the link. But what I really wanted to know was how 
> current AV plugins for ISA work :)) Any insight on this?
> 
> Thanks
> Mark
> 
> > -----Original Message-----
> > From: Greg Mulholland [mailto:gmulholland@xxxxxxxxxxxxxxx]
> > Posted At: Tuesday, August 19, 2003 2:43 AM
> > Posted To: www.isaserver.org
> > Conversation: [isalist] RE: Would AV plugin stop VPN infections?
> > Subject: [isalist] RE: Would AV plugin stop VPN infections?
> > 
> > 
> > http://www.ISAserver.org
> > 
> > 
> > Read my pretty's
> > 
> > http://www.microsoft.com/windowsserver2003/techinfo/overview/q
> > uarantine.
> > mspx
> > 
> > -----Original Message-----
> > From: Mark Hippenstiel [mailto:M.Hippenstiel@xxxxxxxxxxxx]
> > Sent: Tuesday, August 19, 2003 6:17 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Would AV plugin stop VPN infections?
> > 
> > 
> > http://www.ISAserver.org
> > 
> > 
> > What I'd like to know since I never messed around with it:
> > what exactly does any currently available AV plugin for ISA do?
> > 
> > > -----Original Message-----
> > > From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> > > Posted At: Monday, August 18, 2003 8:08 PM
> > > Posted To: www.isaserver.org
> > > Conversation: [isalist] RE: Would AV plugin stop VPN infections?
> > > Subject: [isalist] RE: Would AV plugin stop VPN infections?
> > > 
> > > 
> > > http://www.ISAserver.org
> > > 
> > > 
> > >  mmmmmm, I have the CMAK stuff and just did a search for
> > quarantine in
> > > the help....diddly squat...:))...ran the wiz, absolutely
> > nothing about
> > > quarantine...oh well, back to google
> > > 
> > > Steve
> > > 
> > > 
> > > ________________________________
> > > 
> > > From: Dan Bartley [mailto:bartleyd@xxxxxxxxxxxxxxxxxxx]
> > > Sent: Monday, August 18, 2003 1:47 PM
> > > To: [ISAserver.org Discussion List]
> > > 
> > > 
> > > http://www.ISAserver.org
> > > 
> > > 
> > > 
> > > I have definitely got to start reading more in depth in my Win2k3
> > > installs. That feature got completely by me, bad Dan.
> > > 
> > >  
> > > 
> > > Best Regards,
> > > 
> > > Dan Bartley
> > > 
> > > 
> > > 
> > > ________________________________
> > > 
> > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
> > > Sent: Monday, August 18, 2003 12:39
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Would AV plugin stop VPN infections?
> > > 
> > >  
> > > 
> > > http://www.ISAserver.org
> > > 
> > > Hi Steve and William,
> > > 
> > >  
> > > 
> > > The VPN Quarantine feature is something you get with the
> > Win2003 VPN
> > > service. You can use it to "pre-qualify" your VPN clients before
> > > allowing them access into your network. Once they pass the 
> > > pre-qualification process (have AV software installed, 
> > > anti-spyware/scumware software installed, have the 
> appropraiate SPs 
> > > and hotfixes installed, etc), then they are allowed access to the 
> > > network. Very cool stuff. I'm hoping I'll be able to get an 
> > ISA Server
> > > 2000 VPN Quarantine Kit together in the future. You could 
> have even
> > > checked for the Blaster registry entries on the VPN 
> clients before 
> > > letting them in, IIRC.
> > > 
> > >  
> > > 
> > > For more info, check out www.microsoft.com/vpn They have 
> some stuff
> > > there on the subject, and I'll be writing more about it 
> in the near 
> > > future.
> > > 
> > >  
> > > 
> > > HTH,
> > > 
> > > Tom
> > > 
> > >  
> > > 
> > >  
> > > 
> > > Thomas W Shinder
> > > 
> > > www.isaserver.org/shinder <http://www.isaserver.org/shinder>
> > > 
> > > ISA Server and Beyond: http://tinyurl.com/1jq1
> > > 
> > > Configuring ISA Server: http://tinyurl.com/1llp
> > > <http://tinyurl.com/1llp>
> > > 
> > >  
> > > 
> > >   -----Original Message-----
> > >   From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxxxxxxxxxxxxx] 
> > >   Sent: Monday, August 18, 2003 11:14 AM
> > >   To: [ISAserver.org Discussion List]
> > >   Subject: [isalist] RE: Would AV plugin stop VPN infections?
> > > 
> > >   http://www.ISAserver.org
> > > 
> > >   Ok Dr Shinder, can you elaborate on VPN Quarantine...:))
> > > 
> > >    
> > > 
> > >   Steve
> > > 
> > >    
> > > 
> > >   ________________________________
> > > 
> > >           From: Thomas W Shinder 
> [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
> > >   Sent: Monday, August 18, 2003 11:00 AM
> > >   To: [ISAserver.org Discussion List]
> > > 
> > >   http://www.ISAserver.org
> > > 
> > >   Hi William,
> > > 
> > >    
> > > 
> > >   ISA firewalls don't inspect VPN traffic, as its LAT traffic. 
> > > However, if you have Windows Server 2003 based ISA 
> firewalls, then 
> > > you can use the VPN Quarantine to get what you want accomplish.
> > > 
> > >    
> > > 
> > >   HTH,
> > > 
> > >   Tom
> > > 
> > >    
> > > 
> > >   Thomas W Shinder
> > > 
> > >   www.isaserver.org/shinder <http://www.isaserver.org/shinder>
> > > 
> > >   ISA Server and Beyond: http://tinyurl.com/1jq1
> > > 
> > >   Configuring ISA Server: http://tinyurl.com/1llp
> > > <http://tinyurl.com/1llp>
> > > 
> > >    
> > > 
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > Leading Network Software Directory: 
> http://www.serverfiles.com No.1
> > > Exchange Server Resource
> > > Site: http://www.msexchange.org Windows Security Resource
> > > Site: http://www.windowsecurity.com/ Network Security 
> > > Library: http://www.secinf.net/ Windows 2000/NT Fax 
> > > Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion 
> > > List as: bartleyd@xxxxxxxxxxxxxxxxxxx To unsubscribe send a 
> > > blank email to $subst('Email.Unsub')
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > Leading Network Software Directory: 
> > > http://www.serverfiles.com No.1 Exchange > Server Resource 
> > > Site: http://www.msexchange.org Windows Security Resource 
> > > Site: http://www.windowsecurity.com/ Network Security 
> > > Library: http://www.secinf.net/ Windows 2000/NT Fax 
> > > Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion 
> > > List as: steve@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send 
> > > a blank email to $subst('Email.Unsub')
> > > 
> > > 
> > > This E-Mail is confidential. It is not intended to be 
> read, copied,
> > > disclosed or used by any person other than the recipient 
> > named above.
> > > 
> > > Unauthorised use, disclosure, or copying is strictly 
> prohibited and
> > > may be unlawful. Optimum IT Solutions disclaims any 
> > liability for any
> > > action taken in connection of this E-Mail. The comments or
> > statements
> > > expressed in this E-Mail are not necessarily those of Optimum IT
> > > Solutions or its subsidiaries or affiliates.
> > > 
> > > administrator@xxxxxxxxxxxxxxxxxxxxxxxxxx
> > > 
> > > 
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > Leading Network Software Directory: 
> http://www.serverfiles.com No.1
> > > Exchange > Server Resource
> > > Site: http://www.msexchange.org Windows Security Resource
> > > Site: http://www.windowsecurity.com/ Network Security 
> > > Library: http://www.secinf.net/ Windows 2000/NT Fax 
> > > Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion 
> > > List as: isaserver@xxxxxxxxxxxx To unsubscribe send a blank 
> > > email to $subst('Email.Unsub')
> > > 
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com No.1 
> > Exchange Server Resource Site: http://www.msexchange.org Windows 
> > Security Resource Site: http://www.windowsecurity.com/ Network 
> > Security Library: http://www.secinf.net/ Windows 2000/NT Fax 
> > Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org 
> Discussion List as: 
> > gmulholland@xxxxxxxxxxxxxxx To unsubscribe send a blank email to
> > $subst('Email.Unsub')
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com No.1 
> > Exchange Server Resource Site: http://www.msexchange.org Windows 
> > Security Resource Site: http://www.windowsecurity.com/ Network 
> > Security Library: http://www.secinf.net/ Windows 2000/NT Fax 
> > Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: isaserver@xxxxxxxxxxxx
> > To unsubscribe send a blank email to 
> > $subst('Email.Unsub')
> > 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: 
> http://www.serverfiles.com No.1 Exchange > Server Resource 
> Site: http://www.msexchange.org Windows Security Resource 
> Site: http://www.windowsecurity.com/ Network Security 
> Library: http://www.secinf.net/ Windows 2000/NT Fax 
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a 
> blank email to $subst('Email.Unsub')
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: 
> http://www.serverfiles.com No.1 Exchange > Server Resource 
> Site: http://www.msexchange.org Windows Security Resource 
> Site: http://www.windowsecurity.com/ Network Security 
> Library: http://www.secinf.net/ Windows 2000/NT Fax 
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: isaserver@xxxxxxxxxxxx To unsubscribe send a blank 
> email to $subst('Email.Unsub')
> 

Other related posts:

• » How do AV plugins work, was RE: Would AV plugin stop VPN infections
• » RE: How do AV plugins work, was RE: Would AV plugin stop VPN infections

1. Home
2. isalist
3. Archive
4. 08-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---