• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Pfsense - on access virus scanner

Scheduled Pinned Locked Moved General pfSense Questions
4 Posts 4 Posters 4.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    chennaichris
    last edited by Feb 20, 2008, 9:45 AM

    Hello

    Here is my present situation.

    There are 15 computers networked. The other 14 computers connect to the internet via a gateway computer

    computer15.

    Computer15 is running windows XP and it is running a proxy server also. So all 14 computers in LAN access computer15 to connect the internet.

    Why ?

    Because I have installed an excellent antivirus product in computer15 and I do not want to buy any more licenses of that antivirus So what computer15's antivirus does is, it processes all emails, webpages, files that are being downloaded to the other LAN computers..So since computer15 is the gateway and the proxy, it can scan all files that are downloaded "through" it and

    ALL the other 14 computers are AUTOMATICALLY PROTECTED.

    But windows xp has its own share of problems and it is becoming slower and slower to access the internet since I read somewhere that an windows XP computer can serve a maximum of 10 network connections at a time.

    =====================================

    I want to use PFSENSE for the gateway computer alone. All the other 14 computers will still use windows XP

    Can anyone please tell me

    1. So can I use all my individual existing applications like SSH, ftp, yahoo messenger, msn, mysql-front, windows remote admin etc as it is on the windows computers or should they need to be configured differently ?

    2. Here comes the main reason for my question I assume clamav can be installed with pfsense but what do I do or how to configure it such a way that each and every file or email or website that goes through the  pfsense proxy server gets scanned automatically ?

    This is important since none of the other 14 computers running windows xp will have any kind of antivirus installed . THEY all will depend on this PFSENSE gateway computer for their dear LIFE !!

    Chris

    1 Reply Last reply Reply Quote 0
    • P
      Perry
      last edited by Feb 20, 2008, 10:57 AM

      I think http://www.untangle.com/ will be a better fit.

      /Perry
      doc.pfsense.org

      1 Reply Last reply Reply Quote 0
      • C
        Cry Havok
        last edited by Feb 20, 2008, 11:03 AM

        Unless your proxy understands every IM client (and those IM clients aren't just using HTTPS CONNECT, making the content invisible) and you've banned all HTTPS pages (see previous comment) you're still vulnerable.  Heck, all it takes is a password protected ZIP file with malware inside, or just a piece of malware (maybe on a web page) that the AV on your proxy doesn't recognise.

        You should install suitable protection on every machine on the network.  There are a number of free (for non-commercial use) AV products out there if you're short of money.  Don't forget to cover the spyware front too, something very few AV products catch yet (because it's better business sense to sell 2 products).

        1 Reply Last reply Reply Quote 0
        • E
          eri--
          last edited by Feb 20, 2008, 11:37 AM

          There are ways to do such configs not from the pfsense gui!

          Search google if you want to do such a config but it just provides basic security and not a real protection.

          1 Reply Last reply Reply Quote 0
          1 out of 4
          • First post
            1/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received