Product Reviews

A Hardware Barrier for Viruses

AVStripper adds another layer of protection for your network


As anyone with a network knows, viruses remain a problem. No matter how much effort you put into setting up desktop scanners, e-mail server-side checking, and firewalls, they still seem to sneak in. With the release of AVStripper, Ositis (in partnership with Trend Micro) has provided one more tool for keeping viruses from infecting your network in the first place.

AVStripper is a rackmount hardware device with two Ethernet ports. You install it between your firewall and your LAN, turn it on, and configure it via a web-browser interface. AVStripper then installs itself as a bridge, scanning HTTP, FTP, SMTP, NNTP, IMAP, POP3, and SOCKS messages for viruses (and passing other protocols through untouched). The virus pattern file and engine are updated automatically and frequently. If a virus turns up, AVStripper keeps it off your network, optionally sending e-mail notifications to an administrator. It also scans outgoing protocols, so that even if a virus gets in by another vector (such as an infected floppy disk) you won't send it out again. You can also flag certain file extensions not to scan, or mark others to not be allowed at all.

I installed AVStripper on my testbed network and gave it a whirl. The fans in the rackmount box are tremendously noisy, which I'm sure helps the equipment but makes it unsuitable for home or small-office use; this was notable even compared to other equipment in the same rack. It's also worth remembering that installing a bridge such as this requires downing the network and clearing out any ARP caches. Ideally you'd want to do that during off hours, but be aware that technical support is only available 7AM to 5PM PST Monday to Friday. You may want to test AVStripper on a separate testbed network to ensure all is well before downing your main network to install it in place.

On the functional side, AVStripper found the viruses I tossed at it, and sent me e-mail (full of exclamation points) when it spotted them. There was no noticeable performance impact on web browsing or e-mail from my test machines. I did have some problems with FTP, but putting the target server into the "don't scan" list resolved the issue easily.

AVStripper
AVStripper is entirely managed through a Web-based interface. (Click image to view larger version.)

There were a few other minor issues of the fit and finish variety as well. Though I was installing AVStripper in the recommended configuration I still had to grub around a bit in my networking closet to find a crossover cable; it would have been nice to find one in the box. The machine also would not take a strong password with a non-alphanumeric character included.

Overall, sysadmins are likely to see AVStripper as an attractive extra layer of protection for their networks. It would be especially useful to protect remote sites where you can't be sure that users are keeping virus pattern files up to date. On the down side, it's got some of the same holes as any other virus-scanning technology (for example, giant zip file denial of service attacks force you to set a maximum size for scanned files, and of course virus protection is only as good as the pattern file). But with its frequent pattern updates, and Trend's excellent track record for detecting new viruses early, it promises to stomp many viruses at the gates.

About the Author

Mike Gunderloy, MCSE, MCSD, MCDBA, is a former MCP columnist and the author of numerous development books.

comments powered by Disqus

Reader Comments:

Thu, Nov 28, 2002 Herman Anonymous

I agree, there should be more details about the platform this runs on. How about redundancy and high availability should the hardware fail?

How about Instant Messenger traffic scanning?

Most viruses have to do with email and executables and scripts etc. This product scans and doesn't have applications on it that use the files. Infecting this machine is highly unlikely.

Thu, May 23, 2002 Anonymous Anonymous

There is no mention about the platform that the software runs on which I feel is one of the most basic questions asked.If the platform itself is vulnerable to most of the viruses then it is just a matter of time before it too gets infected as no matter how soon the vendors detect the viruses they can never detect the viruses until they are created!!!!!

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.