A Hardware Barrier for Viruses
AVStripper adds another layer of protection for your network
As anyone with a network knows, viruses remain a problem. No matter how
much effort you put into setting up desktop scanners, e-mail server-side
checking, and firewalls, they still seem to sneak in. With the release
of AVStripper, Ositis (in partnership with Trend Micro) has provided one
more tool for keeping viruses from infecting your network in the first
AVStripper is a rackmount hardware device with two Ethernet ports. You
install it between your firewall and your LAN, turn it on, and configure
it via a web-browser interface. AVStripper then installs itself as a bridge,
scanning HTTP, FTP, SMTP, NNTP, IMAP, POP3, and SOCKS messages for viruses
(and passing other protocols through untouched). The virus pattern file
and engine are updated automatically and frequently. If a virus turns
up, AVStripper keeps it off your network, optionally sending e-mail notifications
to an administrator. It also scans outgoing protocols, so that even if
a virus gets in by another vector (such as an infected floppy disk) you
won't send it out again. You can also flag certain file extensions not
to scan, or mark others to not be allowed at all.
I installed AVStripper on my testbed network and gave it a whirl. The
fans in the rackmount box are tremendously noisy, which I'm sure helps
the equipment but makes it unsuitable for home or small-office use; this
was notable even compared to other equipment in the same rack. It's also
worth remembering that installing a bridge such as this requires downing
the network and clearing out any ARP caches. Ideally you'd want to do
that during off hours, but be aware that technical support is only available
7AM to 5PM PST Monday to Friday. You may want to test AVStripper on a
separate testbed network to ensure all is well before downing your main
network to install it in place.
On the functional side, AVStripper found the viruses I tossed at it,
and sent me e-mail (full of exclamation points) when it spotted them.
There was no noticeable performance impact on web browsing or e-mail from
my test machines. I did have some problems with FTP, but putting the target
server into the "don't scan" list resolved the issue easily.
|AVStripper is entirely managed through a Web-based interface.
(Click image to view larger version.)
There were a few other minor issues of the fit and finish variety as
well. Though I was installing AVStripper in the recommended configuration
I still had to grub around a bit in my networking closet to find a crossover
cable; it would have been nice to find one in the box. The machine also
would not take a strong password with a non-alphanumeric character included.
Overall, sysadmins are likely to see AVStripper as an attractive extra
layer of protection for their networks. It would be especially useful
to protect remote sites where you can't be sure that users are keeping
virus pattern files up to date. On the down side, it's got some of the
same holes as any other virus-scanning technology (for example, giant
zip file denial of service attacks force you to set a maximum size for
scanned files, and of course virus protection is only as good as the pattern
file). But with its frequent pattern updates, and Trend's excellent track
record for detecting new viruses early, it promises to stomp many viruses
at the gates.
Mike Gunderloy, MCSE, MCSD, MCDBA, is a former MCP columnist and the author of numerous development books.