Alternative update source for Kaspersky & ClamAV AV signatures?

[mvran]

Hi everyone...

...just installed Untangle with Kaspersky at customers' site and I would appriciate some help on the subject.
The customer has now, after the installation - figures, decided he wants a totally isolated system, without any access to the internet. Since AV signatures need to be updated on a regular basis to have a usable system I was wondering if there is way to divert updates for Kaspersky and ClamAV to a secondary source?
AFAIK ClamAV doesn't support private mirrors, so bolderdash... so what about Kasparsky? Is there any update server in their arsenal I can use with Untangle?
If no solutions for an alternative update source, is it possible to connect Untangle through some proxy?

Thanks in advance for any info and/or help...
br,
Mare

[mdh]

I don't have an answer for you (sorry), but I am wondering why he would want or need Untangle if he intends to maintain complete avoidance of the internet. If you are charging him a fee, make sure he's paid up before he discovers that Untangle won't be doing anything for him.

[mvran]

Funny enough - mail is allowed . I believe it's one of those paranoid security policies I personally can't relate to. Must be a special thing...
Hopefully there won't be any issues since this 'minor' requirement was not in the original requirements

[mdh]

If mail is allowed, that means you have internet access. If push comes to shove, you need to let your customer know that Untangle NEEDS to be able to get its own updates for Virus Blocker, Kaspersky, Spam Blocker, Phish Blocker. If mail is allowed and he has a LAN, that also means that any user with a brain will be able to discover how to get onto the internet. If they can get mail, they can figure out a way. If he's gonna be paranoid, he at least needs to think it through.

[mvran]

well if only smtp traffic is allowed between specifed servers I believe the users who could get through should probably quit and find a better suited job in the first place but yeah, that's absolutely true in a sense that email is a big security risk by default...
Would noncaching transparent proxy work in general? So that said Untangle server wouldn't directly access internet and everybody's happy...
...to hit irony with a bat - I could even use Untangle to protect... Untangle

[BOFH]

Clam will use updates for any source but you're going to need a cron job and scripts to make it download and use them. These Guys have been doing it for a while, and you will have to heavily modify the scripts to make it use a local source (that connects to the internet rofl!)

In the end, I think that you should let the customer tell you what the end result that he wants is, and not how you do it. UT should be able to block everything but email. If he's that crazy paranoid about it, then I would just give an internet connection to the mail server on another NIC, and let the internal network talk to just the exchange server/local services only. Please note that putting a naked exchange server on the web is a recipe for disaster so a UT box between it and the world would be a good solution.

Again, never let the customer tell you what the solution should be, only what they desire for an end result, and how much that they are willing to pay for it. We, as professionals, know what the best way to achieve any given end result is, or more importantly know how to find out the best way.

Cheers,

BOFH