Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13
  1. #11
    Untangler
    Join Date
    Sep 2019
    Location
    Canada
    Posts
    39

    Default

    So this had me really curious to do more reading and my assumptions in my original reply were correct.

    Both pro and lite versions need open protocols to work. So much of the web no longer uses this anymore. The only practical use for this is if you're running an ftp server for support or what have you.

    The cloud resources to supplement the local scan engine is cool and certainly a value added feature but if you're using the SSL Interceptor you will have to rely on the cloud service provider to properly anonymize the (meta)data. The Untangle write up talks a bit about scanning URL's which to me sounds redundant to the webfilter / IPS apps. If the Virus app pulls from another URL DB of known infected sites, then it's value added.

    All that said though, the virus app (lite or pro) is absolutely NOT a replacement for a local antivirus solution installed at the client level. It just can't technically do the same things given the nature where data sits and is moved.

    Side note: It blows my mind to find that Untangle offers a Bitdefender scan engine in their dirt cheap paid home user version. Pfsense and others rely on clam AV which is pale by comparison.

    The full Virus app decompresses and scans archives *IF* they are unencrypted during transit (ie. http/ftp/smtp) AND not encrypted at the file level.


    Virus Lite
    virus-lite-features.jpg

    Virus Pro
    virus-pro-features.jpg

    Virus Pro Showing Open Protocol Scanning Only
    scan-traffic.jpg

    Virus Pro Options
    scout-bit.jpg


    Lastly, as you can see by the reports in the paid home version, it's all based on open protocols.

    reports.jpg
    Last edited by propellherhead333; 05-23-2020 at 11:27 PM.

  2. #12
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,263

    Default

    Yep, and SSL Inspector while valuable... is a giant pain. Which is why I rely on the malware category in web filter.
    f1assistance likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #13
    Newbie
    Join Date
    Jun 2020
    Posts
    6

    Default

    Can underline the statements here.... unless SSL is not inspected, only a few traffic is hit by the virus blocker in standard home usage. Ironically, most times virus signature updates for the clients.

    I am using Virus Blocker Lite (ClamAV) and activated ScoutIQ. I think I‘ve read that ScoutIQ is also working with encrypted traffic, but do not exactly know what it does in detail....
    Last edited by bEeReE; 06-26-2020 at 11:19 AM.

Page 2 of 2 FirstFirst 12

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2