Which AV's have an HTTP scanner?

I must admit, I really like the concept of it. And the only one that I know of at this time is Avast, but I don't fully trust Avast.


Are the advantages of having an HTTP scanner along with a regular real-time scanner that great?

I like how it could pick up java and active x viruses when browsing web sites, but wouldn't the regular real-time scanners pick them up just the same...


Thanks in advance for any replies!

-Dave

Try NOD32. www.eset.com (http://www.eset.com)

{QUOTE-> Try NOD32. www.eset.com (http://www.eset.com) <-QUOTE}
I think that was NOD32 the first one to introduce this feature.. ;)

I thought NOD32 did, but their description of the IMON feature was not worded properly on their web site. They make it sound like an e-mail scanner.

Does IMON check both HTTP and POP3?
And EMON is just MAPI?


"IMON (Internet MONitor), is the second NOD32 resident scanner. It runs on the Winsock level and scans internet traffic (e-mail) incoming via the POP3 protocol. IMON replaces the NOD32’s for POP3 filter (known from the former NOD32 version) with enhanced email protection. Almost no configuration is required, which is great for non-technical users."

"...(e-mail) incoming via the POP3 protocol..."

"IMON replaces the NOD32’s for POP3 filter (known from the former NOD32 version) with enhanced email protection."

{QUOTE-> Does IMON check both HTTP and POP3? <-QUOTE}
Yes.

{QUOTE-> And EMON is just MAPI? <-QUOTE}


EMON (E-mail MONitor) provides scanning of incoming and outgoing email in Microsoft Outlook as well as in Microsoft Exchange Extension-compliant mail clients.

http://www.wilderssecurity.com/showthread.php?p=457280

{QUOTE-> Which AV's have an HTTP scanner?

Are the advantages of having an HTTP scanner along with a regular real-time scanner that great?


-Dave <-QUOTE}

I like the fact that the NOD32's IMON HTTP scanner will stop some infections from downloading to the machine but will terminate the connection before they are downloaded.

Example from the NOD log:

JS/TrojanDownloader.IstBar.A trojan connection terminated
Win32/TrojanDownloader.Agent.BP trojan connection terminated
Java/Exploit.Bytverify.F trojan connection terminated
Multiple infiltrations connection terminated
HTML/Exploit.ObjData trojan connection terminated
Win32/Dialer.NAD trojan connection terminated
Win32/TrojanDownloader.OTXloader.A trojan connection terminated

This is especially useful for a PC used by a bunch of teens.:)

{QUOTE-> I thought NOD32 did, but their description of the IMON feature was not worded properly on their web site. They make it sound like an e-mail scanner.

Does IMON check both HTTP and POP3?
And EMON is just MAPI?


"IMON (Internet MONitor), is the second NOD32 resident scanner. It runs on the Winsock level and scans internet traffic (e-mail) incoming via the POP3 protocol. IMON replaces the NOD32’s for POP3 filter (known from the former NOD32 version) with enhanced email protection. Almost no configuration is required, which is great for non-technical users."

"...(e-mail) incoming via the POP3 protocol..."

"IMON replaces the NOD32’s for POP3 filter (known from the former NOD32 version) with enhanced email protection." <-QUOTE}
I agree with you that this isn't very clear for a new user...

I think that is better to the POP3 scanner in the EMON because is an email protocol, but it seems that ESET doesn't want that...

kav/kis 2006 has this too

One of the things I like about the NOD IMON HTTP scanner is that it uses NOD's Advance Heuristics which can help with proactive detection.

{QUOTE-> kav/kis 2006 has this too <-QUOTE}
But it isn't a final product...

avast also has a http scanner. i like http scanners because theyll catch archived viruses in realtime and prevent them from even getting on ur hard drive.

{QUOTE-> i like http scanners because theyll catch archived viruses in realtime and prevent them from even getting on ur hard drive <-QUOTE}
aha thats a good point.u dont need to enable scan archives in realtime scanner which may increase resource usage.but ur web scanner can catch malware in archives..

For corporate environments there are a few new http/ftp scanners. Barracuda has a new spyware firewall and bluecoat offer an AV appliance too. We're considering these products, because we need centralized http/ftp spyware and trojan protection.

There are of course other components that offer such protection, but the problem is that most of them are all-in-one security appliances, with firewalling, anti spam, mail scanning and so on (ie. symantec, fortinet, astaro and lots more). We don't need that kind of product, since most of those security measures are in place already (of course).

Tha barracuda anti spyware firewall seems tempting to me: we use their antispam firewall (with clamav and spamassassin) with very good results and at a very low cost: they don't calculate a per seat AV licence, but a fixed price).

I appreciate all of the feedback received so far, this place is great!

Right now I am just trying to weigh in my options here with regards to which antivirus software I should use. At this time, I am not considering spending any money when there are free alternatives available to me.

McAfee VirusScan Enterprise 7.1 or 8.0i (free from my work)
- excellent detection rates
- very reliable
- no POP3 scanning
- no HTTP scanning

avast! 4 Home Edition
- POP3 scanning
- HTTP scanning
- disagree with registration info
- do not 'fully' trust detection rates

Those are the two that I am trying to decide between right now. I suppose the only thing that keeps leaning me towards avast! is the HTTP and POP3 scanning, but I guess if it doesn't have as many virus definitions then it doesn't do much good.

Any suggestions would be greatly appreciated...

{QUOTE-> For corporate environments there are a few new http/ftp scanners. Barracuda has a new spyware firewall and bluecoat offer an AV appliance too. We're considering these products, because we need centralized http/ftp spyware and trojan protection. <-QUOTE}

Doesn't the barracuda anti-spyware act just like a proxy?

I'm intrigued by their products, although I was thinking of getting one of their 610 model spam machines, I contacted them about a free eval that they advertise, and was told to just purchase, as they have a 30 day money back guarantee... ahem... no thanks, a free eval unit was what I wanted, but they couldn't/wouldn't deliver... oh well.

{QUOTE-> Doesn't the barracuda anti-spyware act just like a proxy? <-QUOTE}It acts like a proxy. It scans every incoming message for virusses and spam. And so far our results are very good. Spam in the users inboxes is reduced a lot and virusses are caught very effectively. I'm thinking of dropping our Antigen services, may that be an answer...
Management of the appliance is quite easy. Training the anti spam function takes a few weeks and checking false positives is not too much work.
And at the price, it's unbeatable.

The spyware firewall will probably act in the same way, as a proxy. There's a minor uncertainty here: the spyware definitions and url blacklists are to be maintained by Barracuda themselves. I don't know their resources and ability in this area. If the mailscanner is anything to go by, there will probably be no problem.
I'll keep you posted, since we will probably try this setup once it is available.

I've been messing around with McAfee Viruscan Enterprise 8.0i and although it doesn't have an http scanner, I am finding that it does always terminate the connection when it pulls a nasty off a web page.

I'm a KAV fan, but I'm growing to like this program more and more. I still detest the home version but as many have said on these forums, the Enterprise version is a class apart from the home version.

If you can get VSE free from work then that has got to be your best option over Avast. (although I recommend Avast to friends who want a freeware AV).