Antivirus Software with HTTP Scanner

Discussion in 'other anti-virus software' started by Dave-54321, May 13, 2005.

Thread Status:
Not open for further replies.
  1. Dave-54321

    Dave-54321 Guest

    Which AV's have an HTTP scanner?

    I must admit, I really like the concept of it. And the only one that I know of at this time is Avast, but I don't fully trust Avast.


    Are the advantages of having an HTTP scanner along with a regular real-time scanner that great?

    I like how it could pick up java and active x viruses when browsing web sites, but wouldn't the regular real-time scanners pick them up just the same...


    Thanks in advance for any replies!

    -Dave
     
  2. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
  3. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I think that was NOD32 the first one to introduce this feature.. ;)
     
  4. Dave-54321

    Dave-54321 Guest

    I thought NOD32 did, but their description of the IMON feature was not worded properly on their web site. They make it sound like an e-mail scanner.

    Does IMON check both HTTP and POP3?
    And EMON is just MAPI?


    "IMON (Internet MONitor), is the second NOD32 resident scanner. It runs on the Winsock level and scans internet traffic (e-mail) incoming via the POP3 protocol. IMON replaces the NOD32’s for POP3 filter (known from the former NOD32 version) with enhanced email protection. Almost no configuration is required, which is great for non-technical users."

    "...(e-mail) incoming via the POP3 protocol..."

    "IMON replaces the NOD32’s for POP3 filter (known from the former NOD32 version) with enhanced email protection."
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    Yes.


    EMON (E-mail MONitor) provides scanning of incoming and outgoing email in Microsoft Outlook as well as in Microsoft Exchange Extension-compliant mail clients.

    https://www.wilderssecurity.com/showthread.php?p=457280
     
  6. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    I like the fact that the NOD32's IMON HTTP scanner will stop some infections from downloading to the machine but will terminate the connection before they are downloaded.

    Example from the NOD log:

    JS/TrojanDownloader.IstBar.A trojan connection terminated
    Win32/TrojanDownloader.Agent.BP trojan connection terminated
    Java/Exploit.Bytverify.F trojan connection terminated
    Multiple infiltrations connection terminated
    HTML/Exploit.ObjData trojan connection terminated
    Win32/Dialer.NAD trojan connection terminated
    Win32/TrojanDownloader.OTXloader.A trojan connection terminated

    This is especially useful for a PC used by a bunch of teens.:)
     
  7. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I agree with you that this isn't very clear for a new user...

    I think that is better to the POP3 scanner in the EMON because is an email protocol, but it seems that ESET doesn't want that...
     
  8. tahoma

    tahoma Registered Member

    Joined:
    May 31, 2003
    Posts:
    228
    kav/kis 2006 has this too
     
  9. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    One of the things I like about the NOD IMON HTTP scanner is that it uses NOD's Advance Heuristics which can help with proactive detection.
     
  10. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    But it isn't a final product...
     
  11. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    avast also has a http scanner. i like http scanners because theyll catch archived viruses in realtime and prevent them from even getting on ur hard drive.
     
  12. clansman77

    clansman77 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    234
    Location:
    kochi,kerala,india
    aha thats a good point.u dont need to enable scan archives in realtime scanner which may increase resource usage.but ur web scanner can catch malware in archives..
     
  13. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    For corporate environments there are a few new http/ftp scanners. Barracuda has a new spyware firewall and bluecoat offer an AV appliance too. We're considering these products, because we need centralized http/ftp spyware and trojan protection.

    There are of course other components that offer such protection, but the problem is that most of them are all-in-one security appliances, with firewalling, anti spam, mail scanning and so on (ie. symantec, fortinet, astaro and lots more). We don't need that kind of product, since most of those security measures are in place already (of course).

    Tha barracuda anti spyware firewall seems tempting to me: we use their antispam firewall (with clamav and spamassassin) with very good results and at a very low cost: they don't calculate a per seat AV licence, but a fixed price).
     
  14. Dave-54321

    Dave-54321 Guest

    I appreciate all of the feedback received so far, this place is great!

    Right now I am just trying to weigh in my options here with regards to which antivirus software I should use. At this time, I am not considering spending any money when there are free alternatives available to me.

    McAfee VirusScan Enterprise 7.1 or 8.0i (free from my work)
    - excellent detection rates
    - very reliable
    - no POP3 scanning
    - no HTTP scanning

    avast! 4 Home Edition
    - POP3 scanning
    - HTTP scanning
    - disagree with registration info
    - do not 'fully' trust detection rates

    Those are the two that I am trying to decide between right now. I suppose the only thing that keeps leaning me towards avast! is the HTTP and POP3 scanning, but I guess if it doesn't have as many virus definitions then it doesn't do much good.

    Any suggestions would be greatly appreciated...
     
  15. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    Doesn't the barracuda anti-spyware act just like a proxy?

    I'm intrigued by their products, although I was thinking of getting one of their 610 model spam machines, I contacted them about a free eval that they advertise, and was told to just purchase, as they have a 30 day money back guarantee... ahem... no thanks, a free eval unit was what I wanted, but they couldn't/wouldn't deliver... oh well.
     
  16. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    It acts like a proxy. It scans every incoming message for virusses and spam. And so far our results are very good. Spam in the users inboxes is reduced a lot and virusses are caught very effectively. I'm thinking of dropping our Antigen services, may that be an answer...
    Management of the appliance is quite easy. Training the anti spam function takes a few weeks and checking false positives is not too much work.
    And at the price, it's unbeatable.

    The spyware firewall will probably act in the same way, as a proxy. There's a minor uncertainty here: the spyware definitions and url blacklists are to be maintained by Barracuda themselves. I don't know their resources and ability in this area. If the mailscanner is anything to go by, there will probably be no problem.
    I'll keep you posted, since we will probably try this setup once it is available.
     
  17. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    I've been messing around with McAfee Viruscan Enterprise 8.0i and although it doesn't have an http scanner, I am finding that it does always terminate the connection when it pulls a nasty off a web page.

    I'm a KAV fan, but I'm growing to like this program more and more. I still detest the home version but as many have said on these forums, the Enterprise version is a class apart from the home version.

    If you can get VSE free from work then that has got to be your best option over Avast. (although I recommend Avast to friends who want a freeware AV).
     
Loading...
Thread Status:
Not open for further replies.