Product Reviews

A Hardware Barrier for Viruses

AVStripper adds another layer of protection for your network

• By Mike Gunderloy
• 05/01/2002

AVStripper is a rackmount hardware device with two Ethernet ports. You install it between your firewall and your LAN, turn it on, and configure it via a web-browser interface. AVStripper then installs itself as a bridge, scanning HTTP, FTP, SMTP, NNTP, IMAP, POP3, and SOCKS messages for viruses (and passing other protocols through untouched). The virus pattern file and engine are updated automatically and frequently. If a virus turns up, AVStripper keeps it off your network, optionally sending e-mail notifications to an administrator. It also scans outgoing protocols, so that even if a virus gets in by another vector (such as an infected floppy disk) you won't send it out again. You can also flag certain file extensions not to scan, or mark others to not be allowed at all.

I installed AVStripper on my testbed network and gave it a whirl. The fans in the rackmount box are tremendously noisy, which I'm sure helps the equipment but makes it unsuitable for home or small-office use; this was notable even compared to other equipment in the same rack. It's also worth remembering that installing a bridge such as this requires downing the network and clearing out any ARP caches. Ideally you'd want to do that during off hours, but be aware that technical support is only available 7AM to 5PM PST Monday to Friday. You may want to test AVStripper on a separate testbed network to ensure all is well before downing your main network to install it in place.

On the functional side, AVStripper found the viruses I tossed at it, and sent me e-mail (full of exclamation points) when it spotted them. There was no noticeable performance impact on web browsing or e-mail from my test machines. I did have some problems with FTP, but putting the target server into the "don't scan" list resolved the issue easily.

AVStripper is entirely managed through a Web-based interface. (Click image to view larger version.)

There were a few other minor issues of the fit and finish variety as well. Though I was installing AVStripper in the recommended configuration I still had to grub around a bit in my networking closet to find a crossover cable; it would have been nice to find one in the box. The machine also would not take a strong password with a non-alphanumeric character included.

Overall, sysadmins are likely to see AVStripper as an attractive extra layer of protection for their networks. It would be especially useful to protect remote sites where you can't be sure that users are keeping virus pattern files up to date. On the down side, it's got some of the same holes as any other virus-scanning technology (for example, giant zip file denial of service attacks force you to set a maximum size for scanned files, and of course virus protection is only as good as the pattern file). But with its frequent pattern updates, and Trend's excellent track record for detecting new viruses early, it promises to stomp many viruses at the gates.