[mlw]

using rh9 for ip masq, all computers in our network run though this computer to reach the internet, i was wondering if anyone knew of software which would allow me stop people from downloading files of a certan file type exe, dll,pif,etc.

[ed209]

I assume you mean downloading via the http, correct?

You can install the squid web proxy on a machine and deny all other machines http requests from leaving the internal network on your firewall. Using squids acls you can deny any url that contains the file types you don't want users to download. Here is a quick example:

you need a line like this in your acls section of your conf add:

acl blocked_filetypes urlpath_regex -i exe

then later something like:

http_access deny blocked_filetypes

That would block any request for any url that contained a case insensitive exe

This is pretty draconian, though and can lead to problems with web surfing speeds and timeouts you need a pretty good machine to handle a lot of requests on the fly.

If there is a policy in place regarding file downloads a lot of times the threat of that will keep users from blatant mischief although thats not a very good security measure

ed

[mlw]

thanks, i'll have to read up on squid and give it a try. my redhat computer is a 400 mhz pent 2 with 128 meg of memory, we have about 25 computers accessing the internet though this machine (although not all of them are on the internet at the same time) . do you think the computer will be fast enough ??
also is there a program which can stop the download of attachments in an email if the attachment is of a certain type (such as an exe file). we are not running a mail server on my redhat computer.

[ed209]

The problem with piping all your traffic through a box is that its really hard to guess at how fast its going to be unless you know the system is totally ridiculously fast with a butt load of memory. Squid stuffs EVERYTHING in memory so that is one potential bottleneck.

As for the downloading exe's in attachments on email, that depends, how do your users get their mail? You said the mail server is not on the redhat box, so is the mail server under your control or is it your ISP's mail server?

Depending on the mail server there are a few ways you can go about it. If you use qmail you add on qmail-scanner to drop all attachments of a certain type. Check it out at :

http://qmail-scanner.sourceforge.net/

Also if you feel like a 133+ H@x0r then you may be able to hack spam assassin to catch attachments but that is out of my league.

Another fun tool is mailscanner if you are using one of the supported mail servers, its pretty widely used when it comes to free mail virus scanner/ attachment stripper.

http://www.sng.ecs.soton.ac.uk/mailscanner/

There are a lot of other ways to do this as well, for instance with qmail you have an opportunity to run any number of scripts when an email arrives, you could write a perl/python/shell script that checks for an attachment and strips it if you want.

hope that helps.

ed