Apologies up-front if this really is off topic, but my experience with proxies and security, in general, might be of value in this case. I use an HTTP proxy to help identify, block and report Spyware. I'm using a squid proxy with a SquidGuard blacklist which I update more so than the community does. As spyware hits our network here, I find their entries in the squid access log and add the entries to the blacklist. The trouble is, I'm just one guy doing it when I can. Perhaps it would be of value to form a community that updates a centralized database (or just a flat text file, like squidguard does) which identifies and blacklists websites, domains and urls which contain viruses/phishers/malware content? I would most certainly be interested in working on a project like that. However, much like my opinion on mitigating SPAM, I'm not convinced this is any sort of catch-all solution. I manage malware protection, the same way I manage SPAM protection. A slew of 2-5 mechanisms which work together to bring the best results whilst still maintaining the least number of false positives possible. So, got some free time? I'd gladly start a project/database/website to put a malware blacklist database together. The key to it being successful, is unanimous decisions on what is blocked and what is not. Again, if this is off-topic, my apologies. Speaking of which, can someone re-point me to document that explains what is and is not considered to be on-topic? :-) Tim Rainier Information Services, Kalsec, INC trainier@kalsec.com Two Bit <two.bit7@gmail.com> Sent by: owner-nanog@merit.edu 09/23/2005 03:17 PM Please respond to Two Bit <two.bit7@gmail.com> To nanog@merit.edu cc Subject HTTP Proxies used for Fighting Spyware: Feedback Hi there, long-time Nanog lurker network engineer with a (maybe off-topic) question related to network architecture solutions to fight the spyware/greyware problem. I was wondering if anyone might have any experience deploying anti-spyware solutions which reside on HTTP Proxies. Several products claim to be able to detect spyware on the wire such as ISS, SonicWall, Fortinet, Astaro, BlueCoat. However, I am concerned about the performance, especially since they have to use an AntiVirus product on the back-end (heavy processing). Curious what the user experience might be, how effective any of these solutions are in really catching spyware, and any other operational experiences from engineers employing any of these solutions out in the field (not from vendors, please) that may help narrow down the choices. Thanks for any input.