Re: about monitoring software

Giganews Newsgroups
Subject: Re: about monitoring software
Posted by:  dumb (sitemast…@gmx.li)
Date: Mon, 12 Jan 2004

MCH,

Your question is very close to my problem. I've developed proxy server that
listening on 25 port and redirect the request to let's say 2525 port of mail
server. This is very primitive method that has many disadvantages (see my
next post for biggest one), and therefore it's useless for serious
applications such like firewalls or antiviruses. Such applications
interceipt low level Winsock API calls using Layered Service Provider (LSP),
TDI or NDIS drivers. So they just filter traffic at 25 port and catch
messages after DATA command.

dumb

"MCH" <mchaku…@21cn.com> wrote in message
news:opr1obpqapib49…@pop.21cn.com...
> Hi all,
>    Does anyone know how does the virus-monitor software work? I am really
> interesting in it. Just take a mail sending process as example, the
> monitor software will work no matter what smtp server address we specify
> in mail client.

Replies

In response to

about monitoring software posted by MCH on Tue, 13 Jan 2004