Code from McAfee’s Webshield
I used to work at McAfee Associates, doing
various projects on Linux and other Unices.
I ported Virus Scan to Linux, as well as Solaris, SunOS, and FreeBSD,
but the largest part of my time was involved with designing and
doing the largest part of implementing Webshield, which was an
antiviral firewall that uses McAfee’s virus scanning engine to pick
out viruses before they get into the protected networks.
The version of Webshield that I helped develop was hosted on top of a much-modified 2.0.28 kernel, so some of the enhancements are GPLed and thus available here.
Patches for the Linux 2.0.28 kernel
- A patch to put the webshield tcp code into a vanilla 2.0.28 kernel
- This patchfile, when applied to a vanilla 2.0.28 kernel, will give you a kernel capable of doing Webshield transparent proxying. These are the most up to date patches, and when combined with the Mastodon 2.0.28 kernel patches will give you the most up to date Webshield kernel you can find.
Patches for older Linux kernels
- A memory patch for Compaqs and >64mb machines.
- My enhanced memory detection patch for Linux version 2 (tested on versions 2.0.27, 2.0.28 and 2.0.29.) It does not get along well with loadlin, but it’s perfectly happy to coexist with Lilo. A later version of this patch is in the 2.1 kernel series.
- A revised memory patch for Compaqs and >64mb machines.
My enhanced memory detection patch has a few problems with it, mainly that loadlin doesn’t coexist with it, and various Compaqs don’t report more than 16mb of memory even with it installed. This patch applies on top of the first enhanced memory detection and makes it write the new memory information in a place that won’t confuse loadlin. Some Compaqs (EISA Proliants and Prosignias in particular) still don’t detect memory correctly, but that is being worked on.
NOTE: To apply this patch, you must first apply the original enhanced memory patch.
- A patch to make every network module autoprobe.
- My patches to make every network module autoprobe and to detect multiple cards when insmod'ed (against kernel version 2.0.28.) This code will, if abused, lock your machine up like a drum. I got around the locking up like a drum feature by only probing for devices in a specific order when webshield boots up. If you probe devices in the same order that the kernel does , your system will remain happy.