I've been compiling a list of things I would really like to see in Astaro. Some of these I would consider more important than others, but would very much like to see them all.
Feature requests:
POP3 proxy:
Separate exclusion lists for virus and spam filtering
Script filtering (This could stop most email worms that exploit the mail client, and there is rarely a legitimate reason for scripting in email)
RBL lookup (the ability to add your own, anyway.. this can add a lot to a spam filter, depending on the RBL you choose; I don't understand why this is available for SMTP but not POP3)
Recipient whitelist and blacklist
Option to automatically forward blocked emails (in their original form) to a specified address (for spam reporting services)
HTTP proxy:
SSL support - I know this is a big request, but it would give you an edge (an edge which Finjan already uses to their advantage). It should be possible to create an encrypted connection to the host, display an HTML page (similar to the download/infected page currently used) that alerts the user to any discrepancy in the security certificate. Malware sites are actually using secure connections to distribute malware specifically because firewalls like Astaro are vulnerable. Visit the Eicar.org site for a demonstration. It would also be a very good feature to be able to disallow sites that do not have valid security certificates (but with a URL whitelist).
Multiple connections for downloads - this can be advantageous when connection is poor
Option on download screen to clear file from proxy cache (in case something happens to your download)
Option on download screen to stop and restart download (for when downloads hang, you change your mind, or need to download another way.. I had a very large download that caused problems, I would very much liked to have been able to stop it).
Option to skip surf protection on files over a user-definable size; malware almost never comes in files 10 or 100mb, you should be able to bypass the proxy download on large files of your choosing. Right now very large files can be very inconvenient to download.
Upgrade from Cobion to Proventia with the "Virtual Patch Protection", the exploit filtering would add a lot for ROI (reduce the risk of unpatched vulnerabilities). Alternately there are companies like SocketShield that could probably add this separately.
If not Proventia, then WebSense would be another. They don't filter exploits, but their website database seems more granular and expansive, and they add the ability to block certain types of transfers by group, such as IM file transfers, P2P apps, and so on. It's a mature product with a large database that offers more granular control.
(I'm not unhappy with Cobion, but would really like to see more. I'd like to turn on the ability to block suspicious sites without blocking unknown sites. As it is now it just blocks too much if you do that.)
General capability for plugins for the open source community to be able to add additional modules for IPS, general filtering, and reporting.
Support for connecting through TOR (anonymizing network) and JAP (anonymizing proxy, granted you might be able to do this manually but would be nice to have the option). What would be best for this would be to have an option to create a separate proxy connection (standard or authentication only) so you could use this optionally instead of trying to anonymize all http traffic. This way you could also switch between anonymous connections or not from the desktop in your browser.
Intrusion Prevention:
Ability to import lists of rules, rather than just creating individual rules. There are some offerings out there that I would like to be able to use.
Add Bleeding Snort rules
General
Easier to read list of connections
Network alerts in addition to email alerts, SMS alerts would be great too.
Since not all downloads get automatically scanned, it would be nice if there was an option to upload a file to the gateway to have it scanned
This thread was automatically locked due to age.
