I would like to set up a linux machine between my firewall and local network (ie router, then firewall, then linux, then network) in order to run eTrust Antivirus 7 (or another antivirus program) to "clean" up any virus emails or virus attachments prior to our users receiving their email. I know the linux machine would require two NiC cards for two ethernet ports, but after that I'm just researching what would be required. Any assistance is most appreciated.

It sounds like a bit of a challenge, but interresting.

There are many points to consider, ex.
Is the antivirus linux box also the pop/smtp server?
Is the antivirus software designed scan incoming/outgoing mail?

In terms of hardware, yes 2 NICS is a good start ; - )
I'd worry about getting a couple of fast HDs or even a raid 5 array. Youll need something fast and reliable. Apart from that calculate expected disk and processor usage. It'll be a busy PC depending on your nº users.

keep up in touch with your progress!

This is what you want:

InterScan VirusWall

It will run on Linux or Windows but is very expensive.
.............................
Note: I use this product (on a windows server) for a 400 workstation WinNT/2K/XP network (including 2 E-mail servers) ... we have NEVER had an infected computer that required any downtime (I also have TrendMicro ScanMail on the E-mail servers and Symantec Anti-Virus Enterprise Edition on the desktops/servers). The Virus stuff (both symantec and trendmicro) pretty much works in automatic ... if a high name virus is out there (like mydoom) I make sure the latest definition is on all the workstations.
-------------------------
You could use AMaViS in conjuction with Sophos Sweep, KasperskyLab AVP, H+BEDV AntiVir, NAI VirusScan, Trend FileScanner, F-Secure AV, CAI InoculateIT, CyberSoft VFind, GeCAD RAV, NOD32, or CSAV if your goal is only to scan e-mail .... see this Mini-FAQ for Linux anti-virus products...

Thank you. In answer to the server question regarding POP3/SMTP, I'm actually just using the Linux machine as a conduit - the email server is in CT, and it's easier for me to establish an antivirus machine within our local locale rather than attempt to have the tech support staff in CT help me configure eTrust...we tried that once unsuccessfully. I understand the processor speed and RAM, but why the HD if I'm just "cleaning" POP3 traffic that comes through our firewall in the form of email body messages and viral attachments?

The mapping of the T1 would be:

router - firewall - linux "cleaning" unit - Novell network

I would then hope to eventually scratch out the router and firewall and use the linux machine for all three purposes.