Re: Exchange Server Virus Scanning

["Hall, Rand" <rand () MERRIMACK EDU>]

> Without fail Mcafee has been the last to publish critical av updates.

As client commentary this is a little off-topic, but you really need to
be careful about sweeping generalizations like this. The speed with
which a vendor releases updates is oftentimes irrelevant.

AV-TEST.ORG's widely referenced study of update times for the
BOZARI.A/Zotob.E virus has some interesting data (one might think).

http://www.av-test.org/down/ms05-039.zip

Kaspersky leads the pack at    2005-08-16 21:57.
Sophos clocks in at            2005-08-17 00:44.
McAfee's daily was released at 2005-08-17 01:34. 

Kaspersky and Sophos kicked McAfee's butt! Or did they?

Kaspersky and Sophos got updates out quickly because they HAD to. That's
all they've got to protect their customers.* 

McAfee, on the other hand can leisurely send theirs through a better
Q/A. Why? Because their product has other features that make this virus
largely a non-issue. OOTB, VSE's Buffer Overflow Protection stopped this
virus in its tracks. A smart deployment could stop this in several other
ways with several other features--without needing updates.

http://vil.nai.com/vil/content/v_135491.htm

When other vendors are indicating the end of the world by going to
"Threat Level: Plaid" McAfee's sitting back and saying "What threat?"**


Cheers,
Rand

*Admittedly, I only have a cursory knowledge of the products. My
apologies if I'm mistaken.
**Well, not really. If you look closely at av-test.org's study you'll
note that McAfee actually beat Kaspersky and Sophos (everyone, actually)
in first providing an update to customers with their beta version at
21:19--thirty-eight minutes ahead of Kaspersky.

--
Rand P. Hall * Director, Network Services
Merrimack College * SunGard Higher Education
315 Turnpike Street, North Andover MA 01845 * Tel 978-837-5000
Fax 978-837-5434 * rand.hall () merrimack edu * www.sungardcollegis.com

CONFIDENTIALITY:  This e-mail (including any attachments) may contain
confidential, proprietary and privileged information, and unauthorized
disclosure or use is prohibited.  If you received this e-mail in error,
please notify the sender and delete this e-mail from your system.

-----Original Message-----
From: Wehner, Paul (wehnerpl) [mailto:WEHNERPL () UCMAIL UC EDU] 
Sent: Thursday, February 16, 2006 7:51 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Exchange Server Virus Scanning

Our email gets scrubbed with sophos at the mirapoint gateways and we run
scanmail on the exchange servers.
It's been very good. We also use MacAfee webshield smtp scanning on the
universities listserv system. 
Without fail Mcafee has been the last to publish critical av updates.
The response of Sophos has been impressive. A lot of new virus's seem to
hit in asia and europe first and Sophos pushes updates 10-15 hours
before the virus hits stateside. 

________________________________

From: Tim Rhoades [mailto:trhoades () UWB EDU]
Sent: Thu 2/16/2006 6:21 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Exchange Server Virus Scanning



Hi all,

We have been using Antigen 8.0 from Sybari to secure our Exchange server
2003 infrastructure. Today's issues with the Kaspersky engine
slowing/breaking mail delivery have our "powers that be" asking
questions about which product is currently the industry standard for
education.

Can I ask if anyone out there in the world of higher Ed has some
personal preferences or areas that I might look to evaluate the
benefits/costs/ and drawbacks of changing horses?

Thanks for any help you can provide.

---------------------------------------------------
Tim Rhoades
Network Manager
University of Washington - Bothell