Educause Security Discussion mailing list archives
Re: Exchange Server Virus Scanning
From: "Hall, Rand" <rand () MERRIMACK EDU>
Date: Fri, 17 Feb 2006 10:18:04 -0500
Without fail Mcafee has been the last to publish critical av updates.
As client commentary this is a little off-topic, but you really need to be careful about sweeping generalizations like this. The speed with which a vendor releases updates is oftentimes irrelevant. AV-TEST.ORG's widely referenced study of update times for the BOZARI.A/Zotob.E virus has some interesting data (one might think). http://www.av-test.org/down/ms05-039.zip Kaspersky leads the pack at 2005-08-16 21:57. Sophos clocks in at 2005-08-17 00:44. McAfee's daily was released at 2005-08-17 01:34. Kaspersky and Sophos kicked McAfee's butt! Or did they? Kaspersky and Sophos got updates out quickly because they HAD to. That's all they've got to protect their customers.* McAfee, on the other hand can leisurely send theirs through a better Q/A. Why? Because their product has other features that make this virus largely a non-issue. OOTB, VSE's Buffer Overflow Protection stopped this virus in its tracks. A smart deployment could stop this in several other ways with several other features--without needing updates. http://vil.nai.com/vil/content/v_135491.htm When other vendors are indicating the end of the world by going to "Threat Level: Plaid" McAfee's sitting back and saying "What threat?"** Cheers, Rand *Admittedly, I only have a cursory knowledge of the products. My apologies if I'm mistaken. **Well, not really. If you look closely at av-test.org's study you'll note that McAfee actually beat Kaspersky and Sophos (everyone, actually) in first providing an update to customers with their beta version at 21:19--thirty-eight minutes ahead of Kaspersky. -- Rand P. Hall * Director, Network Services Merrimack College * SunGard Higher Education 315 Turnpike Street, North Andover MA 01845 * Tel 978-837-5000 Fax 978-837-5434 * rand.hall () merrimack edu * www.sungardcollegis.com CONFIDENTIALITY: This e-mail (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this e-mail in error, please notify the sender and delete this e-mail from your system. -----Original Message----- From: Wehner, Paul (wehnerpl) [mailto:WEHNERPL () UCMAIL UC EDU] Sent: Thursday, February 16, 2006 7:51 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Exchange Server Virus Scanning Our email gets scrubbed with sophos at the mirapoint gateways and we run scanmail on the exchange servers. It's been very good. We also use MacAfee webshield smtp scanning on the universities listserv system. Without fail Mcafee has been the last to publish critical av updates. The response of Sophos has been impressive. A lot of new virus's seem to hit in asia and europe first and Sophos pushes updates 10-15 hours before the virus hits stateside. ________________________________ From: Tim Rhoades [mailto:trhoades () UWB EDU] Sent: Thu 2/16/2006 6:21 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Exchange Server Virus Scanning Hi all, We have been using Antigen 8.0 from Sybari to secure our Exchange server 2003 infrastructure. Today's issues with the Kaspersky engine slowing/breaking mail delivery have our "powers that be" asking questions about which product is currently the industry standard for education. Can I ask if anyone out there in the world of higher Ed has some personal preferences or areas that I might look to evaluate the benefits/costs/ and drawbacks of changing horses? Thanks for any help you can provide. --------------------------------------------------- Tim Rhoades Network Manager University of Washington - Bothell
Current thread:
- Exchange Server Virus Scanning Tim Rhoades (Feb 16)
- <Possible follow-ups>
- Re: Exchange Server Virus Scanning Fretz, Kerry (Feb 16)
- Re: Exchange Server Virus Scanning Lucas, Bryan (Feb 16)
- Re: Exchange Server Virus Scanning Wehner, Paul (wehnerpl) (Feb 16)
- Re: Exchange Server Virus Scanning Flagg, Martin D. (Feb 17)
- Re: Exchange Server Virus Scanning Hall, Rand (Feb 17)
- Re: Exchange Server Virus Scanning Michael_Maloney (Feb 17)
- Re: Exchange Server Virus Scanning Graham Toal (Feb 17)
- Re: Exchange Server Virus Scanning Wehner, Paul (wehnerpl) (Feb 17)
- Re: Exchange Server Virus Scanning Graham Toal (Feb 17)
- Re: Exchange Server Virus Scanning Hall, Rand (Feb 17)
- Re: Exchange Server Virus Scanning Graham Toal (Feb 17)
- Re: Exchange Server Virus Scanning Graham Toal (Feb 17)
- Re: Exchange Server Virus Scanning Hall, Rand (Feb 17)
- Re: Exchange Server Virus Scanning Tim Rhoades (Feb 17)
- Re: Exchange Server Virus Scanning Graham Toal (Feb 17)
(Thread continues...)