Firewall Wizards mailing list archives
RE: OT: Av and Gartner...
From: "Bob Wanamaker - Avant Systems, Inc." <rlw () avantsystems com>
Date: Wed, 30 Jul 2003 20:37:20 -0400
My standard recommendation: don't worry about http/ftp scanning, but do have AV installed on the proxy server. AV should also be installed at SMTP gateway; an Exchange-aware version on Exchange server [and please note that SMTP gateway is on a separate box and on a DMZ segment from corporate Exchange server]; on all servers; on all desktops. Additionally, block the majority of attached files on your Exchange server. Use a scanner that actually works, and test the snot out of it - you'd be surprised that scanners let EXE's embedded in a Word document come through, but some do. Proxy server should be capable of blocking downloads as well - for example, the most recent WMP flaw requires that a MID file be used in the exploit; answer - block MIDs. Only permit required hosts to traverse the firewall. No desktop should have to do this. -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of John Keeton Sent: Wednesday, July 30, 2003 7:10 PM To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] OT: Av and Gartner... Slightly OT here. In corporate land, where does everyone have AV installed? Currently, we have desktop, NT servers, and email gateway. I am thinking that we need http/ftp scanning via ICAP from our proxy, but Gartner[1] says http/ftp scanning is uneeded. I don't know if I agree.. -OR- Are people installing malicious code detection software, like www.finjan.com?? Also, anyone have any experiance with Garner regarding security items? This AV answer, joined with their latest magic quad. for firewalls and ids is just plain scary. I don't know if I even want to put an ounce of faith in them anymore. Thanks, -jkeeton [1] At my employ Gartner is god. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- OT: Av and Gartner... John Keeton (Jul 30)
- Re: OT: Av and Gartner... Paul Robertson (Jul 30)
- RE: OT: Av and Gartner... Bob Wanamaker - Avant Systems, Inc. (Jul 30)
- Re: OT: Av and Gartner... Jim McAtee (Jul 30)
- Re: OT: Av and Gartner... Paul Robertson (Jul 30)
- Re: OT: Av and Gartner... R. DuFresne (Jul 30)
- Re: OT: Av and Gartner... Luca Berra (Jul 31)
- Re: OT: Av and Gartner... Paul A. Henry (Jul 30)
- Re: OT: Av and Gartner... Marcus J. Ranum (Jul 31)
- Re: OT: Av and Gartner... Fritz Ames (Jul 31)
- Re: OT: Av and Gartner... Marcus J. Ranum (Jul 31)
- Re: OT: Av and Gartner... Dave Piscitello (Jul 31)
- Re: OT: Av and Gartner... Fritz Ames (Jul 31)
- Re: OT: Av and Gartner... Luca Berra (Jul 31)
(Thread continues...)