Firewall Wizards mailing list archives
Re: OT: Av and Gartner...
From: Gary Flynn <flynngn () jmu edu>
Date: Thu, 31 Jul 2003 07:50:52 -0400
John Keeton wrote:
Slightly OT here.In corporate land, where does everyone have AV installed? Currently, we have desktop, NT servers, and email gateway. I am thinking that we needhttp/ftp scanning via ICAP from our proxy, but Gartner[1] says http/ftp scanning is uneeded. I don't know if I agree.. -OR- Are people installing malicious code detection software, like www.finjan.com??
We're running on desktops, file servers, and mail gateway. A lot of server administrators also run it on their servers. We also block several types of executable attachments from traversing our mail gateway which has stopped virus spreads before definitions are updated. There seems to be a shift away from email as the only spreading mechanism. Netbios shares, kazaa and the like, and instant messaging applications are being used more and more. Aplore was fairly successful using a combination of instant messaging and a malicious web sever on the infected machines. I suspect over the next year we'll see quite a few exploit RPC/DCOM too. An inline border device that understands those secondary protocols, possibly including HTTP sessions, would raise the fence. If it could do signature analysis and packet dropping for known overflow exploits, protocol anomoly protection, content management, and DDOS mitigation that would be good too :) -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: OT: Av and Gartner..., (continued)
- Re: OT: Av and Gartner... Jim McAtee (Jul 30)
- Re: OT: Av and Gartner... Paul Robertson (Jul 30)
- Re: OT: Av and Gartner... R. DuFresne (Jul 30)
- Re: OT: Av and Gartner... Luca Berra (Jul 31)
- Re: OT: Av and Gartner... Paul A. Henry (Jul 30)
- Re: OT: Av and Gartner... Marcus J. Ranum (Jul 31)
- Re: OT: Av and Gartner... Fritz Ames (Jul 31)
- Re: OT: Av and Gartner... Marcus J. Ranum (Jul 31)
- Re: OT: Av and Gartner... Dave Piscitello (Jul 31)
- Re: OT: Av and Gartner... Fritz Ames (Jul 31)
- Re: OT: Av and Gartner... Luca Berra (Jul 31)
- Re: OT: Av and Gartner... Gary Flynn (Jul 31)
- Re: OT: Av and Gartner... John Keeton (Jul 31)
- RE: OT: Av and Gartner... Yinal Ozkan (Jul 31)
- RE: OT: Av and Gartner... Behm, Jeffrey L. (Jul 31)
- Re: OT: Av and Gartner... Jim McAtee (Jul 30)