Re: [OT]Virus/File scanning on *nix servers

[Jose Nazario <jose () biocserver BIOC cwru edu>]

On Wed, 21 Mar 2001, Bob Washburne wrote:

> Please forgive the slightly off toppic post, but this seemed to be a
> good group of people to ask and the application is more firewall-ish
> than it is proxy-ish.

sorta. if i can get off topic for a second, i just want to tell everyone
that, at least for myself, i encourage you to explore other lists for some
of the non-firewall questions. a few have been popping up here, and while
we do deal with much more than firewalls in our daily work lives ...

> Can anyone point me to an available program which will scan both files
> and emails for both attached virus and file types (such as *.VBS) on a
> *nix system (probably AIX or Linux)?

i use sendmail as a mail hub and the procmail sanitizing ruleset. its
adaptable to growing problems even before they get explicitely
incorporated into the package. this is mainly because new email borne
virii keep playing on the same (lame) techniques. it can defang, block, or
ignore on the basis of a variety of criteria.

some sendmail-fu would be wise to have, but its not too bad. takes about 1
hour to learn the setup if you're new to some of the tools but have
sendmail experience. i run it on OpenBSD. all that it does is accept mail,
scan it, make a decision, and pass it on to the Exchange SMTP servers. you
can also make it the mail server, but if you have a groupware server in
your LAN, like Notes' SMTP server or Exchange, then that's best done in
bridge/hub more in Sendmail.

http://www.impsec.org/email-tools/procmail-security.html

also look into libmilter, but that requires some programming skills. i
usually use Sendmail-8.11 but will start looking at the 8.12 betas now.

speaking of that, i know that kaspersky labs has an antiviral product for
Linux and FreeBSD. i recently wrote to them asking if they have tested
their product on OpenBSD, using the support for FreeBSD binaries. the
response: "you should really use Linux, its a growing market and is doing
well financially for people." my counter: "well, i develop for Linux and
OpenBSD, but don't trust Linux on the Internet. explore OpenBSD, it's
gaining momentum for a reason." frankly i think they're foolish to be so
closed minded. if anyone at kaspersky is reading this, i'm happy to test
it on OpenBSD using FreeBSD or Linux binary support.

http://www.kaspersky.com/

good luck.

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards