Full Disclosure mailing list archives
Re: Antivirus Software Solutions?
From: Paul Schmehl <pauls () utdallas edu>
Date: Fri, 28 Nov 2003 08:58:58 -0600
--On Friday, November 28, 2003 12:20 PM +1100 Paul Szabo <psz () maths usyd edu au> wrote:
This is a good first step, but you should also have a/v protection at the gateway. Look at amavisd and vexira if you're allowed to use open source. If you have to use commercial products, Sophos has a good gateway product. Trend is popular but not as good.Do not use "traditional" AV at all (as that would never protect you from the latest virus). Rather, set up your email gateway to "defang" all suspicious emails (e.g. containing EXE or SCR or PIF, or ZIP, attachments); it is a matter to debate whether to reject (bounce), drop, or somehow encode such things so as to render harmless. - Probably you will want your email gateway to run UNIX/Linux, so you can set this up.
You might also consider some of the newer IPS appliances such as Tippingpoint, Fortigate or ISS's Proventia M. These provide virus protection for all protocol streams, not just email, http and ftp. (We are evaling all three of those.)
This is horrible advice. You *must* have traditional a/v on your desktops or some equivalent replacement. The desktop is you last line of defense and often the only one that will "catch" things. Gateway a/v scanners such as trend will do *nothing* to protect you against worms such as Blaster and Slammer. There are just too many avenues for attack to leave the desktops unprotected; removeable media (CDs, floppies, DVDs, Zip disks), IRC, ICQ, P2P, IM, web, etc., etc.Once your email gateway is "safe", any AV on desktops becomes much less important, but you may still want some "traditional" AV on your desktops; any reasonably well supported product should do.
Furthermore, you don't want just "any reasonable well supported product". You want a product that is highly effective against none viruses. Some that fall in to that category are Sophos, McAfee, Kaspersky and Norton.
Foregoing the use of top notch protection on the desktops is a recipe for disaster.
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Antivirus Software Solutions? Nick Price (Nov 27)
- Re: Antivirus Software Solutions? William Warren (Nov 29)
- <Possible follow-ups>
- Re: Antivirus Software Solutions? Paul Szabo (Nov 27)
- Re: Antivirus Software Solutions? Christopher Allene (Nov 27)
- Re: Antivirus Software Solutions? Paul Schmehl (Nov 28)
- RE: Antivirus Software Solutions? Anthony Aykut (Nov 28)
- Message not available
- Antivirus Software Solutions? Marc Chabot (.net) (Nov 29)
- Re: Antivirus Software Solutions? Paul Schmehl (Nov 29)
- moving bscabl (Nov 29)
- RE: moving Poof (Nov 29)
- Re: Antivirus Software Solutions? Manfred Schmitt (Nov 29)