Snort mailing list archives
RE: SMTP Virus Gateway
From: "K.S.NARAYANAN" <knarayan () mahindrabt com>
Date: Mon, 17 Jun 2002 09:56:54 +0530
Visit www.mspl.net also . We are using it with lot of customization ( thanks to mspl ) to suit our needs like attachment blocking with a exception list ( VVIP users ) , monitoring ( perl cgi ) scripts from unix boxes etc.. -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of McCammon, Keith Sent: Friday, June 14, 2002 9:53 PM To: Joshua James Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] SMTP Virus Gateway I've always used McAfee WebShield SMTP with great success. Then again, I also do a blanket drop of all .exe, .vbs, .bat, etc. <OT Rant> Virii are ever-changing, and are spreading faster and faster. And as many improvements as we've seen in AV, we're still seeing large-scale global infections. Given these conditions, I can think of *very* few excuses for an administrator to continue allowing the aforementioned attachments (and others, not listed for the sake of brevity). At some point folks need to learn that the software won't always save your a**, and that we need to start being intrusive/proactive. </OT Rant> In short, we could spend weeks talking about which AV gateways let which virii pass through the filters, but it's largely irrelevant. The problem *can* be fixed. Getting back on topic: McAfee (properly configured) works great for me, and always has! Cheers! Keith -----Original Message----- From: Joshua James [mailto:joshua.james () steritech com] Sent: Friday, June 14, 2002 12:04 PM Cc: 'snort-users () lists sourceforge net' Subject: Re: [Snort-users] SMTP Virus Gateway On Fri, 2002-06-14 at 11:39, Madziarczyk, Jonathan wrote:
Hey all, So I've got my snort rules set up to alert on possible Klez Viruses (as well as other e-mail transferred viruses, like Code Red, etc). That seems to be working pretty well. As expected, I do seem to be missing some
resets
via flexresp and I'd prefer not to use it anyway just to avoid blocking false positives. Is there a product out there that works well at blocking inbound/outbound viruses on e-mail? I'm trying to find something that
works
on both straight SMTP (unix and listservs) and ESMTP (Exchange). So what
do
the experts (you) recommend?
NOT Norton AntiVirus gateway. I can't speak for anything except the version I use but if the company handles any other version the same way I'd stay away. Both SirCam and Klez come right through. I already had to upgrade once for SirCam, I'm not doing it again. I need to find a new product as well. _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list ********************************************************* Disclaimer This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. ********************************************************* Visit us at http://www.mahindrabt.com _______________________________________________________________ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: SMTP Virus Gateway McCammon, Keith (Jun 14)
- RE: SMTP Virus Gateway K.S.NARAYANAN (Jun 16)
- <Possible follow-ups>
- RE: SMTP Virus Gateway matt (Jun 14)