From: ger (gerdono at domain eircom.net)
Date: Thu 19 Sep 2002 - 22:51:02 IST
Bruce
A definite is to run a mail server sweep on Linux. Scaning for Virus on a
Windows Systems does not happen until a E-Mail is actually read.
In Outlook Express the client connection is ran in Microsoft Virtual
Machine, and virus scanners do not have access to scan this memory area.
Most AV Scanners will only pick up the virus when it attempts to write a
file or corrupt some system file. So user deletes such infected file but
the offending message is still in a dbx file in Outlook Express.
Also as has been seen recently some virus attack and disable AV Software on
Windows Systems.
System Scanning of AV Software on Windows clients also severely degrades
performance.
Since the most likely threat is from E-Mail. Sweeping on a system that is
unlikely to be infected by a virus is a good idea.
I have been running fetchmail/sendmail/cyrus configuration in conjunction
with Amavis on approx 8 customer sites for the last 2 years. These systems
have stopped approx 4000-5000 infected E-Mails in that period. Only one has
every got a past this, due to a bug in Reformime which was fixed within 2
days by reported by me to the maintainers.
This system has reduced these companies downtime due to virual infections
to nil.
Everytime there is a new outbreak of some WIN/32 worm I get to introduce
more Business in the area to Linux.
There are several combinations of doing this in Linux, but it is the best
way to protect Windows Systems for E-Mail Infections.
The above systems requires that you use a Linux Binary AV Scanning
Software. With regard to using commercial scanners please verify any
licences requirements as some require a licence for each user connecting to
such a system.
Regards Ger
P.S. Excuses typos but need a new keyboard !!
At 11:20 19/09/2002 +0100, Bruce Coker wrote:
>Hi all,
>I need to virus-protect a bunch of Windows 98 machines running Outlook
>Express. Does anyone know whether it would be better to virus-scan email
>on the Linux mail server instead of (or as well as) on the Windows
>clients? What software would it be best to do this with? Is it also
>possible/worthwhile to scan files downloaded from the Internet on the
>server, i.e. provide virus-protection at the firewall rather than on the
>clients? Any help/suggestions and pointers to good resources would be
>appreciated. I'm looking for the cheapest, quickest, easiest solution, but
>as a friend of mine used to say, I'll settle for any two of the three.
>Cheers,
>Bruce
>--
>Bruce Coker
>http://www.mgcs-consulting.com/
>
>-------------------------------------------------------------
>It's just been discovered that research causes cancer in rats
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:18:58 GMT