Analysis so far (comparison of firewall virus scanners, mostly Trend and
Symantec):
1. Trend is more flexible and has much better logging capabilities.
Norton might be able to stop more, but you can't really tell,
because it's logs tell you virtually nothing.
2. CVP (at least on FW-1) is awful. A few reasons:
a. It is not possible to setup virus scans without having an SMTP
security server. Unfortunately, the one that comes with FW-1
leaves a lot to be desired (as in, if you try to use it for
outgoing mail, you're asking for trouble; it isn't capable of
querying DNS). So this means you have to setup another SMTP
server (or use an existing one as the security server). This
has its own set of problems, complicated by ...
b. There is no fault tolerance, nor is there any alert sent when
a server cannot be contacted. In other words, if FW-1 can't
find a server it needs (the security server, the CVP server,
etc.), it just denies the connection. Actually, if you don't
have an SMTP security server, it might be worse -- haven't
quite figured out what the default security server does yet.
The problem here is that the more servers you include in
virus scanning and firewalling, the more likely you are to
have a problem.
3. Virus scanners do not offer a lot of flexibility. It would be
nice to be able to deny all attachments with the extension
.exe or .com, and quarrantine any that come in meeting those
criteria. Unfortunately, no product that I know of does this.
Norton allows you to stop .exe and .com files from coming
in, but it doesn't tell you that it's stopping them, nor the
names of the files it stops, nor ... well, you get the point.
Conclusion: Virus scanning at the firewall is fraught with peril. Trend
offers a CVP-free way to do virus scanning (an SMTP server that scans
viruses and forwards to internal SMTP servers), which seems like the
best way to go. Norton has an SMTP product I haven't looked at yet, but
if it's as barren as their firewall product, there will be problems.
There might be other products that do this, too, and I'd appreciate
hearing of any. Unfortunately, from experience, the virus engine that
we trust the most tends to be Norton (the one we trust the least tends
to be NAI). I just wish they offered better tracking and management, a
la Trend. It's virtually impossible to tell what it's doing, which
frightens me.
We use Exchange for e-mail, so if Norton's SMTP Gateway is decent, we'll
probably use it instead of Trend, and use Trend on the Exchange server.
If the gateway isn't decent, I guess we'll just trust Trend to catch
everything at the network and mail server level, and let Norton catch
stuff on file servers and desktops.
Any feedback would be great.
Thanks!
Jen
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
