Hmm... interesting. Does anyone else have any thoughts on Norton for
Exchange? I would particularily be interested in hearing if anyone had any
corruption problems with it.
On Sun, 20 Jun 1999, Jen wrote:
> Some anti-virus products corrupt the information store. InnocuLAN
> definitely does this; I'm not sure about Norton. However, since it's a
> 1.0 product, I'd rather be safe than sorry.
>
> Plus, my Exchange admin says that Trend seems to be the one preferred by
> most Exchange folks, although some people are taking a serious look at
> Norton now.
>
> Jen
>
> Amit Choksi wrote:
> >
> > Doesn't Norton offer a program for Exchange? Is there something wrong with
> > it? Please let me know as I was thinking about going with it for our
> > system and replacing InnoculateIt which we are using now. Thanks
> >
> > On Sun, 20 Jun 1999, Jen wrote:
> >
> > > Analysis so far (comparison of firewall virus scanners, mostly Trend and
> > > Symantec):
> > >
> > > 1. Trend is more flexible and has much better logging capabilities.
> > > Norton might be able to stop more, but you can't really tell,
> > > because it's logs tell you virtually nothing.
> > > 2. CVP (at least on FW-1) is awful. A few reasons:
> > > a. It is not possible to setup virus scans without having an SMTP
> > > security server. Unfortunately, the one that comes with FW-1
> > > leaves a lot to be desired (as in, if you try to use it for
> > > outgoing mail, you're asking for trouble; it isn't capable of
> > > querying DNS). So this means you have to setup another SMTP
> > > server (or use an existing one as the security server). This
> > > has its own set of problems, complicated by ...
> > > b. There is no fault tolerance, nor is there any alert sent when
> > > a server cannot be contacted. In other words, if FW-1 can't
> > > find a server it needs (the security server, the CVP server,
> > > etc.), it just denies the connection. Actually, if you don't
> > > have an SMTP security server, it might be worse -- haven't
> > > quite figured out what the default security server does yet.
> > > The problem here is that the more servers you include in
> > > virus scanning and firewalling, the more likely you are to
> > > have a problem.
> > > 3. Virus scanners do not offer a lot of flexibility. It would be
> > > nice to be able to deny all attachments with the extension
> > > .exe or .com, and quarrantine any that come in meeting those
> > > criteria. Unfortunately, no product that I know of does this.
> > > Norton allows you to stop .exe and .com files from coming
> > > in, but it doesn't tell you that it's stopping them, nor the
> > > names of the files it stops, nor ... well, you get the point.
> > >
> > > Conclusion: Virus scanning at the firewall is fraught with peril. Trend
> > > offers a CVP-free way to do virus scanning (an SMTP server that scans
> > > viruses and forwards to internal SMTP servers), which seems like the
> > > best way to go. Norton has an SMTP product I haven't looked at yet, but
> > > if it's as barren as their firewall product, there will be problems.
> > > There might be other products that do this, too, and I'd appreciate
> > > hearing of any. Unfortunately, from experience, the virus engine that
> > > we trust the most tends to be Norton (the one we trust the least tends
> > > to be NAI). I just wish they offered better tracking and management, a
> > > la Trend. It's virtually impossible to tell what it's doing, which
> > > frightens me.
> > >
> > > We use Exchange for e-mail, so if Norton's SMTP Gateway is decent, we'll
> > > probably use it instead of Trend, and use Trend on the Exchange server.
> > > If the gateway isn't decent, I guess we'll just trust Trend to catch
> > > everything at the network and mail server level, and let Norton catch
> > > stuff on file servers and desktops.
> > >
> > > Any feedback would be great.
> > >
> > > Thanks!
> > >
> > > Jen
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > >
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
