"D.Kumareshan" <[EMAIL PROTECTED]> wrote:
> windows platform. As of now, we don't have any
> package which checks the incoming mail to our place
> for virus. We are planning to have one.
>
> I request the esteemed members to give some suggestion
> of some commercial product which might take care
> of my requirement.
For a freeware/commercial combination, you might want to check
out my free Anomy sanitizer at http://mailtools.anomy.net/, and
use it to invoke one of the commercial file scanners on
untrustworthy attachments.
The mailtools page also contains links to quite a few other
open source mail filtering tools.
The Anomy sanitizer blocks a large number of common
email-related security problems and allows you to define a
policy of what to do to different kinds of attachments (accept,
virus scan, drop, mangle file name, ...). It's a perl program
and has been tested with Sendmail and Qmail, although it should
be possible to get it to work with other MTAs as well.
<soapbox mode=on>
It's my experience that although commercial antivirus solutions
are much better than nothing, it is far more effective to
simply say "hey, I don't need those .vbs and .exe attachments",
and remove them at the gateway.
Commercial antivirus solutions excell at detecting and removing
macro viruses (heuristics do a good job finding new macro
viruses) but they do very poorly against trojan horse attacks,
where users are simply tricked into executing a malicious
binary. And even daily updates of a scanner's vulnerability
database don't help at all when the whole outbreak happens
faster than the virus scanner vendors can analyze the problem.
Think about it - all the biggest recent outbreaks were trojan
horse attacks: melissa, "i love you", and now navidad and
hybris. The recent Microsoft hack falls in this category as
well. Defining and enforcing an acceptible-attachment policy
is (IMHO) the only strategy that will let you manage these
risks - traditional virus scanners won't (but they *will* use
these incidents to advertise their products!).
So whether you decide to use a commercial solution or a free
one, I'd highly recommend putting a policy-based attachment
filtering tool on your shopping list, in addition to a virus
scanner.
<soapbox mode=off>
Hope this helps!
--
Bjarni R. Einarsson PGP: 02764305, B7A3AB89
[EMAIL PROTECTED] -><- http://bre.klaki.net/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
