One product you might want to look into is Cisco Security Agent or CSA. CSA runs on all NT Class machines and works as a kind of a Personal Firewall. It does this through OS behavior monitoring and then reports any suspicious activity to a centralized console called VMS. The VMS console can read the log information leading up to a successful block and compare that information from other CSA agents running on other machines to determine if a new rule needs to be generated and pushed out to the clients to block a new worm or attack that may be active on your network. CSA's rules can be customized down to a very detailed level and provides a proactive approach for combating new viruses and system compromise attempts and it does not need any definitions to do so, because it works by monitoring OS behavior. CSA will also work in combination with Cisco VPN concentrators by only allowing machines that have CSA running to connect to the VPN. Here are some links for more info.
http://www.cisco.com/en/US/products/sw/secursw/ps5057/index.html http://www.cisco.com/en/US/products/sw/cscowork/ps2330/ If I made any mistakes in my description please let me know as I only told this information at Cisco Security Seminar and I may have forgot some things or explained them incorrectly. Kevin -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gadi Evron Sent: Tuesday, January 27, 2004 5:10 AM To: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] antivirus s/w Patrick J Okui wrote: > Hi all, > > (.*flames.*>/dev/null) > > 1. I'm trying to decide on an AV solution for a campus wide n/w. > I'm basically looking for something that'll respond as quick as > possible to new viruses. I'm currently evaluating NAV, and Fprot. > Any other suggestions/recomendations? To install on every workstation or to filter malware from email? > > 2. Fprot have an AV 4 linux/bsd workstations....does this just > scan for virii from infected winbloze or are there un*x virii i'm > ignorant about? A better question would be.. rootkits? Gadi Evron _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html