On Jul 19, 2007, at 09:50, Neil Joseph Schelly wrote: > Scheduling a nightly scan is > relatively painless though and I think the performance benefit from > not > having the virus scanner constantly watching all disk activity is > probably > worth it.
In a world without ClamAV on your firewall and ClamAV on your squid proxy and ClamAV on your mail server, you can probably get away with this, but I've seen so many disasters averted by on-access scanners (Sophos SBE mostly where I've had to do installs) that you wouldn't want to be found with neither belt nor suspenders. All such incidents were triggered by people browsing compromised websites with IE, unfiltered, though the guy who just flew in from Dallas and has been whoring around airport wireless nets is still a vector to worry about. Ideally, outside Windows machines would be quarantined before being allowed on your secure network. MailScanner just implemented proper clamd support, which is supposed to be snappy, though I haven't tried it yet. ClamAV is now in Fedora - there was a wrinkle on many of my installs when it went into the Extras tree with different package names than RPMForge had used, but that's over with. Response time from the ClamAV team has been measured to be lower than commercial vendors in many cases (virustotal I think was the source on that) - that's not an issue to worry about. ClamAV can also be used for fun and games. There was a definition file to find insecure copies of zlib a while back: http://blog.bfccomputing.com/articles/2005/07/16/discovering- copies-of-zlib and there's a project to tag phishing and mail scams using ClamAV signatures. Did I mention Open is powerful? Oh, you knew that already. :) -Bill ----- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 [EMAIL PROTECTED] Cell: 603.252.2606 http://www.bfccomputing.com/ Page: 603.442.1833 Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/