On Mon, 10 Feb 2003, Chuck Yerkes wrote: > Virus "attacks" usually come hard and fast at once. Server scanning > is a great way to do denial of service on yourself. Scan > it on landing and those hundreds of 600MHz+ machine out there > scan as the mail comes down.
If things are that bad, then throttling the server is a good thing, to be honest. > Given floppies, USB thumb drives, and CDs with Virii (thanks MS > for that one), you must scan on the machine. Yes, but the best approach is (and always has been) "belt, braces, safety pins" Just ask the companies who relied on their firewalls to keep out slammer instead of patching their servers. Several large outfits were fine for a few days, until slammer got in via a backdoor and then proceeded to trash the internal network. > It's WAY offtopic for QPopper, but commercial Sendmail (Inc) > has anti-spam and anti-virus milters available for $$$$. Non-commercial sendmail does too. Google on "milter" The CPU required to filter the average small-medium company isn't trivial, but it's usually no more than comes as standard with most desktop systems these days. > Me? I use spamassassin, but mostly get amused at the floods > of viruses trying to run on my BSD/Alpha box. Ditto, although Tru64/OpenVMS and Linux are the order of the day here. If people want to be really paranoid, they should look at the F-Prot stateful firewall. It's not cheap ($50,000 IIRC), but it inspects everything passing in or out on every port for malicious content. AB
