Re: Anti Virus Solution
On Mon, Dec 13, 1999 at 11:50:54PM -0300, [EMAIL PROTECTED] wrote: > > > > It's fast, perl-based and specifically written for qmail. > > > > > > See http://www.geocities.com/jhaar/scan4virus/ for details... > > > > > I could not get it... Am I wrong? > Do you have another address? Sheezh - my fault - but Geocities is running the flakiest FTP server I've seen in a looong time. All fixed - the appropriate index.html file is now in place :-) -- Cheers Jason Haar Unix/Network Specialist, Trimble NZ Phone: +64 3 3391 377 Fax: +64 3 3391 417
Re: Anti Virus Solution
> > It's fast, perl-based and specifically written for qmail. > > > > See http://www.geocities.com/jhaar/scan4virus/ for details... > > I could not get it... Am I wrong? Do you have another address? -- Vicente Andrade VIRCOM Internet Solutions http://www.vircom.com.br http://www.10reais.com.br
Re: Anti Virus Solution
thanks a lot jason .. it works. - Original Message - From: "Jason Haar" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, December 14, 1999 9:24 AM Subject: Re: Anti Virus Solution > > how to get the Perl module Time::HiRes (if debugging enabled) ? *blushed* > > > > Well, I install all perl modules via > > perl -e 'use CPAN; install /Time::HiRes/' > > ...but that depends a lot on firewalls/etc. > > You can just go to CPAN and get it: > > http://search.cpan.org/search?module=Time::HiRes > > > -- > Cheers > > Jason Haar > > Unix/Network Specialist, Trimble NZ > Phone: +64 3 3391 377 Fax: +64 3 3391 417 >
Re: Anti Virus Solution
> how to get the Perl module Time::HiRes (if debugging enabled) ? *blushed* > Well, I install all perl modules via perl -e 'use CPAN; install /Time::HiRes/' ...but that depends a lot on firewalls/etc. You can just go to CPAN and get it: http://search.cpan.org/search?module=Time::HiRes -- Cheers Jason Haar Unix/Network Specialist, Trimble NZ Phone: +64 3 3391 377 Fax: +64 3 3391 417
Re: Anti Virus Solution
> It's fast, perl-based and specifically written for qmail. > > See http://www.geocities.com/jhaar/scan4virus/ for details... > > > > -- > Cheers > > Jason Haar > > Unix/Network Specialist, Trimble NZ > Phone: +64 3 3391 377 Fax: +64 3 3391 417 how to get the Perl module Time::HiRes (if debugging enabled) ? *blushed*
Re: Anti Virus Solution
On Thu, Dec 09, 1999 at 12:42:32PM -0600, Jennifer Tippens wrote: > I have gone through the list archive and the only information I can find > on this subject was listmembers asking about if there was any anti-virus > solution out there. > Is there any anti-virus thing out there that can scan for macro viruses > in Qmail? > I've written one in response to some design issue problems I had with amavis (like lack of error checking). It's now homed at Geocities and can scan all incoming SMTP Email via whatever virus scanners you have installed on your Qmail host (I use NAI's and Trends virus scanners). It's fast, perl-based and specifically written for qmail. See http://www.geocities.com/jhaar/scan4virus/ for details... -- Cheers Jason Haar Unix/Network Specialist, Trimble NZ Phone: +64 3 3391 377 Fax: +64 3 3391 417
Re: Anti Virus Solution
We use vfind as well, and are very happy with the product and the support we get. My company runs a commercial service protecting email from viruses, and since it's based on qmail I thought it appropriate to mention it here. If you want to 'roll your own' anti virus solution, here are some of the points we have found (based on 18 months worth of hard earned experience) you should consider. 1) Email is now the primary point of entry of viruses into most companies. Over the last 18 months we have found that on average 1 in every 1500 emails contains a virus. Emails from free mail services, such as hotmail/yahoo etc, contain a higher proportion of viruses. 2) If you only use one virus scanner, you will miss around 3% of viruses over the course of a year. This is because all the AV vendors have different schedules for issuing new signatures, and because they all find new viruses at slightly different times. The more virus scanners you add, the better your detection rate, but also the higher your costs are, and the longer it takes to scan mail. (We have currently settled on 3 scanners) 3) You have to be able to cope with all the obscure formats mail can arrive in (recursive mime, ZIP, binhex, microsoft propriatory etc etc) or you will miss viruses. 4) Updating your scanners with new signatures is very important. The new breed of email viruses spread so quickly that speed really is of the essence. For instance, the UK was hit badly on 29th March by the Melissa virus. However, the signatures to detect this virus were available at least 3 days before this date. To be truly effective, consider updating at least hourly, if not more often. 5) New viruses are often detected and publicised for some time before the signatures are available. Consider how you will deal with these threats before standard signatures are published. 6) All AV scanners generate some false alarms, so you will need to consider how to handle these 7) All AV scanners crash occasionally, (or worse, get into an infinite loop and never return) so you will need to consider how to handle this 8) You should consider training your help-desk to be virus-literate, since they will get a large number of queries about viruses. 9) Scanning will slow down mail delivery. To maintain the same level of service as before, we estimate you will need up to 10 times the current hardware (of course, if your current hardware is not running at full capacity, you won't need as much. 10) Linux virus scanners we have tried, and found to be good are (no particular order): NAI Antivirus www.nai.com Datafellows F-Secure www.datafellows.com Cybersoft vfind www.cyber.com Sophos Antivirus www.sophos.com If anyone is interested in a detailed comparison of these products, please contact me off the list. If anyone knows of any other linux AV products you think we should consider, please let me know. 11) To be truly effective, you may need to dedicate personell full-time to an anti-virus role. This will obviously depend heavily on the size of your company. Well, thats all I can think of off the top of my head. Hope it gives you all some food for thought! Alex ~ Alex Shipp Virus Technologist Starlabs www.starlabs.net E: [EMAIL PROTECTED] T: 44 1285 884400 ~ -Original Message- From: [EMAIL PROTECTED] <[EMAIL PROTECTED]> >Hi Jennifer, > >We use a commercial product called VFind, provided by a company found >on the web here: http://www.cyber.com/ This message has been checked for all known viruses by the Star Screening System http://academy.star.co.uk/public/virustats.htm
Re: Anti Virus Solution
Hi Jennifer, We use a commercial product called VFind, provided by a company found on the web here: http://www.cyber.com/ With a bit of a shell wrapper, you can make it into a generic scanning tool which works like this STDIN --> vfind --> STDOUT We call it from a .qmail-file, once for each incoming message, and let qmail assess our return code. Works quite well, and we've been happy with the support from them. And, yes, it does detect many of the different X97M and W97M virus variants. -Martin On 9 Dec, Jennifer Tippens wrote: : I have gone through the list archive and the only information I can find : on this subject was listmembers asking about if there was any anti-virus : solution out there. : Is there any anti-virus thing out there that can scan for macro viruses : in Qmail? : : Thanks so much for your time, : Jennifer : -- Martin A. Brown --- SecurePipe Communications --- [EMAIL PROTECTED]
RE: Anti Virus Solution
There is a package called "Amavis", but no one has been able to supply any information on how to get it to work. I couldn't find the patches in the archives, but I'd really love to know how I can get Amavis to work with qmail. Good luck, Jennifer. _ Dustin Miller, President WebFusionDevelopmentIncorporated -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 09, 1999 12:43 PM To: [EMAIL PROTECTED] Subject: Anti Virus Solution I have gone through the list archive and the only information I can find on this subject was listmembers asking about if there was any anti-virus solution out there. Is there any anti-virus thing out there that can scan for macro viruses in Qmail? Thanks so much for your time, Jennifer
Anti Virus Solution
I have gone through the list archive and the only information I can find on this subject was listmembers asking about if there was any anti-virus solution out there. Is there any anti-virus thing out there that can scan for macro viruses in Qmail? Thanks so much for your time, Jennifer
