Re: [Qmail-scanner-general]amavis or qmail-scanner ?
I have a lot of trigger-happy users who seem to enjoy double clicking attachments. Most of the time, a few hours after a major virus is discovered, we have an update made, but in the meanwhile we could have had hundreds of e-mails come in with the virus. Our environment runs Windows, and we find that by stripping any attachments that could be double-clicked on and contain a virus (ie vbs, scr, exe soon when I can convince management). I use qmail-scanner for this. It also helps us to monitor e-mail usage and see who are the people wasting all our bandwidth sending MPGs, AVIs, MP3s, etc, and take the necessary disciplinary action. Since neither amavis nor qmail-scanner are REALLY virii scanners (they just spawn scanners), I prefer qmail-scanner since it offers the ability to block attachment types as well. Of course, we also run Norton Antivirus across all our desktops. With the corporate edition, its really easy to install. Open up your MMC, go Tools...Client Install, select the 100 workstations in the building, hit Go, and it installs the virii scanning software across all of our workstations, and they all pull the latest updates off our central NAV server whenever new ones arrive. Of course I've moved OT now... Brett. -- "I'm not dumb. I just have a command of throughly useless information." - Calvin, of Calvin and Hobbes
RE: [Qmail-scanner-general]amavis or qmail-scanner ?
Well, I agree wholeheartedly, it's a must to have the desktop covered, but if you don't try to catch the virii coming in, you'll never have any idea about what comes in by mail, as most users will soon not tell you about it anymore. I use amavis on the internet connected systems, and inflex on the inside where I still run sendmail due to the way we distribute the mail to different servers. Both use mcafee, and I get a warning the moment something suspicious is sent by email. If there's a wave of virii coming in, which has happened, I know what's going on, I can block that site even, if I want to. On the other hand, if something happens on a machine that isn't protected, and something bad gets sent, it'll quite likely get caught before it goes out onto the 'net. Currently there is no liability on that, but what if there is ? A mailicious user is all it takes. How many companies will be happy about being the source of a new virus ? It doesn't cost me anything extra, we're not that large, it's all automated and well within the machines' capabilities. If you can do it, it'll save you lots of worries and work. especially if your users barely know how to work their machines, let alone handle a virus warning message :-) I get at least 2 or more warnings a day on stuff that gets caught, I think that's been worth the trouble of setting things up. Marc
RE: [Qmail-scanner-general]amavis or qmail-scanner ?
I absolutely disagree. You guys remember those Outlook bugs a few months ago? We didn't have one get in here, although I was returning dozens of rejected mails to other companies that got hit. Given how hard it is to arrange timely upgrading of desktop antivirus software over an enterprise on every computer, I'm not terribly surprised that the other companies got hit. I am not saying that desktop virus detectors are not important, they are very important *too. The operative word is too. Use both, but check the statistics on how many viruses are getting sent by email first - just to check my reasoning out. A good mail checker that gets updated multi-daily will keep bugs out extremely effectively. With windoze you take your chances with viruses, if you just use a desktop scanner - face it the operating system is riddled with holes that have to be filled almost hourly :) (My favorite is Sophos with-in qmail, I LIKE IT, but this letter isn't meant to be a plug.) Cheers -Mike -Original Message- From: Bruno Wolff III [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 28, 2001 8:59 AM To: Jérémy Cluzel Cc: Qmail cr.yp.to Subject: Re: [Qmail-scanner-general]amavis or qmail-scanner ? On Wed, Feb 28, 2001 at 11:23:20AM +0100, Jérémy Cluzel <[EMAIL PROTECTED]> wrote: > and wath about scanners ? which is the best one ? and why ? > are they really needed for such antivirus ? > I've heard that some AV (live avp) have their own scanner (which tends to > replace amavis or qmail scanner). I my opinion, doing the virus scanning on the mail server is a waste of resources. It doesn't fully protect the people/systems that need protection and it wastes resources protecting people/systems that don't need protection. For people/systems that need antivirus protection, get something on their desktop that can guard (as well as antvivirus stuff can) against files entering the system by email, web downloads, portable media and file sharing. Have something in place to automatically do updates (availability of updates should be checked daily) from a local mirror. (You don't want to get stuff directly from the antivirus people as they screw up once in a while and the updates should be tested for your environment before being used.)
Re: [Qmail-scanner-general]amavis or qmail-scanner ?
On Wed, Feb 28, 2001 at 11:23:20AM +0100, Jérémy Cluzel <[EMAIL PROTECTED]> wrote: > and wath about scanners ? which is the best one ? and why ? > are they really needed for such antivirus ? > I've heard that some AV (live avp) have their own scanner (which tends to > replace amavis or qmail scanner). I my opinion, doing the virus scanning on the mail server is a waste of resources. It doesn't fully protect the people/systems that need protection and it wastes resources protecting people/systems that don't need protection. For people/systems that need antivirus protection, get something on their desktop that can guard (as well as antvivirus stuff can) against files entering the system by email, web downloads, portable media and file sharing. Have something in place to automatically do updates (availability of updates should be checked daily) from a local mirror. (You don't want to get stuff directly from the antivirus people as they screw up once in a while and the updates should be tested for your environment before being used.)
Re: [Qmail-scanner-general]amavis or qmail-scanner ?
and wath about scanners ? which is the best one ? and why ? are they really needed for such antivirus ? I've heard that some AV (live avp) have their own scanner (which tends to replace amavis or qmail scanner). - Original Message - From: "Alex at messagelabs" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, February 28, 2001 11:08 AM Subject: Re: [Qmail-scanner-general]amavis or qmail-scanner ? > >2) as antivirus ? H+BEDV AntiVir, AVP, Sophos Sweep,or McAfee ViruScan ? I used avp for a while > >(and I find it very efficient), but doesn't know the other ones... > > Don't know about H+BEDV AntiVir > > McAfee is currently best for detecting new viruses, and has been for a while > AVP is also good at this > > McAfee, AVP and Sweep are all good at detecting known viruses > McAfee, AVP and Sweep all have few false positives > > Consider issues also like support and ability to update easily, which I can't > help you with. > > Alex > ~ > Alex Shipp > Imagineer > E: [EMAIL PROTECTED] > T: +44 1285 884496 > M: 07899 937132 > T: 01285 884496 > > > ___ > This message has been checked for all known viruses by the > MessageLabs Virus Control Centre. For further information visit > http://www.messagelabs.com/stats.asp
Re: [Qmail-scanner-general]amavis or qmail-scanner ?
>2) as antivirus ? H+BEDV AntiVir, AVP, Sophos Sweep,or McAfee ViruScan ? I used avp >for a while >(and I find it very efficient), but doesn't know the other ones... Don't know about H+BEDV AntiVir McAfee is currently best for detecting new viruses, and has been for a while AVP is also good at this McAfee, AVP and Sweep are all good at detecting known viruses McAfee, AVP and Sweep all have few false positives Consider issues also like support and ability to update easily, which I can't help you with. Alex ~ Alex Shipp Imagineer E: [EMAIL PROTECTED] T: +44 1285 884496 M: 07899 937132 T: 01285 884496 ___ This message has been checked for all known viruses by the MessageLabs Virus Control Centre. For further information visit http://www.messagelabs.com/stats.asp
