lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: pauls at utdallas.edu (Paul Schmehl)
Subject: Antivirus Software Solutions?

--On Friday, November 28, 2003 12:20 PM +1100 Paul Szabo 
<psz@...hs.usyd.edu.au> wrote:
>
> Do not use "traditional" AV at all (as that would never protect you from
> the latest virus). Rather, set up your email gateway to "defang" all
> suspicious emails (e.g. containing EXE or SCR or PIF, or ZIP,
> attachments); it is a matter to debate whether to reject (bounce), drop,
> or somehow encode such things so as to render harmless. - Probably you
> will want your email gateway to run UNIX/Linux, so you can set this up.
>
This is a good first step, but you should also have a/v protection at the 
gateway.  Look at amavisd and vexira if you're allowed to use open source. 
If you have to use commercial products, Sophos has a good gateway product. 
Trend is popular but not as good.

You might also consider some of the newer IPS appliances such as 
Tippingpoint, Fortigate or ISS's Proventia M.  These provide virus 
protection for all protocol streams, not just email, http and ftp.  (We are 
evaling all three of those.)

> Once your email gateway is "safe", any AV on desktops becomes much less
> important, but you may still want some "traditional" AV on your desktops;
> any reasonably well supported product should do.
>
This is horrible advice.  You *must* have traditional a/v on your desktops 
or some equivalent replacement.  The desktop is you last line of defense 
and often the only one that will "catch" things.  Gateway a/v scanners such 
as trend will do *nothing* to protect you against worms such as Blaster and 
Slammer.  There are just too many avenues for attack to leave the desktops 
unprotected; removeable media (CDs, floppies, DVDs, Zip disks), IRC, ICQ, 
P2P, IM, web, etc., etc.

Furthermore, you don't want just "any reasonable well supported product". 
You want a product that is highly effective against none viruses.  Some 
that fall in to that category are Sophos, McAfee, Kaspersky and Norton.

Foregoing the use of top notch protection on the desktops is a recipe for 
disaster.

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu


Powered by blists - more mailing lists