[<prev] [next>] [day] [month] [year] [list]
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B5807E04498@isabella.herefordshire.gov.uk>
Date: Thu Aug 11 10:50:06 2005
From: prandal at herefordshire.gov.uk (Randal, Phil)
Subject: Antivirus
Given the speed at which viruses can spread, daily (or more frequent)
pattern updates are a must.
As the virus attack vector is still mainly via email, you need to
rigorously scan all incoming emails at the perimeter (and block all
executables via email). We use MailScanner (www.mailscanner.info) on a
Linux box with ClamAV (www.clamav.net), Bitdefender
(www.bitdefender.com), and McAfee's uvscan to scan all emails. Both
ClamAV and Bitdefender update their patterns when needed and not to some
arbitrary schedule. We check for pattern updates hourly.
The advantage of blocking at the perimeter is that when your server or
desktop antivirus starts screaming, you know that the infection has come
via user action or infected PCs being connected to your internal
network.
Cheers,
Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf
> Of Larry Seltzer
> Sent: 10 August 2005 18:08
> To: full-disclosure@...ts.grok.org.uk
> Subject: RE: [Full-disclosure] Antivirus
>
> >>BitDefender. ... not as expensive as Symantec. Faster updates..
>
> That's another point worth making generally: everyone updates
> faster than Symantec. Symantec sends out normal updates once
> a week and an attack has to be nuclear war for them to go
> "out of cycle."
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Powered by blists - more mailing lists