lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B5807E04498@isabella.herefordshire.gov.uk>
Date: Thu Aug 11 10:50:06 2005
From: prandal at herefordshire.gov.uk (Randal, Phil)
Subject: Antivirus

Given the speed at which viruses can spread, daily (or more frequent)
pattern updates are a must.

As the virus attack vector is still mainly via email, you need to
rigorously scan all incoming emails at the perimeter (and block all
executables via email).  We use MailScanner (www.mailscanner.info) on a
Linux box with ClamAV (www.clamav.net), Bitdefender
(www.bitdefender.com), and McAfee's uvscan to scan all emails.  Both
ClamAV and Bitdefender update their patterns when needed and not to some
arbitrary schedule.  We check for pattern updates hourly.

The advantage of blocking at the perimeter is that when your server or
desktop antivirus starts screaming, you know that the infection has come
via user action or infected PCs being connected to your internal
network.

Cheers,

Phil

----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK  

> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk 
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf 
> Of Larry Seltzer
> Sent: 10 August 2005 18:08
> To: full-disclosure@...ts.grok.org.uk
> Subject: RE: [Full-disclosure] Antivirus
> 
> >>BitDefender. ... not as expensive as Symantec.  Faster updates.. 
>  
> That's another point worth making generally: everyone updates 
> faster than Symantec.  Symantec sends out normal updates once 
> a week and an attack has to be nuclear war for them to go 
> "out of cycle."
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ