include much needed antivirus products in FC2

Riku Meskanen mesrik at cc.jyu.fi
Mon Jan 5 20:01:53 UTC 2004 

On Mon, 5 Jan 2004, seth vidal wrote:

>
> Try this sometime - process 100000+ pieces of mail a day and see if AV
> scanning doesn't add much load? AV scanning centrally does NOT scale.
>
I don't think so. We have ~2M incoming mails a day on our currently 6
external  mail-gw's and virus scanning (uvscan) is not that big problem,
it does cause some load yes, but lot less than running spamassasin which
is a hog :(

> Moreover - if you are always protecting your users then they will never
> learn.
>
I'm not that interested arguing about whether AV should be
core package or not, but just a comment that today not having AV
in servers isn't always any more *your* choice even if it earlier
was.

It depends the legistation and other istitution in place, you may
well have to prove authorities that you have implemented adequate
measures protecting customers and you peers from abuse that might
take place from your site. If you don't and let's say a email spewing
worm gets loose in your network (like Sven did on some ISP's) you may
find yourself being ordered staying offline until you cleared the problem
and giving compensation to (innocent) customers suffering being
disconnected or denied SMTP service for some time. The Sonera, largest
commerial ISP in Finland was last fall hit by this kind of issue.

IMHO, you shouldn't rely single layer protection any more when it's
a matter of security, AV or FW etc. Get some depth in your defence.
It's better use both perimeter and host based measures to protect your
services and users.

If you have just either of these and that leaks wrong time for a reason
or another, you're in deep *hit. Depending your position and where you
work, relying on single layer and failing not to implement sane safety
measures against SPoF (Single Point of Failures) can even cost
you your job.

So, given the current situation what it is. Majority of network
users have a known sieve a.k.a windows¹ and once you have enough
users the propability get higher someone failing to keep system
patched and AV always up to date. If you don't like playing russian
roulette -- you should use perimeter AV measures too.

¹) Often and in practise it doesn't matter whose fault it is that
   windows is a sieve and what's the root cause of the problem.
   When *hit happens and user gets hit by a virus they will blame
   you that it came via your service and if you did nothing to stop it
   even you could have, it's not exactly good PR for your business.

HTH,

:-) riku

-- 
    [ This .signature intentionally left blank ]

More information about the fedora-devel-list mailing list