include much needed antivirus products in FC2
seth vidal
skvidal at phy.duke.edu
Tue Jan 6 00:55:48 UTC 2004
> Ah, but you are so wrong.
And yet I don't think I am, how funny.
:)
> If I scan at the e-mail gateways, I accomplish at least these seven things:
> 1.) I protect outgoing mail for outside people, thus limiting the spread of
> worms if and when the desktop does get compromised;
If your workstations are patched and kept patched in an automated way
aren't you doing this as well?
Is it likely your server will be patched before the workstation? If so.
why? Why not have the same infrastructure for supplying updates to both?
And if you have it for both, why not just leave it on the place where
the infection occurs?
> 2.) Because of 1, I limit my liability exposure if one of my users infects
> someone outside with a bad worm;
liability to what? I've forgotten when was the last lawsuit for
'internet worm ravages the world"?
> 3.) Well over 99.99% of viruses come in via e-mail;
Wow is that a real statistic or did you pick it fresh out of the air?
> 4.) Scanning and stripping the executable reduces my users' POP/IMAP
> bandwidths; some of these guys are using IPsec over dialup, where every 150K
> windows worm eats time (and those 150K worms add up fast, when over a
> thousand per hour are traversing the incoming e-mail gateway! (which has
> happened a couple of times here)) : the desktop-based scanner still has to
> download the e-mail;
This is an argument I can understand. But I don't have any of those
users and I hope that dial up users are slowly slowly slowly diminishing
from existence. I know they're not but I like to pretend :)
> 5.) Stripping ALL executable attachements (using MIMEDefang, MailScanner,
> Sophos MailMonitor (which can just simply delete executable attachments out
> of hand as well as scanning them), or other tool of choice) protects against
> many unknown viruses and Trojans;
And gets a fair number of false positives but...
> 6.) Installing an e-mail gateway scanner is very little effort and very little
> cost;
Depending on your mail volume.
> 7.) E-mail scanning has massive bang-for-the-buck: what viruses are left that
> come in other ways probably (not always) will be isolated incidents; an
> e-mail worm can propagate like wildfire (not always true, but almost always
> true) and quickly swamp response teams, because e-mail worms never come in
> one at a time....
Again, depending on your volume.
> Further, with Sophos Enterprise Manager you can have centralized desktop
> scanner updates and management (as I'm sure NAV Enterprise also allows),
> which gives you the best of both worlds.
And it only costs $8trillion. Seriously sophos is prohibitively
expensive and closed source, and provides their own perl and, and, and,
and.... it's not something I'll be using anytime soon.
-sv
More information about the fedora-devel-list
mailing list