Date: Sat, 13 Mar 1999 22:12:45 -0600 (CST) From: James Wyatt <jwyatt@RWSystems.net> To: nick@FERALMONKEY.ORG Cc: Fernando Schapachnik <fpscha@ns1.sminter.com.ar>, freebsd-security@freebsd.org Subject: Re: WinVirus scannig on a FreeBSD FW Message-ID: <Pine.BSF.4.05.9903131950110.29916-100000@kasie.rwsystems.net> In-Reply-To: <Pine.BSF.4.05.9903130000210.927-100000@shibumi.feralmonkey.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 13 Mar 1999 nick@FERALMONKEY.ORG wrote:
> On Fri, 12 Mar 1999, Fernando Schapachnik wrote:
> > I'd like to set up a firewall in which I can scan for PC viruses.
> > Does anybody know if there's such a tool for FreeBSD?
> You need to clarify what you said somewhat. Firstly, do you intend to do
> local scanning of viruses on the firewall? Do you intend to scan viruses
> as they pass through the firewall? I suspect it's the latter.
We found this did not provide enough coverage for our customers - it only
got obvious incoming email viruses. It didn't catch infected webmail,
interdepartmental (Ted brought floppy with infected .doc file), or stuff
buried in .zip files or web pages.
We support a number of firewalls with sendmail or smail on FreeBSD or AIX
or Linux. There are not many solutions that scan well here even if the
coverage was good enough.
Since our biggest customer (8000+ desktops) began the change from OS/2
w/Lotus Suite to NT and Office Suite, they have been hit with numerous
Office viruses. (Word, Excell, etc...) We are looking at tools that scan
the Exchange mailboxes, catching *anything* in almost everyone's email. We
are also using Tivoli to pseudorandomly update the McAfee databases on the
NT workstations. (Nothing like thousands of workstations all downloading a
large file on the 1st of the month!)
> There are some commercial products available that act as mail proxies
> which enforce "content security" as mail passes through. If you want
Our favorite here was MailShield, but it was for mime-type and size
filtering. I hadn't seen anything that did 'content security' against
virulent files on FreeBSD either. I can't screen all the .doc files as
much as I wish I could... 8{)
So, why did uSoft make OutLook default to sending .doc files? Was it to
make the docs look better to Win32 users? Was it to ensure the GUID info
was included without munging the message-id? Was it to sell more antivirus
software?
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9903131950110.29916-100000>