From owner-freebsd-security Sat Mar 13 20:47:55 1999 Delivered-To: freebsd-security@freebsd.org Received: from host07.rwsystems.net (kasie.rwsystems.net [209.197.192.103]) by hub.freebsd.org (Postfix) with ESMTP id 7C9A414FAE for ; Sat, 13 Mar 1999 20:47:38 -0800 (PST) (envelope-from jwyatt@RWSystems.net) Received: from kasie.rwsystems.net([209.197.192.103]) (2641 bytes) by host07.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Sat, 13 Mar 1999 22:12:47 -0600 (CST) (Smail-3.2.0.104 1998-Nov-20 #1 built 1998-Dec-24) Date: Sat, 13 Mar 1999 22:12:45 -0600 (CST) From: James Wyatt To: nick@FERALMONKEY.ORG Cc: Fernando Schapachnik , freebsd-security@freebsd.org Subject: Re: WinVirus scannig on a FreeBSD FW In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 13 Mar 1999 nick@FERALMONKEY.ORG wrote: > On Fri, 12 Mar 1999, Fernando Schapachnik wrote: > > I'd like to set up a firewall in which I can scan for PC viruses. > > Does anybody know if there's such a tool for FreeBSD? > You need to clarify what you said somewhat. Firstly, do you intend to do > local scanning of viruses on the firewall? Do you intend to scan viruses > as they pass through the firewall? I suspect it's the latter. We found this did not provide enough coverage for our customers - it only got obvious incoming email viruses. It didn't catch infected webmail, interdepartmental (Ted brought floppy with infected .doc file), or stuff buried in .zip files or web pages. We support a number of firewalls with sendmail or smail on FreeBSD or AIX or Linux. There are not many solutions that scan well here even if the coverage was good enough. Since our biggest customer (8000+ desktops) began the change from OS/2 w/Lotus Suite to NT and Office Suite, they have been hit with numerous Office viruses. (Word, Excell, etc...) We are looking at tools that scan the Exchange mailboxes, catching *anything* in almost everyone's email. We are also using Tivoli to pseudorandomly update the McAfee databases on the NT workstations. (Nothing like thousands of workstations all downloading a large file on the 1st of the month!) > There are some commercial products available that act as mail proxies > which enforce "content security" as mail passes through. If you want Our favorite here was MailShield, but it was for mime-type and size filtering. I hadn't seen anything that did 'content security' against virulent files on FreeBSD either. I can't screen all the .doc files as much as I wish I could... 8{) So, why did uSoft make OutLook default to sending .doc files? Was it to make the docs look better to Win32 users? Was it to ensure the GUID info was included without munging the message-id? Was it to sell more antivirus software? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message