-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Todd Lyons wrote: > Buchan Milne wrote on Tue, Dec 10, 2002 at 04:42:32PM +0200 : > >>Some background >>1)Samba-vscan allows on-access scanning of files by samba, and will deny >>access (and in the latest version, inform the user by windows message >>that the file is infected) to infected files. It can be used with 5 >>commercial scanners (Sophos, <snip> > > > You're duplicating some of the work of the icheckd daemon, but if it's > better, that's terrific. What advantages do you perceive in having > samba do on access scanning versus letting icheckd do it? I see the > popup message as a really nice thing.
Note I haven't really used icheckd much, mainly since previous av stuff I used had been for mail (which is why there are amavis-ng packages in contrib) ... but Mostly that server load can be reduced. There's not much point in having all files scanned, for things like rsync'ing the whole data store on a samba server (100GB on our case) to a hot spare server (every four hours in our case). Same applies to people access files from a decent client OS, which gets it's files via NFS, and is almost guaranteed not to spread millions of files across the server at random times ;-). The only way a virus will get from one machine to another (in our setup) is via mail or files on the servers access from windows (we mostly don't have any shares accessible on client machines). We already have mail scanned, final route will disappear very shortly ... Plus, this allows more scanners to be used ... > > >>P.S. Our order for Sophos just went through, in case you were >>wondering. > > > I use Sophos at a client's. Integrating the scanner into Postfix is > SUPER SIMPLE as well. What did you use? amavis-ng is pretty easy (if you have working perl modules, ones in 9.0 contrib were broken), just setup a filter in master.cf, and have the smtpd filter through it. > It scans all inbound and outbound messages. It's > caught everything I've ever thrown at it. It's amazing how many KLez-H > virii are out there. > We now have scanning upstream (finally!), but we have caught some people internally (which is why we finally insisted on av for client machines on trashy OSs). So, any opinion on what to do with the vscan modules?? Buchan - -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE994VvrJK6UGDSBKcRAl0wAKDJHBYSdg8uvR06FFfywNTHNXkXOQCdFp2G og2KnAtRKRplbEM+SY867hw= =IM6J -----END PGP SIGNATURE-----
