Some anti-virus products corrupt the information store. InnocuLAN
definitely does this; I'm not sure about Norton. However, since it's a
1.0 product, I'd rather be safe than sorry.
Plus, my Exchange admin says that Trend seems to be the one preferred by
most Exchange folks, although some people are taking a serious look at
Norton now.
Jen
Amit Choksi wrote:
>
> Doesn't Norton offer a program for Exchange? Is there something wrong with
> it? Please let me know as I was thinking about going with it for our
> system and replacing InnoculateIt which we are using now. Thanks
>
> On Sun, 20 Jun 1999, Jen wrote:
>
> > Analysis so far (comparison of firewall virus scanners, mostly Trend and
> > Symantec):
> >
> > 1. Trend is more flexible and has much better logging capabilities.
> > Norton might be able to stop more, but you can't really tell,
> > because it's logs tell you virtually nothing.
> > 2. CVP (at least on FW-1) is awful. A few reasons:
> > a. It is not possible to setup virus scans without having an SMTP
> > security server. Unfortunately, the one that comes with FW-1
> > leaves a lot to be desired (as in, if you try to use it for
> > outgoing mail, you're asking for trouble; it isn't capable of
> > querying DNS). So this means you have to setup another SMTP
> > server (or use an existing one as the security server). This
> > has its own set of problems, complicated by ...
> > b. There is no fault tolerance, nor is there any alert sent when
> > a server cannot be contacted. In other words, if FW-1 can't
> > find a server it needs (the security server, the CVP server,
> > etc.), it just denies the connection. Actually, if you don't
> > have an SMTP security server, it might be worse -- haven't
> > quite figured out what the default security server does yet.
> > The problem here is that the more servers you include in
> > virus scanning and firewalling, the more likely you are to
> > have a problem.
> > 3. Virus scanners do not offer a lot of flexibility. It would be
> > nice to be able to deny all attachments with the extension
> > .exe or .com, and quarrantine any that come in meeting those
> > criteria. Unfortunately, no product that I know of does this.
> > Norton allows you to stop .exe and .com files from coming
> > in, but it doesn't tell you that it's stopping them, nor the
> > names of the files it stops, nor ... well, you get the point.
> >
> > Conclusion: Virus scanning at the firewall is fraught with peril. Trend
> > offers a CVP-free way to do virus scanning (an SMTP server that scans
> > viruses and forwards to internal SMTP servers), which seems like the
> > best way to go. Norton has an SMTP product I haven't looked at yet, but
> > if it's as barren as their firewall product, there will be problems.
> > There might be other products that do this, too, and I'd appreciate
> > hearing of any. Unfortunately, from experience, the virus engine that
> > we trust the most tends to be Norton (the one we trust the least tends
> > to be NAI). I just wish they offered better tracking and management, a
> > la Trend. It's virtually impossible to tell what it's doing, which
> > frightens me.
> >
> > We use Exchange for e-mail, so if Norton's SMTP Gateway is decent, we'll
> > probably use it instead of Trend, and use Trend on the Exchange server.
> > If the gateway isn't decent, I guess we'll just trust Trend to catch
> > everything at the network and mail server level, and let Norton catch
> > stuff on file servers and desktops.
> >
> > Any feedback would be great.
> >
> > Thanks!
> >
> > Jen
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
