Hello list,
I have a question for the many sharp minds on this list.
The company I work for deploys a lot of Linux systems as Internet gateways,
making use of things like IPChains and Squid to provide firewall protection.
We also use Linux as a server platform in many cases, include acting as a file
and mail server for MS-Windows machines.
One of the concerns our customers face is virus infection on their Windows
systems. We make extensive use of desktop-based anti-virus products, but this
is a sub-optimal solution in many respects. Making sure everyone's desktop
has an anti-virus product installed, configured properly, enabled, and
up-to-date is a major headache, and not something I like to count on.
What I would like is to be able to provide anti-virus protection at the
Linux server, as well as on the MS-Windows desktop. This would reduce
administration costs and make the anti-virus protection considerably tighter.
The question is, of course: How?
I see four critical areas:
(A) On-demand scanning of Linux filesystems
(B) On-access scanning of files being served over the network
(C) Scanning of email attachments as they come into the system
(D) Scanning of files downloaded from the web through the Linux gateway box
In detail:
(A) On-demand scanning of Linux filesystems
I would like to schedule periodic (say, nightly or weekly) scans of all
files on the entire system, such that any infected or otherwise dangerous
files are found, and the admins alerted. This is available now, from several
commercial vendors. These include:
McAfee VirusScan, a well-known name in the Windoze anti-virus market, is
also available in a Linux version (look for "Broadest Platform Support",
about 2/3 of the way down the page):
http://www.mcafeeb2b.com/products/virusscan/default-desktop-protection.asp
F-Secure Anti-Virus comes in a Linux version:
http://www.fsecure.com/products/anti-virus/workstations/
Sophos, a new one to me, claims to support Linux:
http://www.sophos.com/products/antivirus/savunix.html
Anti-Viral Toolkit Pro looks a little cheesy but serves fair mention:
http://www.avp.com/
Computer Associates InoculateIT has a press release claiming to support
Linux, but that is about as far as their support goes, as far as I can tell:
http://www.cai.com/press/1999/11/inoculateit.htm
http://www.cai.com/products/inoculateit/inoculateit_prodinfo.htm
Does anyone have any comments on any of the above? Anyone know of a product
I missed?
(B) On-access scanning of files being served over the network
I would like to be able to check selected file types (i.e., extensions) for
viruses when they are accessed over the network. In other words, when a user
reads or writes an .EXE or .DOC file, I want it scanned for known viruses, to
keep Joe Blow from infecting the whole network. This might be a less through
scan then (A), because we want to keep resource usage as small as reasonably
possible. I suspect the implementation would be tricky for both technical and
license reasons. I have been unable to find any product which can do this.
(C) Scanning of email attachments as they come into the system
I would like to be able to scan email attachments as the messages come into
the system, to prevent things like Melissa and LifeStages from propagating
though our systems. I located one tool, a GPLed utility with the name of
AMaViS <http://www.amavis.org>, which will use a third-party scanner to do
this. While I like the idea, the implementation has had several remote root
exploits so far, so I think this might not be the best tool to use. I would
welcome suggestions of alternatives.
(D) Scanning of files downloaded from the web through the Linux gateway box
I would like to be able to scan all files downloaded through the web for
viruses. This presents a few problems, but I believe it should be relatively
easy to accomplish. Indeed, I had hoped to see hooks in Squid to invoke a
third-party scanner in the manner of AMaViS, but did not find any when I
looked.
We're quite willing to accept commercial products, provided they are of good
quality and get the job done. After all, we're going to be using a commercial
virus scanner anyway; a few more commercial products do not concern me.
Comments? Suggestions? Ideas?
--
Ben Scott <[EMAIL PROTECTED]>
Net Technologies, Inc. <http://www.ntisys.com>
Voice: (800)905-3049 x18 Fax: (978)499-7839
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
