On Fri, 6 Oct 2000, Benjamin Scott wrote:
> Hello list,
>
> I have a question for the many sharp minds on this list.
>
will you accept one from a non-sharp mind?
> One of the concerns our customers face is virus infection on their Windows
> systems. We make extensive use of desktop-based anti-virus products, but this
> is a sub-optimal solution in many respects. Making sure everyone's desktop
> has an anti-virus product installed, configured properly, enabled, and
> up-to-date is a major headache, and not something I like to count on.
>
I assume the LUG standard answer of "run linux on the desktop" doesn't
cut it (you did mention customers). :-)
> What I would like is to be able to provide anti-virus protection at the
> Linux server, as well as on the MS-Windows desktop. This would reduce
> administration costs and make the anti-virus protection considerably tighter.
> The question is, of course: How?
>
> I see four critical areas:
>
> (A) On-demand scanning of Linux filesystems
> (B) On-access scanning of files being served over the network
> (C) Scanning of email attachments as they come into the system
> (D) Scanning of files downloaded from the web through the Linux gateway box
>
I can somewhat address C (although I'll give you my stock answers to
the others).
> In detail:
>
> (B) On-access scanning of files being served over the network
>
> I would like to be able to check selected file types (i.e., extensions) for
> viruses when they are accessed over the network. In other words, when a user
> reads or writes an .EXE or .DOC file, I want it scanned for known viruses, to
> keep Joe Blow from infecting the whole network. This might be a less through
> scan then (A), because we want to keep resource usage as small as reasonably
> possible. I suspect the implementation would be tricky for both technical and
> license reasons. I have been unable to find any product which can do this.
>
Don't use .exe or .doc files? (oh, right customers - I know it's a
flip answer, so don't flame me)
> (C) Scanning of email attachments as they come into the system
>
> I would like to be able to scan email attachments as the messages come into
> the system, to prevent things like Melissa and LifeStages from propagating
> though our systems. I located one tool, a GPLed utility with the name of
> AMaViS <http://www.amavis.org>, which will use a third-party scanner to do
> this. While I like the idea, the implementation has had several remote root
> exploits so far, so I think this might not be the best tool to use. I would
> welcome suggestions of alternatives.
>
Procmail can do some of this. Here's a procmail formula I got for
scanning & fixing vbs attached to e-mail:
:0 Bf
*!^X-Loop: viruscheck
*^Content-Disposition:[> ]+.*[Aa]ttachment.*\.[Vv][Bb][Ss].*
|/usr/local/bin/sed -e '/Content-Disposition:/{N;
s/filename=\(.*\)\.vbs\(.*\)/filename=\1.vbs.txt\2/i;}' -e
'/Content-Type:/{N;
s/name=\(.*\)\.vbs\(.*\)/name=\1.vbs.txt\2/i;}' |
/usr/local/bin/formail -i "X-Loop:
viruscheck"
:0:
$ORGMAIL
> (D) Scanning of files downloaded from the web through the Linux gateway box
>
Tie it to an answer to B?
>
> Comments? Suggestions? Ideas?
>
>
see above. Good luck.
jeff
------------------------------------------------------------------------
Jeffry Smith Technical Sales Consultant Mission Critical Linux
[EMAIL PROTECTED] phone:603.930.9739 fax:978.446.9470
------------------------------------------------------------------------
Thought for today: banner ad n.
Any of the annoying graphical
advertisements that span the tops of way too many Web
pages.
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
