> Just to be contrary ;) I'll say that it depends on your objective: Viruses > tend to "stay in the system" a long time and if you've got savvy users who > already know to use a good MUA and who don't blindly click on things, then > the benefit of AV at the mail gateway is to reduce the load of looking at > the stuff. It's essentially the same benefit you get from a spam scanner. > > Alas, most of us suffer clueless users and PHB's insisting on vulnerable > clients (mostly made by guess-who) so MS' point is well-taken.
Also, in defense of AV scanning at the mail gateway, we have not had a single virus pass through to any of our recipient's mailboxes since we began using ClamAV on our gateway spam filtering servers and our main mail server (so basically we employ 2 layers of ClamAV virus scanning). Even recently, when new/unknown viruses have surfaced, the ClamAV virus signatures DB (as long as it was up-to-date) often caught viruses ahead of time; other virus scanning systems (even several commercial scanners) have not been as fortunate. A cron job updates the virus signatures DB every hour, but keeping up with the stable releases is just as important (if not more important) than keeping the signatures DB current. Newer versions of ClamAV can also snag those "phishing" emails that contain viruses embedded in HTML (something that a client AV scanner might not even catch); just one of several features not available in earlier versions of ClamAV. Probably 90% or so of personnel in a typical business environment are "non-savvy" computer users, and in our case the problems we have encountered have been 100% to blame on spyware. Unfortunately, there's no way for us to stop each and every user on our network from clicking on that "You might have a virus -- click HERE to fix it" message. It would be nice, however, if some sort of centrally-controlled "electric fence" was available to administrators; then every now and again we could give the clueless user a nice zap right before they click on one of those links. Perhaps that would teach 'em once and for all ;-) - Chris ------------------------------------------ Chris Gauch Systems Administrator Digicon Communications, Inc. [EMAIL PROTECTED] _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
