We use vfind as well, and are very happy with the product and the support
we get. My company runs a commercial service protecting email from viruses,
and since it's based on qmail I thought it appropriate to mention it
here. If you want to 'roll your own' anti virus solution, here are some of
the
points we have found (based on 18 months worth of hard earned experience)
you should
consider.
1) Email is now the primary point of entry of viruses into most companies.
Over the last
18 months we have found that on average 1 in every 1500 emails contains a
virus. Emails
from free mail services, such as hotmail/yahoo etc, contain a higher
proportion of viruses.
2) If you only use one virus scanner, you will miss around 3% of viruses
over the course
of a year. This is because all the AV vendors have different schedules for
issuing new signatures,
and because they all find new viruses at slightly different times. The more
virus scanners you add,
the better your detection rate, but also the higher your costs are, and the
longer it takes
to scan mail. (We have currently settled on 3 scanners)
3) You have to be able to cope with all the obscure formats mail can arrive
in (recursive mime,
ZIP, binhex, microsoft propriatory etc etc) or you will miss viruses.
4) Updating your scanners with new signatures is very important. The new
breed of email viruses
spread so quickly that speed really is of the essence. For instance, the UK
was hit badly on 29th March
by the Melissa virus. However, the signatures to detect this virus were
available
at least 3 days before this date. To be truly effective, consider updating
at least hourly, if not
more often.
5) New viruses are often detected and publicised for some time before the
signatures are available.
Consider how you will deal with these threats before standard signatures are
published.
6) All AV scanners generate some false alarms, so you will need to consider
how to handle these
7) All AV scanners crash occasionally, (or worse, get into an infinite loop
and never return)
so you will need to consider how to handle this
8) You should consider training your help-desk to be virus-literate, since
they will get a large
number of queries about viruses.
9) Scanning will slow down mail delivery. To maintain the same level of
service as before, we estimate
you will need up to 10 times the current hardware (of course, if your
current hardware is not running
at full capacity, you won't need as much.
10) Linux virus scanners we have tried, and found to be good are (no
particular order):
NAI Antivirus www.nai.com
Datafellows F-Secure www.datafellows.com
Cybersoft vfind www.cyber.com
Sophos Antivirus www.sophos.com
If anyone is interested in a detailed comparison of these products, please
contact me off the list.
If anyone knows of any other linux AV products you think we should consider,
please let me know.
11) To be truly effective, you may need to dedicate personell full-time to
an anti-virus role. This
will obviously depend heavily on the size of your company.
Well, thats all I can think of off the top of my head. Hope it gives you all
some food for thought!
Alex
~~~~~~~~~~~~~~~~~~~~~~~~~
Alex Shipp
Virus Technologist
Starlabs www.starlabs.net
E: [EMAIL PROTECTED]
T: 44 1285 884400
~~~~~~~~~~~~~~~~~~~~~~~~~
-----Original Message-----
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
>Hi Jennifer,
>
>We use a commercial product called VFind, provided by a company found
>on the web here: http://www.cyber.com/
________________________________________________________________________________
This message has been checked for all known viruses by the Star Screening System
http://academy.star.co.uk/public/virustats.htm
