[Dshield] Slightly OT
cbyrum at erp.com
Thu Nov 29 17:58:18 GMT 2001
On Thu, 2001-11-29 at 04:55, Graham Dodd wrote:
> I would appreciate comments and suggestions on the following:
> I am going to setup virus scanning on the mail server (Linux), but I'm not
> sure about the pro's and con's of the two general options. I can setup an
> SMTP Store-Forward with a scan before forwarding, or modify Sendmail.cf to
> run a scan in "realtime" before delivering the mail.
> Any thoughts on the good or bad points of these 2 options ?
I personally skipped them both. We fooled around with NAV on our main
exchange server for a while, and I tried sendmail+realtime scanning. We
found that we didn't have the time, so we signed on with mailwatch
It has its problems, but I'll be damned if it doesn't solve a lot more
than it introduces. These guys take over your MX, so email always goes
through them, and then is forwarded on to you. They'll even queue it up
if some idiots at your ISP screw up your router settings... ahem...
There was one odd thing that happened... We actually had somebody (I'd
say rather maliciously), connect directly to our exchange server and
inject viruses to all the email addresses on our webpage(Original
BadTrans). The virus scanners on the individual machines caught it, but
it certainly gave me a scare.
Just another thought. I don't know if this would be cheaper or anything,
but it certainly has had a low TCO.
Good lord, I've just rambled... :-P
> All comments gratefully received
> Graham K. Dodd
> Prokurist / Director of Operations
> Falk & Ross GmbH
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see: http://www1.dshield.org/mailman/listinfo/dshield
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 232 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20011129/f74e1374/attachment.bin
More information about the list