[Dshield] O/S Battles, oops, I mean discussions...

Clint Byrum cbyrum at erp.com
Wed Mar 20 17:46:27 GMT 2002

On Tue, 2002-03-19 at 21:27, Bob Konigsberg wrote:
<snip good stuff about unix vs. win>
> I perform audits of external web (and other) servers on a regular basis, but
> the bulk of the headaches we get are from worms, viruses and such that get in
> through web-mail accounts (bypassing the corporate mail server), "free"
> software (adware, spyware, infected downloads, etc.), pcAnywhere accounts with
> no login requirements, X-servers on corporate systems (xhost +), and downloads
> that aren't virus checked.  On top of that, we have field offices that order up
> their own Internet connections and don't bother to inform us, and other naive
> user tricks.

While it doesn't address your pcAnywhere problems, there are some
web-proxy based virus scanners. I've messed with this one before, and it
worked great(although, obviously, large files have a sort of high
latency on downloading):


This turns squid into a web-based anti-virus solution. It hasn't changed
much since I used it a year ago, but will probably still work fine. Of
course, you'd probably need some beefy hardware to support more than a
hundred or so active users. I had 12 users on a T1 using it, and the
PIII-600 w/ 512MB RAM that is our webcache definitely suffered(Load
averages of 3 or 4, disks going wild) during peak times. The users,
however, never noticed.


Clint Byrum

More information about the list mailing list