[unisog] How often to pull anti virus updates from vendors

Greg Francis francis at gonzaga.edu
Wed Dec 5 22:40:50 GMT 2001


We put in attachment filtering about a month ago and it has been very
successful at blocking BadTrans and Goner. The filtering is at our Sendmail
gateway servers with our Exchange servers protected by NAV for Exchange.
Yesterday we got hit with Goner on our Exchange servers because someone got
it through another means besides campus e-mail (perhaps ICQ). It then hit
our Exchange servers pretty hard because NAV's definitions weren't out yet.
Out of the hundreds of infected Goner messages blocked, one coming through
through another mechanism resulted in more than 19,000 infected messages on
Exchange.

Of course, if people would THINK before opening the attachments, we would
have had only limited damage.

What we're doing now is adding attachment blocking directly on the Exchange
servers to hopefully prevent this same problem from occurring in the future.

There definitely needs to be multiple layers of defense. Anti-virus software
is just one of those layers.

Greg

on 12/5/01 12:46 PM, Paul L Schmehl at pauls at utdallas.edu wrote:

> I think the new worms are a testament to the uselessness of reactive
> technology like antivirus software.  At UTD, we simply bounce mail which
> has attachments with extensions on our "banned" list.
> 
> So far, we've had one BadTrans.b infection and no Goner infections.  In
> November, we had five infections campus wide; four Funlove and one
> BadTrans.b.
> 
> When something new like Goner comes out, I don't give it much thought
> frankly.  I can't recall the last time a virus impacted our campus in any
> significant way.
> 
> Paul L. Schmehl, pauls at utdallas.edu
> http://www.utdallas.edu/~pauls/
> Supervisor, Support Services
> The University of Texas at Dallas
> AVIEN Founding Member
> 

-- 
Greg Francis
Sr. System Administrator
Gonzaga University
francis at gonzaga.edu
509-323-6896



More information about the unisog mailing list