[unisog] What Email Attachments Do You Block?

Mark Borrie mark at gandalf.otago.ac.nz
Wed Jul 25 05:48:39 GMT 2001


How do we keep Unix upto date? Interestingly its easier than other platforms. 
I have a script that mirrors the update web site at Sophos so that the defs 
are locally available for all systems. This isn't essential, just convenient.

I then run a script that grabs the appropriate zip file, checks to see if it is 
newer than the current one and if so unzips it in the correct dir.

These scripts run daily out of cron. The only manual process is the new 
engine install each month, or an occasional emergency update.

We use a similar approach to keep the samba server up to date. (This was a 
bit more work).

Mark.

> There seems to be a lot of people using Sophos.  How do people keep the virus
> definations an dpackage up to date in UNIX?  We have done something but I'm
> interested in how other people do it.
> 
> Barry Lynam
> 
> Mark Borrie wrote:
> 
> > We do not block any types of attachments as we do not want to get into the
> > debate on what are valid ones to block etc.
> >
> > If the reason for blocking certain emails is due to viruses then I suggest
> > scanning the email for viruses.
> >
> > We currently scan most email on and off campus for viruses using inflex
> > (http://www.inflex.co.za/) and sophos (http://www.sophos.com). Sophos is
> > very good at detecting viruses, while inflex is a bit unstable in some
> > situations. I believe Sophos is working on a sendmail module.
> >
> > We use 2 linux servers as our mailhubs. One is a single processor 700 MHz
> > system and the other is dual processor 850 MHZ (or there abouts). These
> > hubs take a huge load off our actual servers and simple relay the mail onto
> > the correct server. By some DNS and router configuration we can ensure that
> > all mail to and from a particular server gets scanned.
> >
> > Yesterday we had over 75 000 mails through the hubs. I think that may have
> > been a slower day.
> >
> > Mark.
> >
> 
> --
>  Barry Lynam                            Phone: +61 7 3864 9408
>  Senior Network Engineer, Security        Fax: +61 7 3864 2921
>  Network Management                    Postal: I.T. Services
>  Information Technology Services               Margaret St Offices
>  Queensland University of Technology           GPO Box 2434
>                                                Brisbane QLD 4001
>  EMail: B.Lynam at qut.edu.au                     AUSTRALIA
> If you haven't got time to do it right, will you have time to do it again?
> 
> 


--
Mark Borrie
Systems Support Specialist and IT Security Officer,
Information Technology Services, University of Otago,
Dunedin, N.Z.
Ph +64 3 479-8395, Fax +64 3 479-5080

For information on email virus hoaxes see
http://HoaxBusters.ciac.org/



More information about the unisog mailing list