[unisog] New virus - not caught by central servers (fwd)

Marty Hoag Marty.Hoag at NDSU.NODAK.EDU
Tue Jul 27 02:40:27 GMT 2004


> Has anyone considered a policy such that if a virus alert is medium or 
> higher, to shut down email flow (or, at least let it queue up at the 
> edge) until the virus definitions for the campus' email 
> antivirus solution has been updated?

    We use McAfee software and when they rate something medium
or higher they include an "extra.dat" (supplemental
signatures) file immediately. Our policy is to add the extra.dat
to our e-mail scanners until the normal emergency signatures
are issued (which can take an hour or few). The system
administrators set up scripts and procedures to allow our
security officers to install and remove the extra dat as
well as force an update (but we have the scanners checking
frequently).




More information about the unisog mailing list