[unisog] New virus - not caught by central servers (fwd)
Todd K. Watson
tkw at southwestern.edu
Tue Jul 27 03:20:55 GMT 2004
On Mon, 26 Jul 2004, Marty Hoag wrote:
> > Has anyone considered a policy such that if a virus alert is medium or
> > higher, to shut down email flow (or, at least let it queue up at the
> > edge) until the virus definitions for the campus' email
> > antivirus solution has been updated?
This morning I did seriously consider letting the messages stack up on our
mail gateway until updates were released for our scanner.
> We use McAfee software and when they rate something medium
> or higher they include an "extra.dat" (supplemental
> signatures) file immediately.
My concern is that we've been burned the last 2 weeks by virii which have
been classified as "low risk" by the major vendors (McAfee, Symantec,
Sophos, etc). By the time they increased the status to "medium risk" and
the new rules were released, we were already being hammered. I think a
more real-time release of definitions is beginning to become necessary. I
understand the problems associated with releasing updates too often, but
as much as we are paying for our AntiVirus licenses, I expect there to be
a better release model than the existing one.
Todd K. Watson
Senior System & Network Administrator
Southwestern University, Georgetown, TX
tkw at southwestern.edu || TEL:512.863.1508 || FAX:512.863.1605
More information about the unisog