[unisog] New virus - not caught by central servers (fwd)

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue Jul 27 16:53:02 GMT 2004


On Mon, 26 Jul 2004 19:04:56 CDT, Frank Bulk <bulkf at dordt.edu>  said:
> Has anyone considered a policy such that if a virus alert is medium or
> higher, to shut down email flow (or, at least let it queue up at the
> edge) until the virus definitions for the campus' email antivirus
> solution has been updated?

Some of us are doing a million messages a day under normal loads - if we do a
stand-down for 8 or 12 hours, it will be several *days* before we get the
backlog squared away (as we've found out the hard way when we've had a
several-hour outage).  And quite often, restarting isn't trivial (after one
outage, we got into an oscillation state - we'd come up, everybody with queued
mail would pound us, we'd die, we'd come up.. lather rinse repeat).

Now consider that there's an alert every several days......


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20040727/25d7f326/attachment-0004.bin


More information about the unisog mailing list