[unisog] Request Opinions on Anti-Virus Software

Jason Richardson A00JER2 at wpo.cso.niu.edu
Sat Jun 4 23:41:11 GMT 2005


We are also site licensed for McAfee and we're mostly running version 8
with some 7 and even 4.5.1 mixed in here and there.   We run CLAM AV at
the gateway.  I'm sure that some of the malware would be getting by
because that's the nature of the beast with signature based AV
detection/prevention but when we started blocking ZIP files at the mail
gateway (and others but ZIPs have made the biggest difference by far)
about 6 months ago the occurrence of viruses on admininstrative campus
PCs dropped off dramatically.  Blocking ZIPs has easily been the most
effective thing that we have done to stop virus infections on our
campus.

---
Jason Richardson
Manager, IT Security and Client Development
Enterprise Systems Support
Northern Illinois University
Voice: 815-753-1678
Fax: 815-753-2555
jasrich at niu.edu

>>> AJTIRDIL at salisbury.edu 6/3/2005 6:25:58 PM >>>
Hello Andy,

At Salisbury University, MD...we are also have the same AV license and
run the mcafee update server locally.  There has been one situation we
encountered where McAfee didnt have the updates out in time and many
campus machines got infected.  So I guess it has not been a big issue
for us.  However we have a frontdoor firewall that has AV capabilities
(Fortigate-800) and it catches a lot of the HTTP/SMTP viruses
in-transit.  Plus our mail system scans itself, so thats double the
mail
protection.

One thing I would be curious to know is the version you are using, all
our students and university owned systems are running McAfee
Enterprise
8.0i  I see a good improvement in detection over the 7.0 series
(especially non-virus types of stuff like adware/spyware).

-Alex T
Salisbury University

>>> andy at umbc.edu 06/03 5:16 PM >>>

Hi, folks.

UMBC has a site license McAfee Anti-Virus software and a server on our
network that mirrors DAT updates.  We've noticed that we are
frequently
seeing malware infecting campus systems well before (sometimes several
days) the DAT update that handles the problem appears.

Has anyone else had similar problems?

How do other McAfee users feel about it?

Symantec users: How do you feel about Symantec?

We're trying to decide which way to go for AV software.

Opinions, gripes and grumbles welcome and encouraged.  Please respond
to
the list in case anyone else is facing the same issues.

Thanks,

- Andy Johnston

---------------------------------------------------------------------------
** Andy Johnston (andy at umbc.edu)         *                            

 **
** IT Security                           *PGP key:(afj2005)
4096/1BB51DFA**
** Office of Information Technology, UMBC* 88 CA 0D 45 C2 0E 0B 0F 3F
55 **
** 410-455-2583 (v)/410-455-1065 (f)     * 7A BD FE 3C 84 6F 1B B5 1D
FA **
---------------------------------------------------------------------------

_______________________________________________
unisog mailing list
unisog at lists.sans.org 
http://www.dshield.org/mailman/listinfo/unisog 
_______________________________________________
unisog mailing list
unisog at lists.sans.org 
http://www.dshield.org/mailman/listinfo/unisog


More information about the unisog mailing list