[unisog] Your opinion on your AntiVirus product?

Michael D. Sofka sofkam at rpi.edu
Mon Nov 28 20:51:32 GMT 2005


We run Sophos and ClamAV on the SMTP gateway, along with a number of
heuristics (no double extentions, multipart archives, .cmd .com, etc.).
A message must pass all three before being accepted.  These are all done
with MIMEDefang, a sendmail milter.

On the desktop we supply Norton Antivirus.

ClamAV and Sophos are close in the viruses they block, but there are
some differences with ClamAV, usually, catching a few more than Sophos.
But, there are times Sophos is quicker with a new virus.  ClamAV also
blocks many phishing attempts.

Norton is usually the slowest to provide patterns, but then it has a
much harder task (virus clenaup) than Sophos or ClamAV, which just need
to detect.  On the Exchange server we also run Norton.  The Exchange
server is behind the SMTP machines, which catch most viruses from
outside the WIN domain.

We also block outgoing port 25 connections from most on-campus hosts.

Despite all this, viruses do slip by.  And, there are many other virus
vectors not covered.

Mike

--On Monday, November 28, 2005 08:57:42 AM -0600 "Bartlett, Matt" 
<mbartlett at stlcop.edu> wrote:

>
> I am on the hunt for opinions of corporate anti-virus products used at
> other universities.  What do you use?  Are you satisfied with it?  What
> do you find are it's strengths and weaknesses?  Has it presented you with
> any unique challenges, or does it have features that provided you with an
> unexpected dividend?  Do you have any problems with your mobile users who
> may not connect to your network frequently enough?
>
> We are looking to replace our current Trend Micro product suite, which is
> why I'm soliciting your opinions.
>
> Here is my opinion on Trend.
> The client agent is too resource intensive, using 5 processes totaling
> approx. 25MB of system memory when idle.  It has been unable to detect
> several variants of IRCBot viruses.  It does have a nice variety of tools
> for tasks like deployment and imaging.  The real killer for us has been
> the dissatisfaction with the support provided by Trend.
>
> I'd value anyone's input.
>
> Thanks,
> Matt Bartlett
> St. Louis College of Pharmacy



--
Michael D. Sofka              sofkam at rpi.edu
C&CT Sr. Systems Programmer    Email, TeX, epistemology.
Rensselaer Polytechnic Institute, Troy, NY.  http://www.rpi.edu/~sofkam/



More information about the unisog mailing list