(none)   anomy-list@mailtools.anomy.net
/ help / lists / applications / search /
 

Re: Re: OpenAntiVirus

From: Rick Johnson (
60435@xyz.molar.is)
Date: Sun 27 Oct 2002 - 01:08:50 GMT

  • Next message: Mail Delivery Subsystem: "Returned mail: Host unknown (Name server: nichenetworks.co: host not found)"

    "Szucs János" wrote:

    > The answer is: why?
    >
    > OpenAntivirus in its present state seems to be very-very far from being a
    > reliable solution.
    > What about virus definition files for it? How often are they released?
    > What about the detection of macro viruses?

    Are you speculating or speaking from experience or documentation?

    > Do not forget that you are going to find a virus scanner for E-MAILS: you
    > have never heard about an e-mail virus one day and the next day it infects
    > thousands of machines.
    > I think Anomy in itself is a very good tool to strengthen the protection
    > provided by commercial antivirus programs used on the client machines: by
    > removing and putting all potentially dangerous contents into a quarantiane
    on
    > the server, it gives the clients time to update the virus databases. You
    will
    > also have a chance to check the suspicious contents by more than one
    > commercial scanners before releasing it from the quarantine.
    > What would OpenAntivirus provide you in its present state? Nothing but the
    > illusion of safety. Which might make you careless.

    I think you may have missed his point. His questions was could he use
    OpenAntivirus with Sanitizer vs. a commercial product?

    Why? Like many of us, I use Sanitizer in conjunction with uvscan (others may
    use fprot, kapersky (sp?), etc) on the mail server itself. Why? Because it
    gives an extra layer of security. I quarantine all of the known dangerous
    extensions (exe, bat, vbs, pif, winmail.dat), and I virus scan those which
    can usually be considered safe (zip, doc, xls, etc). If uvscan finds a virus
    (or the potential threat) which it cannot clean, it's quarantined. If it's
    cleanable, it's defanged and sent on to the user. If clean, it's sent
    unchanged. Both the mail server and our workstations are updated nightly to
    ensure the latest is caught.

    We'd be getting the best of both worlds if OpenAntivirus worked well (and
    reliably) in this situation. Of course - it may be a conflict of interest
    for Anomy since it is sponsored (I believe) by F-Prot).

    A quick "answer", however, is as long as OpenAntivirus can be called from
    sanitizer and returns predictable result (exit) codes, then it should be
    easily adaptable. The question is (which you did raise), however, can you
    trust it as well as a commercially funded product?

    -Rick
    -------------------------------------------------------
    Rick Johnson, RHCE - 60435@xyz.molar.is
    Linux/WAN Administrator - Medata, Inc. (from home)
    PGP Key: https://mail.medata.com/pgp/rjohnson.asc



  •