[lug] Linux Virus Firewall

rm at mamma.varadinet.de rm at mamma.varadinet.de
Fri Jun 23 15:10:06 MDT 2000


On Fri, Jun 23, 2000 at 12:16:30PM -0600, Ian Hall-Beyer wrote:
> On Fri, 23 Jun 2000, Glenn Ashton wrote:
> 
> > I don't know if this is a good idea, but as I am fighting off another
> > Oulook virus in our Windows environment I thought of the following.
> > What if there was a nice way to have a Linux mailserver upstream of your
> > Exchange (yuck) server scan and clean all the viruses from your mail.
> 
> > Just wishful thinking I guess.
> 
> Glenn, I've seen this sort of setup in several of the places I've worked,
> and it seems to be beneficial to have a unix-based "mail proxy".
> 

Yes and no. I've seem similar installations (actually i've set up
one) but i don't really see the need for Outlook once the Unix
mailserver is running. I know, Outlook offers some proprietary
features but (IMHO) most if if not all of these could be replaced
by with free software using open protocols.

I personally don't think that virus scanners on the gateway MTA
are worth spending much time. A vew thoughts about this:

- If you run a virus scanner you rely on some company providing
  the virus descriptions. Todays mail-based viruses travel much
  faster than the fixups of these desriptions. Melissa or ILOVEYOU
  took less than a day to reach europe. Not enough time to react.

- Public encryption of mail/http traffic is getting more and more
  common (and i'm glad about this). It's impossible (i hope) to
  detect 'malicious code' within an encrypted mail/webpage. So
  the more 'Secure' an email/website is, the more easy is it to
  smuggle in viruses and troyans.

The best place to detect malicious code is the machine that's 
about to execute it. I've seen pretty good sandbox systems
running under WinOS for a decent price.

 Ralf






More information about the LUG mailing list