[lug] Linux Virus Firewall
rm at mamma.varadinet.de
rm at mamma.varadinet.de
Fri Jun 23 15:10:06 MDT 2000
On Fri, Jun 23, 2000 at 12:16:30PM -0600, Ian Hall-Beyer wrote:
> On Fri, 23 Jun 2000, Glenn Ashton wrote:
>
> > I don't know if this is a good idea, but as I am fighting off another
> > Oulook virus in our Windows environment I thought of the following.
> > What if there was a nice way to have a Linux mailserver upstream of your
> > Exchange (yuck) server scan and clean all the viruses from your mail.
>
> > Just wishful thinking I guess.
>
> Glenn, I've seen this sort of setup in several of the places I've worked,
> and it seems to be beneficial to have a unix-based "mail proxy".
>
Yes and no. I've seem similar installations (actually i've set up
one) but i don't really see the need for Outlook once the Unix
mailserver is running. I know, Outlook offers some proprietary
features but (IMHO) most if if not all of these could be replaced
by with free software using open protocols.
I personally don't think that virus scanners on the gateway MTA
are worth spending much time. A vew thoughts about this:
- If you run a virus scanner you rely on some company providing
the virus descriptions. Todays mail-based viruses travel much
faster than the fixups of these desriptions. Melissa or ILOVEYOU
took less than a day to reach europe. Not enough time to react.
- Public encryption of mail/http traffic is getting more and more
common (and i'm glad about this). It's impossible (i hope) to
detect 'malicious code' within an encrypted mail/webpage. So
the more 'Secure' an email/website is, the more easy is it to
smuggle in viruses and troyans.
The best place to detect malicious code is the machine that's
about to execute it. I've seen pretty good sandbox systems
running under WinOS for a decent price.
Ralf
More information about the LUG
mailing list