[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Blocking viruses in your linux box.

Subject: [cobalt-users] Blocking viruses in your linux box.
From: "Ing. Ernesto Pérez Estévez" <ernesto@xxxxxxxxxxx>
Date: Tue Apr 3 01:29:01 2001
Organization: Agilweb - Cuenca - Ecuador
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Sorry for the long mail but I think it'll help.

I know this one is not the best solution, but it's very easy to implement:

http://biocserver.cwru.edu/~jose/iloveyouhack.txt

Please, READ the comments (#) as you MUST put TABS instead of spaces in some
places. Otherwise it won't work

It's not the solution to all problems. But it helps to stop the spreading of
some of the today's most common patterns. It's very simple and can be
implemented in a few minutes. If you think it's too complicated for you or you
can't implement it for whatever reason, please contact me off-list so I can help
you.
-------------------------------- the second part -------------------
One of the best solutions is to implement some kind of avirus for linux. I'm
using amavis and it's working, stopping most of the viruses (well... new
viruses, not yet in the AV scan algorithms can penetrate).

The only problem with amavis is that they don't offer the AV engine, they just
call, let's say: macafee virus scan for linux (they can use several antivirus
for linux), to check the attachments. The good thing for amavis is that they can
check attachments compressed (zip, gz, arj, arc, lhz, zoo, rar, etc), mime
encoded, uuencoded, or in whatever form, they uncompress/decode them and then
they check the attachment. If it's infected amavis stops the delivering and send
an informative mail to the sender, to the system root and, optionally, to the
receiver, telling them that the message is infected.

Problem (1): you need to purchase an copy of the desired antivirus (I suggest
macafee).

Problem (2): You have to create a script to download (every 6 or 12 hours) the
latest virus info from your antivirus provider. It's not a big issue for
macafee. They offer for free the latest .DAT.

If you need help implementing amavis, please, contact me off list, I'll try to
help you in my spare time (if my wife let me to).

Best regards

Ernesto Pérez

PS: There are some viruses for linux. It's not common and usually those viruses
doesn't have the spread of the DOS viruses. When I write about "antivirus for
linux", what I'm saying is that most of the AV companies, compiles their
binaries to check DOS viruses from within a linux box. Let's say you're using
samba to share some linux/unix directories, then you can, from within that box
automagically check that directory (containing DOS binaries) against DOS
viruses.

Amavis, simply, extracts (and optionally uncompress) an attachment to a
directory, and order the AV program to check that extracted DOS binary against
viruses. If the AV program returns 0 then no virus is present. If returns
anything but 0, then, depending on the AV program it's because a virus is
present, the file couldn't be checked or some other error/situation (amavis
knows what the return codes means). Finally amavis deletes the extracted DOS
file to save disk space.

Disclaimer:
I've no relation with amavis, nor with sendmail, it's only that I use their free
services/binaries to create an antivirus shield. Oh... I also have nothing to do
with macafee nor NAV nor any antivirus company. I'm just trying to help.

References:
- Re: [cobalt-users] Banning Email
  - From: johnm
- Re: [cobalt-users] Banning Email
  - From: Steve Werby

Prev by Date: Re: [cobalt-users] RaQ3 Mail Problem
Next by Date: RE: [cobalt-users] Relay question and Postgresql question
Previous by thread: Re: [cobalt-users] Banning Email
Next by thread: [cobalt-users] Root access on XTR

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index